Team Symposium Topics:
IAM Strategies that Work:
Vendor-Agnostic “How-To” Guidance
How to Thwart Attackers
Thursday, November 1, 2018 – 10:00AM to 3:00PM — Sheraton Centre Toronto Hotel
IANS Team Symposiums bring together information security leaders and practitioners for a dual-track educational seminar that addresses current challenges.
The day will begin at 10:00 a.m. with attendees choosing to participate in one of the two sessions below.
IAM Strategies that Work: Vendor-Agnostic “How-To” Guidance
But throwing money at the identity problem won’t help without a well-thought-out strategy. It takes a concerted, multi-disciplinary approach to comprehend the many technologies, policies, and processes to create, define, and govern identity and access management – not only today, but across long-term innovation and operation.
Led by security innovator and practitioner Aaron Turner, this interactive 5-hour event is designed to give you immediately useful, vendor-agnostic guidance. It combines presentation, discussion, and peer conversation in an environment that is both fast-paced and casual
Points for discussion include:
- Scoping the IAM challenge
- Building a compelling identity business case for establishing holistic Identity Governance
- Securing the resources (technology, processes, and policies)
- Identity correlation; privileged account management; federated identities
- How to deconstruct outdated IAM processes and technologies
- Moving to OAuth and OIDC from Kerberos and other legacy technologies
- External influences on IAM strategies (GDPR, PCI, etc.)
- Bridging the difference between short-term and long-haul requirements
- Delivering near-term value while building towards your long-term strategy
- How to make training investments to build the best IAM team you can
How to Thwart Attackers with Deception
Deception is an effective tool to detect adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network undetected unless we put something in the way to entice them into making a mistake.
To that end, deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside (or are working their way in).
Deception differs from traditional detection in that every alert is actionable (unlike most alarms in the SIEM). It also differs from threat hunting, largely for the same reason. When properly deployed, deception techniques offer defenders 100% actionable alerts by offering attackers opportunities too good to pass up.
Technologies covered in this symposium include:
- DNS Honeypot entries
- SMB Honeypots
- Database Honeypots
- Honey accounts - phishing responses
- Honey domain accounts
- Honey tokens
By the time you leave this symposium, you’ll be armed with newfound knowledge to take back to your organization and implement. From there, you can take the fight to the bad guys.
Founder, Rendition Infosec
This event is for IANS clients and invited guests — there is no vendor sponsorship or presence.