Arrival and Registration
Opening Address: The Disco Ball Principle
Lauren Beukes, award-winning, internationally best-selling author
International Keynote Speaker Threat Intelligence
Rebekah Brown, threat intelligence lead, global services, Rapid7
Threat Intelligence helps you make decisions about how to prevent, detect, and respond to attacks - and with a little time, effort, and planning, it can be implemented without breaking your budget. This talk covers the fundamentals of effective threat intelligence and how to determine what levels and aspects of threat intelligence to focus on given our team, time, and goals. It will also discuss how to identify the best open source, free, and low-cost intelligence resources for your organisation and how to integrate them into operations.
- An understanding of what threat intelligence really is
- Ideas on how to incorporate it into their information security programmes
- Budget-friendly threat intelligence tools and resources
Watch this Space
Networking and Refreshments
Secure cloud computing
Vuyani Jarana, chief officer, Vodacom Business
Cloud computing presents a new IT service delivery model that allows users to interact and consume their business applications on-demand, allowing scalability, elasticity of virtualised resources over an IP based network. With great and compelling benefits which cloud computing presents, new risks and opportunities for security exploits are also introduced. Compliance with standards, policies and controls becomes an essential consideration around protecting and safeguarding your business systems and mission critical data. Business and IT management should equip themselves with cloud security framework and controls to understand, analyse and mitigate these new risks.
Getting physical with cyber
Walter Lee, head of innovation management office: global safety division, NEC Corporation
Cyberwars are occurring with state-sponsored attacks and fake-news. The key issue with cybersecurity is the poor state of affairs with digital identity. Can you be sure you are dealing with the right party? Will your identity be stolen? The future lies in using the latest biometric technologies to secure your digital identity. It is the fusion of cyber and physical, where your physical identity and cyber identity are fused as one.
- Intensification of state-sponsored attacks
- Integration of cyber and physical security domains
- Interagency Collaboration is critical
Launch SS17HACK More hackathons for infosec skills development – more about why hackathons and why SS17HACK
Tiyani Nghonyama, COO, Geekulcha
Lunch and Networking
Industry Perspective A false sense of information security
Manuel Corregedor, COO, Telspace Systems
Information security and, more specifically, cyber security, has moved up the list of risks faced by organisations over the past few years. This has resulted in organisations and executives becoming increasingly accountable for ensuring information security risks are adequately managed within the organisation.
Manuel Corregedor says although organisations look great on paper, in reality their controls are not adequately implemented to deal with the latest threats and vulnerabilities. Additionally, there is always a disconnect between what the organisation's management believes is in place and what the operational teams actually have in place.
Corregedor will discuss the dangers of implementing information security controls as part of just another "check box" exercise. He will then provide practical guidance on how companies can implement information security controls that are risk/threat-driven.
- How not to implement information security
- Practical guidance on how to achieve a good baseline of information security
- Quick wins attendees can implement tomorrow
Industry Perspective Turning the tables
Herman Young, Group security officer, Investec
The blogosphere and news media is awash with comments like "assume breach" and "they will always get in, it's just a matter of time", especially after a major breach. The breach in question was also almost always the work of very sophisticated attackers, making the task of defending an enterprise seem daunting if not near impossible to most of us.
This is known as the "defenders' dilemma", where the conventional wisdom states that an attacker only needs to get lucky once, while a defender needs to be lucky all the time.
But all is not lost. What if we could find ways of turning the "defenders' dilemma" into the "attackers' dilemma", where the defender only needs to get lucky once, while the attacker needs to be lucky all the time?
- Hear stories about lessons learned
- Get practical advice on how detect an attacker on your network
- Find out why you need not fear the 0-day
- Get some code to make life harder for attackers
- See some myths busted
Threat-centric strategies for attack detection
Jacques Louw, director, MWR Security
The talk is based around the evolution of cyber-security strategy, from control-centric, through asset-centric, to a modern threat-centric approach. I'll be discussing how these approaches differ, and build on each other, and how they can be used to more effectively help large organisations counter modern targeted attacks. I use practical examples to explain the different approaches and make sure it is not stuck in the theory too much.
This threat-centric strategy then drives a specific approach for prevention and response, but especially for attack detection. I will outline an approach for attack detection that focuses on human capability (as opposed to the pervasive focus on technology in the industry), born from knowledge about the attack techniques used by real world groups to perpetrate large breaches - and especially those that target direct financial assets (or unlimited cash-out operations).
I will introduce the core concepts of Threat Hunting and outline the high-level elements that are required to do this effectively. I will then outline a maturity model that can be used to support a shift from "SOC Alerts" to Threat Hunting within attack detection teams.
