Agenda

Date and TimeTitle
Apr 1, 2021 (Brussels)
9:00am - 9:30am
Detection and Response in 2021: Where to Focus for Effective Business Protection

With so many predictions, celebrity threats, and ransomware fiascos, it’s often forgotten that there are key fundamentals of Detection and Response that will help drive significant maturity in your organisation’s infosecurity programs. From knowing what assets and intellectual property you have, who may want it, and how attackers could access it, to what you’re doing as a business to prevent, detect, and respond to threats and breaches. Join Rapid7’s Chief Security Data Scientist, Bob Rudis and Head of Detection and Response for EMEA, Ellis Fincham as they discuss areas where businesses should be focusing their energy to effectively protect their employees and assets. They will also share a few war stories they’ve experienced when this focus lapses! What you will learn:

• How to mitigate common cyber risks and challenges of cloud migration

• Explosion of the edge and the impact of shifting to remote working

• The implications of the growing number of applications to enable workforces and support customers

• Recommendations on what to focus on given the pace of change as you migrate to the cloud

Apr 1, 2021 (Brussels)
9:30am - 10:00am
Three key techniques threat actors will use on your network

If we reflect on the cybersecurity news of 2020, it is clear that determined threat actors are using carefully planned and sophisticated attack techniques to breach the networks of target organisations. We believe that 2021 will be no different. In this seminar, you will learn three key network-based techniques that threat actors will employ during a typical attack on a target environment.

Join Dan Crossley, Enterprise Sales Engineering Manager, LogRhythm, to gain insight into how the following attack techniques operate, enabling you to enhance your own threat hunting and detection approaches:

- How attackers establish Command & Control (C2) communications and infrastructure

- How Domain Generation Algorithms (DGAs) work and why they are used

- How attackers can exfiltrate data via DNS tunnelling

Apr 1, 2021 (Brussels)
10:00am - 10:30am
Keynote from Phil Scully: 'Future of Cyber Security – It’s Personal'

Phil Scully, the CIO at Costa covers the personalisation and payment futures for businesses and identity management.

Apr 1, 2021 (Brussels)
10:30am - 11:00am
Security Telemetry: Detection as Code

See firsthand how to utilize a cloud-native security analytics system built on core Google infrastructure to understand the increasing amounts of security telemetry data in your organization. Learn how to investigate threats and attacks within your own network at the speed of a Google search and use security analytics as a force multiplier for threat hunting and incident response.

Apr 1, 2021 (Brussels)
11:15am - 11:45am
Securing the Future of Work with Cyber AI

The future of work remains unpredictable and uncertain. More than ever before, business leaders need to remain confident that their operations can continue securely in the face of global or even regional crises, and while sections of the economy are slowly re-opening, cyber-attackers are ramping up their campaigns.  

As businesses look set to rely on cloud and SaaS tools for the long term, our digital environments are going to be more dynamic than ever. Yet organizations are finding themselves undergoing a delicate balancing act—each new work practice and technology that is introduced also brings unforeseen risk. Static, legacy approaches have become redundant, both unintelligent and ill-equipped to adapt.  

Organizations must rethink their approach to security, and rely on new technologies like AI to achieve much-needed adaptability and resilience. Darktrace is the world leader in cyber AI technology, and leverages unsupervised machine learning to seamlessly adapt and integrate into changing environments, and to detect and respond to attacks in the earliest moments.  

In the face of an uncertain present and future, Cyber AI enables businesses to continue communicating, operating, and innovating.

Andrew Tsonchev

Director of Technology, Darktrace

Andrew is a technical expert on cyber security and advises Darktrace’s strategic customers on advanced threat defense, AI and autonomous response. He has a background in threat analysis and research, and holds a first-class degree in physics from Oxford University and a first-class degree in philosophy from King’s College London. His comments on cyber security and the threat to critical national infrastructure have been reported in international media, including CNBC and the BBC World.

Apr 1, 2021 (Brussels)
11:45am - 12:15pm
To Trust, or Not to Trust the Cloud; That is Your Compliance and Risk Question

Many organziations struggle with digital transformation and cloud computing particularly when implementing a framework to meet their compliance requirements. In this session, we will discuss a framework and operational approach to support you to move your business forward delivering quality services balancing cost and risk.

Apr 1, 2021 (Brussels)
12:45pm - 1:15pm
Ransomware Defence for Small Teams: Critical Steps to Defeating Ransomware

Ransomware is getting worse, and everyone is telling you that you must be prepared, but how? Large enterprises operate 24x7 security operations center – that is not a business option for a small team. Build your own security data lake or deploy a SIEM – we cannot find the people to hire to run them, and if we did, we could not afford it. So what is a small team supposed to do? This presentation will help small teams understand what is essential and offer paths forward to build a more robust cyber security program. Topics covered include:

• The five critical items you need to do now to protect your organization from ransomware attacks

• The strengths and weaknesses of endpoint and network security and where each fit in your defense.

• Emerging services models to boost your defenses, including software as a service, managed security services, and managed detection and response

For mid-and small-sized businesses with limited resources, this webinar will help define what is important and how to better protect your organization.

Apr 1, 2021 (Brussels)
1:15pm - 1:45pm
Live Q & A Keynote from Ljubica Pendaroska - 'Privacy concerns and companies' data ecosystem: Reflection in the contemporary & post pandemic mirror'

Vaccine passports, digital green certificates, the way back to office work, employees health status, location and contacts data, just a few question marks above one’s head. While, at the same time, companies are struggling to guess the privacy’ implications for their business drives. 

