CONTENTS OF LECTURES 2021
Applications of blockchain technology in financial institutions
During the presentation Luka will talk about some real and potential use cases of blockchain technology. Special emphasis will be placed on where and how we can use blockchain technology in financial institutions. He will talk about how we can use blockchain technology for better protection of customer data and controls to reduce fraudulent activities.
Can we fight the next war completely in the cyberspace?
In 2016, at the Warsaw Summit, NATO recognized cyberspace as an operational domain together with land, sea, air, and space. Heraclitus more than 2000 years ago said that “War is the father of all and king of all”. War seems to be “curse” following humanity since its early beginning and will probably follow until the bitter end. Based on that observation it is safe to say, that war is constantly evolves, as humanity evolves and sometimes drives the technological advances. Today, cyberspace is a reality. While most of the people have a vague and mostly mistaken idea of what the cyberspace is, we have already shifted most of our activities into cyberspace, and this will not stop. Of course, in such global environment, military operations could not be the exception, and already we have clear examples were cyberattacks were used alongside conventional operations, or as “a weapon of choice”. NATO has already identified that “Cyber attacks present a clear challenge to the security of the Alliance and could be as harmful to modern societies as a conventional attack”.
War has a sole purpose; one entity will force another entity to accept certain terms, which normally the latter would not. Furthermore, every military operation has some distinct characteristics, which have remained the same throughout the ages. For example, you need clear, certain, and achievable goals, or you need to “discover” the focal point of the opponent, which – if taken out the equation – could lead to victory. Since the basic principles will remain the same, the weapons that an opponent will use to achieve them are not that important.
Cloud security: containers and microservices
In part 1 of Cloud security basics we barely scratched the surface talking about challenges IaaS and PaaS bring altogether. Common idea is that microservices architecture helps enterprises release software faster, update software more frequently, onboard new features more quickly, utilize and scale to insane amounts. However, many things don't end as advertised, so in part 2 we'll see what we are facing with.
Common cyber-security misconceptions
Nowadays, business is intrinsically linked to the Internet, thus it is crucial to understand threats in the online environment. Every few months we read about a major hack, which most of the time leads to data breaches affecting millions of people. Those attacks are growing in number and sophistication and preparedness are some of the major obstacles we are all facing.
In order to better protect ourselves and consequently the companies we work for or own, we need to be clear on some pre-existing common cyber-security misconceptions. Debunking those misconceptions held by far too many end-users, shall unravel our view and increase our awareness of this confusing topic.
Enable your productivity cloud for secure external sharing
Information protection consists of 3 main area: data discovery and identification (Know Your Data), taking protective measures based on classification and labeling (Protect Your Data) and data loss prevention (Prevent Data Loss). In his presentation Zsolt Bátorfi will share best practices on how to set up and deploy Microsoft Teams and SharePoint Online infrastructures for secure external sharing and collaboration.
Entry into SCADA penetration testing
European Data Protection & the EDPB
During the presentation, Mr Karadjov will address how the EDPB works and how it contributes to the consistent application of data protection rules across the EEA. Special emphasis will be placed on how the EDPB strategy and work programme will help guide the EDPB’s work in the years to come and how it will help create a more consistent understanding of the key concepts and processes in the GDPR and the cooperation and consistency mechanism in particular.
Following information flow
Aleksandar prepared a walkthrough on how to use Classificaton tool, DLP tool, DB Security, Rights management and SIEM in conjungtion to be able to follow an information (electronic form) from the moment it enters the company till the moment it goes out. All logs from the flow could be used with SIEM to produce alerts and reports for moniyoring.
Implementation of SAST (Static Application Security Testing) and DAST (Dynamic Application Security testing) in SDLC
Businesses are affected on a daily basis because of growing cybersecurity threats. Application security has to be taken into account in SDLC (Software development life cycle). In this session we will talk about how we implemented DAST and SAST security testing in our application development process.
Improve security with M365 in a small business environment
Small business companies are the most common form of business. In such companies, the tools of the Microsoft 365 platform are very often used for collaboration and LOB. These kinds of companies, don't have enabled all security features, what platform offers, and can be targets for various security breaches. With a few simple configurations, we can raise the level of security to an acceptable level of risk. 2FA, polices, disable mail forwarding and control of sharing data are key configurations that are easy to set up and
drastically increase security.
For many Security Operations Center (SOC) teams, finding malicious activity inside the network is like finding a needle in a haystack. They are often forced to piece together information from multiple monitoring solutions and navigate through tens of thousands of daily alerts. SOC analysts are usually required to search for indicators of compromise (IoCs) within network, cloud, and endpoint environments. They then need to drill-down into findings to validate the breach and plan their response. The results in many cases, and also in the sunburst hack case, are that critical attacks are missed until it’s too late. In the sunburst case, organizations found out about this internal threat when it was too late, a few months after the attack started and they were already seriously damaged…
Key things to consider when designing and planning server rooms/data centers
There is a saying “The cloud is just someone else's computer”. And that computer is, most of the times, in a data center. We want that computer to be always available, secure and stable. To achieve that, there are certain requirements and considerations that need to be met when designing and building data centers.