Industry Perspective South Africa Under Attack
Stieler van Eerden, cyber security specialist, Standard Bank
As technology has evolved, access to the Internet is sprawling in South Africa and the African continent. More people have got access to the Internet than ever before and underpinning the success of the Internet lies many cracks. It is therefore no surprise to see the exponential upwards trajectory of Cybercrime. My talk will provide a first-hand account from the front lines on fighting Cybercrime in South Africa (also very relevant to other geographical areas), going after the bad guys and taking them out! The talk will also explore the impact Cybercrime has on society as experienced in South Africa and what we can do as professionals to protect ourselves and our communities.
Street fighting mathematics for FinTech fraud combat
Nithen Naidoo, CIO and co-founder, Snode
Fraud and compromise indicators lie scattered across your heterogeneous architecture; like fragmented puzzle pieces, hiding the "bigger picture". Traditional approaches to identify such nefarious activities are often retrospective. Mathematics, combined with real-time cyber intelligence, may hold the key to a more proactive detection mechanism. Uncovering the unknown unknowns, disclosing emerging threats, and defeating evasive attackers.
- Mathematical approach to predict fraud and enable a proactive response
- Lessons learnt using mathematics to empower threat and fraud detection
- Solution using both dimensions in a single algorithm and consolidated view
Industry Perspective Changing the behaviour of users to minimise its security threats
Janine van Niekerk, OMEM CST: IT service design and transition, Old Mutual Life Assurance Company
Organisations are facing an increase in information security related breaches and are continuously trying to defend themselves against critical threats. One of the main causes of organisational security threats is human behaviour.
- This talk will outline the results of a behavioural study performed in an organisation based on Ajzens theory of planned behaviour, in particular, naïve behaviour.
Industry Perspective Threat management 2.0
Peter Oeschger, head of information technology, The South African Bank of Athens
Dealing with the total onslaught of organised criminal attacks aimed at a financial institutions requires a multi-pronged approach, starting with pre-emptive steps and monitoring working all the way up to offensive countermeasures and cyber deception.
Track two starts
Thought Leadership Security, subterfuge and not enough cents
Maiendra Moodley, head of department: financial systems and processes, SITA
Security practitioners are continually inundated with surveys, whitepapers and vendor/analyst motivations relating to why the latest technology option will mitigate their greatest threat. Trying to find a way through this meandering maze of justifications is complicated by an intersection of the need for business alignment, operational priorities and the ever present reality of shrinking budgets. What should the shrewd, yet insightful CISO, do, beyond considering a career change?
- A systematic series of practical steps which delegates can use to practically unravel and communicate both the value proposition and a series of tips/techniques that will help them manage the balancing act.
Industry Perspective Digital security for managing risk and cyber threats within digital business
Maganathin Marcus Veeraragaloo, chief advisor, information security, Eskom
Digital transformation is the profound and accelerating transformation of business activities, processes, competencies and models to fully leverage the changes and opportunities of digital technologies and their impact across society in a strategic and prioritised way – how do you secure all of this? Security leaders must understand the risks associated with business unit innovation, and balance the imperative to protect the enterprise with the need to adopt innovative technology approaches.
- Develop a vision for risk and security management, based on establishing trust and resilience for their digital business.
- Adopt a strategic objective of risk and the security programme to encompass the new realities of digital business
- Develop and evolve an adaptive, context-aware enterprise security architecture
Industry Perspective Build a security strategy for Ekurhuleni Metro - how to
Phannuel (Fani) Malebye, security officer, Ekurhuleni Metro
The ICT Department of the Ekurhuleni Metro embarked on a project to create a security strategy. We will explain how we created the security strategy using the following 3 steps
- ICT Strategy (Why)
- Systems Master Plan
- Smart City initiatives
- Unified Command Centre (UCC)
- ICT Phylosophy (What)
- Methodology (How)
- Standards used – ISO, NIST, Cobit and ITIL
- Policies and standards created
- How far are we as a Government entity with our security strategy
- Share our challenges and achievements with our peers
- We need feedback from peers and experts on possible improvements
Thought Leadership Incident Management, cyber forensics, and investigation - Perspective from the African Continent
Yusuph Kileo, managing director, National Cybersecurity Forum (Tanzania) and board member, Africa ICT Alliance (AfICTA)
Most of organisations fail to do a proper incidence management when Cyberattacks happens - handling evidences and investigate incidence forensically for them to be accepted in court is one area most organisations and law enforcers need to be well trained. The workshop will provide an insight of how to professionally manage incidents and detailed end to end forensic investigation methodology.
- Take a systematic approach to investigations
- Take into account the nature of the case, instruction, and tools while planning the case
- Apply standard problem-solving techniques
- Document the forensics report
Thought Leadership Capability and capacity building for cybersecurity in South Africa
Joey Jansen van Vuuren, manager of the Cybersecurity Centre of Innovation, CSIR South Africa
The shortage of Cybersecurity Capability is a worldwide phenomenon: companies and citizens are left vulnerable to a lack of cybersecurity skills. Governments across the globe initiated several programs to alleviate these shortages. South Africa is not an exception and initiatives have been launched locally to develop new capabilities. A key step is the availability of formal training and qualifications in cybersecurity. This presentation will focus on the Cybersecurity Centre of Innovation's initiatives for the establishment of new qualifications for South African Higher Education institutions.