It is evident, more than ever that profitable operations are inextricably linked to smooth data transfer across the Globe. Combined with the enormous volume of personal data collected for the public safe sake, what an explosive amalgam it could be! Does anyone could be sure what’s going to happen with the data once the pandemic is over? The privacy agenda, “torn somewhere between” the updated Standard contractual clauses, the Adequacy Decision regarding EU and UK data sharing and Transatlantic talks on Privacy shield, puts on the table few data protection issues to talk about: what motivates companies to do the “right thing” when it comes to data collection and transfer aside of high fines? What’s the economic value associated with the company’s privacy investment? In an intensively digitalized world, what EU Data Localization effects might have for the business productivity?

Stay tuned to inspire and to let yourself be inspired by others’ thoughts.

Apr 1, 2021 (Brussels)
1:45pm - 2:15pm
Secure Your Apps from Four Common API Attacks

APIs will account for 90% of attack surface area for web applications this year1. Developers and attackers gravitate towards APIs for similar reasons: they’re flexible, suited for automation, and exchange critical data. As API footprint and functionality grows, so does their appeal to attackers. Proactive API protection must be a key priority in your application security strategy. Security experts Jimmy Mesta and Rob Gibson will demonstrate tactics to stop four common API threats: - Account takeover (ATO) - Enumeration - Content scraping and probing - HTTP verb tampering

Apr 1, 2021 (Brussels)
2:25pm - 2:55pm
Supplier Assurance: 7 Steps to Reduce Your Cyber Risk

Are your vendors safe to do business with? This question is one that many organizations have trouble answering. If you’re not sure which vendors you work with, how you work with them, or if they have the right safeguards in place – you’re not alone.


Ultimately, the goal of any third-party risk management program is to reduce vendor risk. This is easier said than done as risks come from many angles, whether it’s data breaches, compliance
violations, ethical concerns, or countless other issues. A well-run vendor risk management program eliminates these uncertainties and offers risk managers the clarity they need to feel confident when outsourcing key tasks to vendors.


So, how do the most successful TPRM programs reduce vendor risk?


Key Takeaways:
• The most common threats and risks when managing vendors
• How to prioritize risks and take an efficient mitigation approach
• Practical steps to mitigate your more pressing vendor risks
• How to build automated mitigation workflows across key stakeholders
• Risk reduction best practices developed by leading risk management professionals
• Lessons learned when building vendor risk management programs

Charles Allen

CIPP/E, InfoSec Consulting Manager

Charles Allen serves as a InfoSec Consulting Manager for OneTrust VendorpediaTM– a purpose-built software designed to operationalise third-party risk management. In his role, Charles advises companies throughout their third-party risk management implementations to help meet requirements relating to relevant standards, frameworks, and laws (e.g. ISO, NIST, SIG, GDPR and CCPA). Charles works with clients to centralise their third-party information across business units, assess risks and performance, and monitor threats throughout the entire third-party relationship, from onboarding to offboarding.

Apr 1, 2021 (Brussels)
3:00pm - 3:30pm
Keynote from Shawnee Delaney, CEO, Vaillance - 'From Spies to Social Engineers; How the Human Factor Leaves You Vulnerable'

– How both spies and social engineers work similarly to target you and your employees to gain access to your organization’s most sensitive data
– How your employees may unintentionally be insider threats
– Unique techniques foreign intelligence officers (spies) and social engineers use
– What motivations and vulnerabilities you have that can leave your company vulnerable
– Why managing the entirety of the employee lifecycle is important to mitigating insider threats
– How your company’s culture can affect insider threat

Apr 1, 2021 (Brussels)
3:30pm - 4:00pm
Exposing the Dangers of Poor Password Management With Security Intelligence

The continued effectiveness of certain threat actor tools is in part due to poor password hygiene. There is no honour among thieves, and some of these tools have been cracked, allowing any interested cybercriminal to use them at a cheaper price than offered by the original seller — or even completely free. Checkers and brute forcers are among these popular tools sold and shared on the criminal underground to validate credentials quickly and easily.

Apr 1, 2021 (Brussels)
4:00pm - 4:30pm
Continuous Controls Monitoring for End-to-End Cybersecurity Visibility

 If you’re like most organizations, you are heavily invested in the right set of security tools to help you keep ahead of rapidly evolving threats and compliance requirements. However, managing those tools is incredibly complex and time-consuming. How are you able to see coverage gaps with the security tools you are using? How do you know if the tools you have implemented are actually doing what you and your customers think they should be doing? What you need is a single solution that continuously monitors and reports on your security controls that can be easily managed from a single interface, integrates with your cybersecurity tools, and maps to the standards and frameworks that matter to your business.

Join Shimon Becker, VP Product and Co-Founder Cyber Observer, to gain insight into how Cyber Observer with Continuous Controls Monitoring (CCM) empowers you to establish a measurable benchmark of cyber hygiene, continuously close critical security gaps, and advance your cybersecurity posture.

Apr 1, 2021 (Brussels)
4:30pm - 5:30pm
IT Security threats that should be keeping your company awake at night

Hackers don't think like the rest of the population, which is why they are able to spot weaknesses that everyone else just walks right by. Learn how to significantly reduce your risk to the most prominent attacks that your company faces so that you can sleep more peacefully at night, from Bryan Seely, world-famous hacker, Cybersecurity expert, author and former U.S. Marin