Team Symposium Topics: 

How to Thwart Attackers 
with Deception

Navigating the Path to Cloud Security Maturity

Tuesday, October 2, 2018 – 10:00AM to 3:00PM — Grand Hyatt New York

#IANSNewYork #IANSEvents

IANS Team Symposiums bring together information security leaders and practitioners for a dual-track educational seminar that addresses current challenges.

The day will begin at 10:00 a.m. with attendees choosing to participate in one of the two sessions below.

How to Thwart Attackers with Deception

Deception is an effective tool to detect adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network undetected unless we put something in the way to entice them into making a mistake.

To that end, deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside (or are working their way in).

Deception differs from traditional detection in that every alert is actionable (unlike most alarms in the SIEM). It also differs from threat hunting, largely for the same reason. When properly deployed, deception techniques offer defenders 100% actionable alerts by offering attackers opportunities too good to pass up.

Technologies covered in this symposium include:

  • DNS Honeypot entries
  • SMB Honeypots
  • Database Honeypots
  • Honey accounts - phishing responses
  • Honey domain accounts
  • Honey tokens

By the time you leave this symposium, you’ll be armed with newfound knowledge to take back to your organization and implement. From there, you can take the fight to the bad guys.

jake-williams

Jake Williams

IANS Faculty

 

Navigating the Path to Cloud Security Maturity

Securing the cloud is fundamentally different, yet there are very few guidebooks or clear methods to ensure adequate protection. Leading-edge organizations are doing amazing things with cloud-native and DevSecOps approaches, but they’ve matured their security operational capabilities the hard way.

The urgency is clear. Cloud is happening in your organization, whether you know it or not. Given the intractable skills gap and the move towards business-driven technology innovation (implemented by Shadow IT), the future is now. And you can either get on the cloud security bus or find yourself under it.

In this fun and enlightening 5-hour symposium, you will learn to build secure and resilient cloud-based applications and infrastructure that blow away what you can do in traditional environments. We will map out a three phased approach for maturing your cloud security operations and leave with very clear objectives and milestones to implement in your cloud. We also will discuss cutting-edge secure cloud design patterns, and understand how to leverage native cloud features, from networking and identity management through application security and serverless architectures.

Points for discussion include:

  • The Securosis/IANS Cloud Security Maturity Model
  • Being cloud native versus a cloud tourist
  • Best practices to set up a secure cloud environment
  • How serverless functions enable continuous cloud security
  • Implementing Guardrails around your Cloud
  • Securing the Continuous Deployment Pipeline
  • Practical Automation (DevSecOps)
  • Market tested design patterns for logging/monitoring
  • Consistent multi-cloud visibility and control


Mike Rothman

Mike Rothman

IANS Faculty

Rich Mogull

Rich Mogull

IANS Faculty

This event is for IANS clients and invited guests — there is no vendor sponsorship or presence.


*This Symposium is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Symposium to any entity or individual. IANS’ receipt of a registration application does not constitute acceptance. Individuals from Information Security Solution Providers (software, hardware, and consulting companies) are not eligible to attend. Symposiums are open to IANS clients that are Credential Holders and qualified Information Security Practitioners identified by IANS.