- Delegates will get informed on the proposed dedicated cybersecurity qualification that will soon be available
- Opportunities for industry to support qualifications will be discussed
- Give industry the opportunity to set their requirements and give input to curriculums
What have you got to lose?
Andre Joseph, information security architect, Oracle Presales South Africa
IT professionals say their top concerns for adopting cloud are related to security. As organisations transition from traditional computing to cloud, public or private, they are additionally challenged with maintaining a consistent security posture as well as complying with local laws and regulations for keeping data protected. But what are the ways that your data can be compromised? And what is the balanced view of where security controls should be applied in your environment? Join Oracle for a discussion on data-centric security, both on premise or in the cloud.
Track Three starts
The enterprise immune system: using machine learning for next-generation cyber defence
Eleanor Weaver, country manager, Darktrace
From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defence is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis.
Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new 'immune system' technologies are capable of learning the 'self' of an organisation. By analysing every network, device, and user, and modelling them as they go about their day-to-day activity, the enterprise immune system can establish a highly accurate understanding of normal behaviour. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.
Rules and signatures are not keeping pace with today's rapidly evolving cyber-attacks. The enterprise immune system represents a fundamental step-change in automated cyber defence, is relied upon by organisations around the world, and can cover up to millions of devices.
In this session, learn:
- How new machine learning and mathematics are automating advanced cyber defence
- Why 100% network visibility allows you to detect threats as they happen, or before they happen
- How smart prioritization and visualization of threats allows for better resource allocation and lower risk
- Real-world examples of unknown threats detected by 'immune system' technology
The new front: securing operational technology (ICS | SCADA) networks
Tommy Thompson, lead consultant – OT cybersecurity, NClose
The threat landscape to Operational Technology (OT) systems today is riskier than ever. As cyber-criminal gangs become better funded and more efficient, so to do they become more successful at compromising OT Systems. The types and severity of these attacks are increasing year on year, and it is no longer a case of "IF" but "WHEN". Traditional thinking around OT systems Cybersecurity has to change as the risk to a cyberattack is no longer restricted to certain sectors, the risk now transcends all sectors
- Understanding the switch from old OT networks (a.k.a Air-Gapped) to the interconnected OT networks of today
- An outline for collaboration between the IT and OT teams
- Understanding the increased risks to OT Networks and what we can do to mitigate them
- An outline for OT Cybersecurity basics - segmentation | whitelisting | security training
Detect attacks by combining UBA, deception, and EDR
Rhys Vincent, lead security solutions engineer EMEA, Rapid7
It’s challenging to build out your incident detection and response programme when you’re wading in alerts and expected to cover cloud services, contractors, and remote workers. In this session, Rhys Vincent will cover best practices from Rapid7’s Incident Response team and share how orgs are combining detection technologies to find intruders earlier in the attack chain.
Key Learning Points:
Review the top attack vectors behind breaches
- How security teams are using user behaviour analytics today
- The role of deception technology in a complete detection strategy
- Why the endpoint matters, and not just for detection
- Rapid7’s approach and vision for incident detection and response
The exploit talk
Dino Covotsos, founder & CEO, Telspace Systems
We take a look at the path your exploit code takes before AV detects it, as well as which AV's are the most stringent and what it takes to evade them.
Industry Perspective Web content filtering using DNS in a distributed and mobile world
Kevin Wilson, general manager IT services, Stefanutti Stocks Corporate Services
How web content filtering and security is evolving from the legacy UTM approach to a distributed DNS approach. DNS is a key factor in your future security posture. Machines outside your corporate network pose a large risk. Reponses to threats need to be faster, and mechanisms need to agile and able to leverage internal and external information. This is an overview of the path we have travelled and the new approach we are taking to address this challenge in our company.
Thought Leadership Part one: Home-grown cybersecurity capability and technologies
The cybersecurity market has grown tremendously over the past decade, and will continue to experience rapid expansion in the years to come. This is due to the growing concern with cybersecurity as the cyber-threats and attacks increase and complexity and sophistication. At the same time, the increases investment in broadband connectivity and development of mobile technologies continues to excel in the 21st century, especially in developing countries, such as South Africa. Nevertheless, the popularity and extensive adoption of mobile devices by the general public have created many opportunities for cyber criminals. Moreover, it is estimated that there is a large shortage of cybersecurity skills in world and even more in developing countries such as South Africa, making it difficult to adequately respond to various cyber security challenges.
- Experience local cybersecurity solutions to local problems
- Gain awareness about the home-grown cybersecurity capabilities in South Africa
- View technical demonstrations of these capabilities using use case scenarios relevant to various business environments
- Understand potential opportunities of collaborating with the CSIR (as the National and non-profit R&D hub of South Africa)