In Luka’s presentation, he will give you a high-level overview and some guidelines on how to achieve this requirements and how this facilities are designed from a critical infrastructure standpoint. He will also try to bring closer to you what critical infrastructure systems there are in a data center and raise awareness of all the other systems behind the curtain that are enabling smooth and carefree operation of your services in the data center (electrical systems for uninterruptible power, mechanical and cooling systems for cooling the servers, monitoring systems, energy efficiency, etc.)
Main emphasys of this presentation is to introduce cybersecurity professionals to concepts of critical infrastructure on which all of their services rely heavily on.
Live response, forensics and breach analysis of an Oracle database
Pete will explore all of the high level issues and process involved in responding to a breach or possible breach of an Oracle database. This involves building a team and performing incident response. A formal process must exist and be followed. Live analysis of the database can be complex and Pete covers this with guidance. Forensic analysis of the gathered artefacts is next. The responder must build a time line of events and evidence and checksum these to prove in court. Pete will cover all aspects of a breach response and also will show some data and examples.
Optimum Security with automated processes
Assume that endpoint protection is satisfactory. What is the reason for investing in additional solutions in addition?
The vast majority of threats need to be automatically identified at the earliest point in the counter-attack chain and the necessary countermeasures taken, and the smaller the overall impact of the threats on resources and the extent of the damage to our wallets. The majority of security incidents (approximately 90%) are immediately addressed by a good EPP solution and do not occupy either the EDR solution or security personnel who can focus on more advanced and therefore more dangerous threats.
What about the remaining, much more dangerous 10% of pests?
These are called evasive, targeted, complex, advanced attacks (ATP). These can also be defended at the network level (yes), but more effectively and above all at cheaper endpoints !!
Much more information is already needed here for effective defense.
• What is the alarm environment?
• What measures have already been taken in relation to the alert?
• Is the detected threat still active?
• Have other hosts been attacked?
• What route did the attack take?
• What is the actual root cause of the threat? At what endpoints did it start?
Oh, and it would be nice to react to the incident as soon as possible: (Response). Pld:
• Automatically quarantine files that can be associated with a complex threat at each endpoint
• Automatic disconnection of infected hosts from the network for the purpose of examining damage alert data related to a rapidly spreading threat
• Prevent the malware file from running and spreading on the network for the duration of the scan
Achieve your optimum level of cybersecurity with managed protection and cloud-enabled endpoint detection and response
The Future of Transport: Exploring the security risks
Transportation is a critical factor that influences economic growth all around the world. With the help of innovative technologies and IoT (Internet of Things), the transportation sector is transforming into a more connected and more autonomous system. As a matter of fact, projections indicate that the transportation industry will experience more changes in the next 30 years than we have seen in the last 100 years.
However, these advancements and the increasing dependence on IT present a broader attack surface for bad actors.
The World’s First Autonomous Breach Protection Platform
Get End-to-End Breach Protection, Regardless of Your Security Team Size and Skill. Cynet XDR natively unifies NGAV, EDR, NDR, UEBA and Deception technologies with completely automated attack investigation and remediation on a single, intuitive platform. Backed by a 24/7 Managed Detection and Response service. Cynet provides comprehensive protection of the environment for even the smallest security teams.
To patch, or not to patch, this is the question
Supply chain attacks represent an extremely significant threat to organizations. Everyone is in danger as they affect every link in the chain and any type of business indiscriminately. Supply chain attacks are usually a consequence of the information a company shares with suppliers. As this is necessary, it is easy to imagine how compromising a link in the chain can lead to the leak of confidential information and to the compromise of other actors in the same chain.
In this talk we will explore how supply chain management and cyber security are strictly connected, what is the role of the humans and what are the best practices for improving security.
Vendor Risk Assessment using AI and Machine learning
"Data is a new oil”. In today’s era, the companies use Business Process Outsourcing more than ever. They share their most precious assets, their crown jewels, their data. How to be sure, that data will remain secure and not misused to an unwanted party.
In the presentation, Nebojsa will depict the concept of Vendor Risk Assessment using AI and Machine learning. This concept can radically increase speed of the assessment and to be more affordable than manual assessment managed by risk assessment experts.
In the presentation, it will be explained some of Google AI services like Cloud Vision and how they can help document recognition and classification using natural language processing using APIs to classify, extract, and enrich documents.
Vuln Hunting Using Python AST
Application security engineers and vulnerability hunters often search code for specific strings or patterns as a starting point for vulnerability discovery. In this talk I aim to show how searching raw code can be improved upon by searching Python abstract syntax trees. We used such techniques at Bitstamp security team to help us discover codebase specific patterns which are otherwise hard to search for. These patterns can be used to improve SAST automation which you might already use in your CI/CD pipeline. I will opensource a simple proof of concept AST scanner for searching custom AST patterns with some code structure awareness.
What is your cyber risk appetite?
In this presentation Jurica will present options on how the companies and organisations are treating risks they are facing and how this correlates with their risk appetite.
ROUND TABLE: Kako lahko CIO in ponudniki IT storitev še izboljšajo sodelovanje?
ROUND TABLE: Kako reševati trenutne izzive pri vodenju informatike?