I recently had the opportunity to be on the advisory committee for TechJuncion 2016, a technology conference geared towards security and server management. It is hosted annually right here in the heartland of America, and the best part is that it's free to attend! Here are some of the highlights:
Passwords Suck: A Platform Approach To Securing Enterprise Identities
Presented by: Centrify
This presentation advocated single sign-on software. Statistics for password theft show that 63% of breaches were due to compromised accounts.
Ransomware: All Locked Up With No Place To Go
Presented by: Kaspersky Lab
Kaspersky Labs outlined how businesses can protect themselves against ransomware through backups, updates, and anti-virus programs. Kaspersky offers
System Watcher and
Automatic Exploit Prevention as security tools to prevent against ransomware. Current statistics of ransomware are available in Verizon's 2016 Data Breach Investigations Report - see below for the link.
Defending Against Modern Malware
Presented by: WatchGuard Technologies, Inc.
WatchGuard delivered a sobering speech about modern malware. They stated that modern malware is moving from signatures to binary patterns. For example, ransomware uses bitcoins for payment, and is almost impossible to track. They also identified three different cyber attacker profiles: Hacktivist, Cyber Criminal, and Nation State. The good news is there are websites that monitor attacks and breaches (see Other Websites section below), and WatchGuard has designed a solution to break the Cyber Kill Chain (see their PDF presentation below).
Why Do You Need DR?
Presented by: Zerto, Inc.
Zerto started the presentation by pointing out that disasters are both natural and operational. Disaster recovery planning should include backup, redundancy, impact/urgency considerations, and should turn a disaster into a non-event.
Innovation Matters
Presented by: SimpliVity
Simplivity defined innovation as a means to improve on a service based on current needs. They used Netflix as an example of how they capitalized on Blockbuster's current movie rental service by catering to current and future business trends, and changing the way the service is delivered.
Hyperconvergence is today's way of innovating by combining several functions into one delivery method. An example of hyperconvergence is how phones evolved from just a device to make calls, to smart phones, which can browse the web, track fitness goals, display the current weather, and so much more. Hyperconvergence allows us to virtualize server, data, network resources to optimize delivery and reduce duplication.
Keynote Presentation: Surviving Security Groundhog Day
Presented by Ron Woerner • Director & Professor, Cybersecurity Studies at Bellevue University
This speaker deserves special accolades, as he has been the driving force behind my pursuit of a Master's degree in Cybersecurity. Prof. Woerner indicated that technology has advanced to IoT (Internet of Things), but security isn't getting any better. Humans are still the weakest link, and complacency is a big culprit. He reassured the attendees that security never has to be 100%, just good enough, but you need to have an iron-clad contract for cloud services to be secure. His motto: If you SEE something, SAY something!
Thanks for all you do, Coach.
Resources
Verizon 2016 Data Breach Investigations Report
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
IT Policy Compliance for Dummies
https://www.qualys.com/dummy-pc
PCI Compliance for Dummies
https://www.qualys.com/dummy-pci
Web Application Security for Dummies
https://www.qualys.com/dummy-was
Vulnerability Management for Dummies
https://www.qu alys.com/dummy-vm
Other Websites:
Data Visualizations (Ex: data breaches)
http://www.informationisbeautiful.net/
Malc0de Database - an updated database of domains hosting malicious executables
http://malc0de.com/database/
Norse - an interactive map of attacks
http://map.norsecorp.com/
WatchGuard Presentation
http://schd.ws/hosted_files/trivalentgroupsolutionsexpo2015/5b/WatchGuard-%20Defending%20against%20Modern%20Day%20Malware.pdf