Dr Zulfikar Ramzan

RSA

AI and Cybersecurity

Busting Myths and Charting a Realistic Course for the Digital Future.

As more companies have started to implement artificial intelligence (AI) and machine learning (ML) in their businesses, cybersecurity professionals have also begun to consider how these technologies will affect their industry. While AI and ML hold great promise for automating routine processes and tasks and accelerating threat detection, they are not a panacea. This session will demonstrate what these technologies can and can’t do in a cybersecurity program through real world examples of possibilities and limits. 

Attendees will learn: 

• What AI & ML really offer cybersecurity in the coming years.

• How to fold the risks associated with these systems into their overall risk posture so that you know you are spending dollars intelligently.

• Real-world examples showcasing the tech’s prospects and restrictions.

Bernard Montel

RSA

Security Orchestration automation & RESPONSE

Transform your SOC from good to great by being proactive and organized, with RSA Netwitness Orchestrator 6.0

During this session, you will learn why SOAR is today an important piece of an advanced Security Operation Center.

You will learn how a SOAR solution can improve the SOC productivity by reducing the complexity of analysts tasks introducing Orchestration and Automation.

You will also understand why Threat Intelligence combined with Advance Case Management will add the crucial context needed to manage a complete incident properly.

Amy Blackshaw

RSA

Finding the Unknown:

User Behavior and Machine Learning

In an era of ever-expending attack surface, especially due to the recent surge of remote workers, protecting against threat actors – from commodity malware, insider threats, and crimeware, to state sponsored exploits, hacktivists and terrorists – has become increasingly complex. Disconnected silos, and short of consistent data format across prevention, monitoring detection, or investigation technologies continue to fall short in detecting and seeing the full picture. Too often organizations are relying upon rule based detection and have not yet embraced a data science driven approach. This session focuses on the machine learning capabilities of RSA NetWitness UEBA, and how they can help you discover the advanced and targeted attacks that your signature-based tools miss. You’ll learn how RSA NetWitness UEBA uncovers unknown, abnormal and complex, evolving threats by picking up on anomalies in user behavior.

Erik Kovács

EURO ONE

The proactive defense

Threat hunting from network traffic

Good to have reactive defense mechanism in your infrastructure. You can detect the evil if you know how does it look like.

But what, if you do not know, how does it look like?

Then comes the proactive defense! Don't wait, until the evil brings down your company, hunt it down from network traffic!

Gergely Lesku

EURO ONE

The age of the SOC Builder.

A SOCWISE story.

It’s hard to overrate the pressure on cybersecurity teams today. More threats, more vectors, smarter criminals & more money in stake. Also the years when CE region was not target is over: every day brings a new ransomware in Central Europe as well. BUT: there’s help out there and it’s not the Jedi order, but we also have the force. Meet SOCWISE the ASOC which uses the latest weapons like UEBA & SOAR; builds upon MITRE ATT&CK framework with a team of 15 years of experience. We built many powerful SOCs and SIEMs, and we are ready to share what weapons to use and how to do it, to avoid becoming a front page story as a victim of a breach.

Péter Hüvelyes

EURO ONE

Measure to Enable Growth

SOC Maturity Assessment

It is a natural need to measure the maturity of a capability as the result provides precious information for multiple topics. Just to mention a few, how good the capability is in its current state, whether development is needed to reach a desired status, or if a development plan should be adjusted. The presentation introduces an approach for assessing the maturity of the cyber security incident detection and response capability in a manner that is aligned to internally recognized directives and best practices. It provides an overview about the assessment process, the interpretation of the results and presents an RSA Archer-based implementation of the assessment.

Gábor Szabó

Keep Calm and Respond

Practical Guide to Cyber Security Incident Response

The supporting technology and toolset of a SOC have changed rapidly over the last decades as the deepening offensive techniques require continued conformation on the defense side. Nonetheless, the basic elements of the cyber security incident response process remained unaltered. The presentation provides an overview about these vital steps that are essential for an effective cyber security incident detection and response capability. In addition, it highlights enabling factors as well as potential areas that can be utilized for enhancements.

Zoltán Izsák

CISA, EURO ONE

Identity management

(IDM) project – from start to completion within 1 hour

My ambitious attempt aims to show you how RSA IGL can be implemented with basic functionalities within just 1 hour! I will cheat as I will use prepared data and out-of-the-box workflows in general but main IDM aimed use-cases will be covered.

Róbert Pintér PhD

Reacty Digital

The future of humanity is full of mystery.

Nowadays our outlooks are variable and enigmatic. What will happen to us in the near future? How is it gona be look like? I will try to answer these questions. The presentation will cover the main sections of the humankind choices and chances in our future. For example how the artifical intelligence affects for the humankind and what will happen to IT security in the future? What are the major trends at the social level that will affect it? Interesting questions, ha? It is also important to talk about where enterprise IT security is likely to go in the future and how will affect to our world and manpower.

Boldizsár Bencsáth PhD

Ukatemi Technologies Kft.

ICHIDOKU

Increased Network Visibility and Beyond

In my talk I will present the Ichidoku tool for increased network visibility. I will shortly talk about the motivation behind the tool, the the basic design concepts are covered.

I will present the main features of the system (device inventory, network flow inventory, physical topology, vulnerabilitzy identification, alerting and anomalzy detection), the integration possibilities with other systems, namely RSA netwittnes and discuss some interesting connection with the MITRE ICS Att&ck framework.