Events

  • GovernmentWare 2012 - Conference Programme



    Day 2: 26 September 2012, Wednesday
    Conference Track: STRATEGY AGAINST APTs - Creating Leverage via Innovation
    Venue: Compass West 1+2 Ballroom (Basement 2)
    Time: 1345 - 1430 hrs

    Topic: Advanced Threats versus "Old School" Technology
    Speaker: Ward Holloway, Vice President - Business Development, FireMon

    Traditional network-based security technologies like firewalls have been all but dismissed as effective against advanced threats. In fact, in many conversations, prevention as a security strategy against advanced threats has been dismissed in favor of accepting compromise and focusing on detection and remediation.

    However, this defeatist attitude is neither accurate nor useful. In fact, very basic security technologies, when configured correctly, can have a tremendous effect on preventing advanced threats from successfully completing their goal. Recognizing one of the key attributes of an advanced threat, its multi-step attack vector nature, offers one advantage to a security practitioner; multiple steps at which to detect and prevent the attack.

    This talk with dissect several key attributes of advanced threats and discuss how analysis and configuration of existing security controls can be effectively employed to strengthen defenses against these threats.
     



    Day 2: 26 September 2012, Wednesday
    Conference Track: INDUSTRY UPDATES/SOLUTIONS
    Venue: Pisces 2 (Level 1)
    Time: 1155 - 1225 hrs

    Topic: Caution While Cutting Through The Mobility Hype
    Speaker: Rob Forsyth, Director, Asia Pacific, Sophos Computer Security

    The year 2011 was characterized by major data breach and targeted attacks on high-profile companies and agencies. Cybercriminals diversified their targets to include new platforms, as business use of mobile devices accelerated. And we saw a number of politically motivated “hacktivist” groups take the media spotlight, even as the more common threats to our cyber security grew. In 2012, we’ll need to be ready for attacks on new platforms and devices-all the places we use data for work and our personal lives.
     

    Day 3: 27 September 2012, Thursday
    Conference Track: STRATEGY AGAINST APTs - Practical Objectives in Future-Proofing
    Venue: Theatre (Basement 2)
    Time: 1345 - 1430 hrs

    Topic: Trends in Next-Generation Threat Protection to Counter APT Attacks
    Speaker: Ashar Aziz, Founder, CEO & CTO, FireEye, Inc.

    95% of organizations are compromised with advanced malware, zero-day, and targeted APT attacks. This session examines the How and Why this is possible, trends in the threat landscape, and the way advanced targeted attacks are able to penetrate traditional defenses. Attendees will engage in an interactive learning session about the strategies and tactics cyber-criminals are now using to steal their valuable IP and data. In addition attendees willas well as learn about the latest threat prevention technology that works to stop advanced persistent threats embedded within Web traffic, ‘spear phishing’ emails, and file-based attack vectors.

     

    Day 3: 27 September 2012, Thursday
    Conference Track: STRATEGY AGAINST APTs - Practical Objectives in Future-Proofing
    Venue: Compass West 1+2 Ballroom (Basement 2)
    Time: 1645 - 1730 hrs

    Topic: Cyber-Attacks and The Privileged Connection: Getting In Is Easy, How Can You Protect Your Assets Once Inside?
    Speaker: Bitan Chen, General Manager of EMEA & APAC, Cyber-Ark Software Ltd

    The last few years have witnessed an increase in the number and scope of targeted cyber attacks, presenting a real threat facing all organizations, whether commercial, defense, government or other. What constitutes a key similarity between the attacks on RSA, Google, Mitshubishi, UN and many others? The answer is privileged identities.

    The attackers hijack and exploit privileged system access to operate and achieve their goals in the network. This session will analyze several recent attacks and threats, explain how privileged accounts played a significant role and present effective mitigation and defense techniques.
     

    Day 3: 27 September 2012, Thursday
    Conference Track: AUDIT AND COMPLIANCE
    Venue: Virgo 1-3 (Level 1)
    Time: 1555 - 1640 hrs

    Topic: Compliance and the Road Ahead (Management Centric)
    Speaker: Sheung Chi Ng, Security Consulting Manager, CISSP, CISA, SafeNet Asia Ltd

    Regulatory mandates are nothing new, but in most organizations including government bodies, the pressure, cost, and effort required to sustain data compliance are reaching unprecedented levels.

    Nowadays, many compliance initiatives and security deployments are done in an isolated fashion. Heterogeneous technologies and unique policies are often applied in a decentralized manner, not consistently across the enterprise. This can create redundancy and introduce security gaps.

    In this presentation, SafeNet will illustrate:
    - The changing demands of compliance
    - Approaches to compliance
    - Core principles of legislation and mandates
    - Business benefits of the Data Compliance Infrastructure
     

    Day 3: 27 September 2012, Thursday
    Conference Track: AUDIT AND COMPLIANCE
    Venue: Virgo 1-3 (Level 1)
    Time: 1645 - 1730 hrs
    Topic: Effective Auditing Under International Regulatory Challenges
    Speaker: Ricky Ho, Regional Director, APAC, SSH Communications Security

    It can be difficult for organizations with large and heterogeneous ICT networks to protect their information across their continuum of business. After the financial crisis in 2008, enterprises are experiencing increasingly stringent compliance mandates and demand for audit reporting. Singapore, as an international city and the regional business and financial hub of Asia Pacific, has been inextricably in line with international standards of excellence.Security standards pose requirements for auditing of administrator connections, strong authentication, control and other operational data streams. Enabling visibility, auditing, alerts, intrusion detection and data loss prevention for encrypted connections become the major security challenges. Compliance mandates require encryption of critical data streams, but on the other hand require the ability to inspect the contents for intrusion detection, data loss prevention and audits. This trade-off is difficult to solve in many environments.

    The presentation from SSH Communications Security, the inventor of the SSH protocol, will discuss the international compliance trends and their impact on businesses, illustrate the next stage of technology use in auditing, show how it empowers organizations to audit all administration processes and prevent attacks; and most importantly make organizations compliant with global data security regulations in a cost-effective way.
     

    Day 3: 27 September 2012, Thursday
    Conference Track: INDUSTRY UPDATES/SOLUTIONS
    Venue: Pisces 2 (Level 1)
    Time: 1350 – 1415 hrs

    Topic: The Need for Effective Web Application Security
    Speaker: Jaeson Yoo, Director, Penta Security Systems, Inc.

    Advanced persistent threats (APTs) have created a critical need for organizations to install additional security solutions, including adequate protection for their web applications. Web application firewalls (WAFs), when properly deployed, can go a long way in promoting effective web security.

    Web application security is a major component for any effective defense strategy against APTs. In spite of this fact, most web servers around the world remain vulnerable, a fact that has not been lost to hackers and hacker groups. According to Gartner, 75% of attacks target the application layer. According to the Ponemon Institute, 93% of organizational hacked in the past two years were breached via insecure web applications.

    Worldwide web applications are a key element in our hyper-connected lives. By clearly understanding the application-layer attacks and how they can compromise our web applications, you can communicate to your executive the advantages for deploying WAFs to secure your organization's future.






    Back to Events