Team Symposium Topics: 

IAM Strategies that Work:
Vendor-Agnostic “How-To” Guidance

How to Thwart Attackers
with Deception

Thursday, November 1, 2018 – 10:00AM to 3:00PM — Sheraton Centre Toronto Hotel

#IANSToronto #IANSEvents

IANS Team Symposiums bring together information security leaders and practitioners for a dual-track educational seminar that addresses current challenges.

The day will begin at 10:00 a.m. with attendees choosing to participate in one of the two sessions below.

IAM Strategies that Work: Vendor-Agnostic “How-To” Guidance

But throwing money at the identity problem won’t help without a well-thought-out strategy. It takes a concerted, multi-disciplinary approach to comprehend the many technologies, policies, and processes to create, define, and govern identity and access management – not only today, but across long-term innovation and operation.

Led by security innovator and practitioner Aaron Turner, this interactive 5-hour event is designed to give you immediately useful, vendor-agnostic guidance. It combines presentation, discussion, and peer conversation in an environment that is both fast-paced and casual

Points for discussion include:

  • Scoping the IAM challenge
  • Building a compelling identity business case for establishing holistic Identity Governance
  • Securing the resources (technology, processes, and policies)
  • Identity correlation; privileged account management; federated identities
  • How to deconstruct outdated IAM processes and technologies
  • Moving to OAuth and OIDC from Kerberos and other legacy technologies
  • External influences on IAM strategies (GDPR, PCI, etc.)
  • Bridging the difference between short-term and long-haul requirements
  • Delivering near-term value while building towards your long-term strategy
  • How to make training investments to build the best IAM team you can
Aaron Turner

Aaron Turner

IANS Faculty


How to Thwart Attackers with Deception

Deception is an effective tool to detect adversaries that have already bypassed traditional detection schemes. These attackers will continue to maneuver in the network undetected unless we put something in the way to entice them into making a mistake.

To that end, deception arms organizations that already have a robust security program with a safety net to catch attackers who have already made it inside (or are working their way in).

Deception differs from traditional detection in that every alert is actionable (unlike most alarms in the SIEM). It also differs from threat hunting, largely for the same reason. When properly deployed, deception techniques offer defenders 100% actionable alerts by offering attackers opportunities too good to pass up.

Technologies covered in this symposium include:

  • DNS Honeypot entries
  • SMB Honeypots
  • Database Honeypots
  • Honey accounts - phishing responses
  • Honey domain accounts
  • Honey tokens

By the time you leave this symposium, you’ll be armed with newfound knowledge to take back to your organization and implement. From there, you can take the fight to the bad guys.

jake-williams

Jake Williams

IANS Faculty
Founder, Rendition Infosec

This event is for IANS clients and invited guests — there is no vendor sponsorship or presence.

v

*This Symposium is produced by IANS, which reserves the right, in its sole discretion, to limit or deny access to the Symposium to any entity or individual. IANS’ receipt of a registration application does not constitute acceptance. Individuals from Information Security Solution Providers (software, hardware, and consulting companies) are not eligible to attend. Symposiums are open to IANS clients that are Credential Holders and qualified Information Security Practitioners identified by IANS.