Embed Size (px)
Citation preview
Audit et gouvernance (Salle 521bc)
Recherche, sécurité opérationnelle et investigation
(Salle 522bc)
Solutions et technologies (Salle 522a)
7h30-8h15 Inscription + déjeuner
8h15-8h30 Mot de bienvenue avec Pascal Fortin, CEO GoSecure (Salle 520)
8h30-9h15 Gwen Beauchemin - Canadian Cyber Incident Response Centre – going forward (Salle 520)
9h30-10h15 Benoit Dupont - The cybersecurity horizon: what to expect (and to fear) in 2022
Bob Corson - How to stop attackers from scoring a grand slam with targeted attacks and advanced threats
Checkpoint - Sebastien Ferreira - How to Implement Software-defined Protection in Your Network
10h15-10h45 Pause (Salle 520)10h45-11h30 Avi Rembaum - Attack
Trends, the Need for Intelligence Integration and a Prevent-Based Security Posture
Nart Villeneuve - Patriotic Hacking to Cyber Espionage
McAfee - Michael Lawson- Find, Freeze & Fix Advanced Threats
11h45-12h30 Doug Cooke - The dramatic changes in the security landscape is driving new approaches to safeguard organizations
Chad Loeven - Operational CyberThreat Intelligence: 3 Years of Critical Incident Response Center experiences
Bit9 + Carbon Black - M-A Fitzsimmons & A. Sadeh - Evolution of Endpoint Security: Detecting and Responding to Malware Across the Entire Kill Chain
12h30-13h45 Dîner avec Ryk Edelstein - What we fail to see when our security focus is distracted (Salle 520)
13h45-14h30 Panel avec Benoit Dupont, Gwen Beauchemin et Nart Villeneuve - Cybercrime and their corporate & government victims in Canada. Trends CA5. Best response strategies working with the law, working with specialized firms, post recovery trends. Did people learn anything? (Salle 520)
14h45-15h30 Gianni Leone - The importance of constant evolution for a user organisation
Travis Barlow - The Evolution of Advanced Adversary Detection: Turning Indicators of Compromise into Proof of Compromises
Resilience - Michael J. Scanlon - Overview of Resilience’s Defense in Depth approach to CyberSecurity
15h45-16h30 Geoff Hancock - Cyber risk management
Ben Johnson - Breached: Hunting Threats on the Inside
FireEye - Ajay K. Sood - Security Reimagined – Today’s Threat Landscape is not Tomorrow’s
Mercredi 1er octobre
Audit et gouvernance (Salle 521bc)
Recherche, sécurité opérationnelle et investigation
(Salle 522bc)
Solutions et technologies (Salle 522a)
8h00-8h30 Inscription + déjeuner (Salle 520)
8h30-9h15 Cmdre Darren Hawco - The cyber threat posed to National Defence operations (Salle 520)
9h30-10h15 Alexander Rau - Current manufacturing related IT security issues
Aamir Lakhani - Casting Light on a Dark Web
Websense - Luigi Avino - Comprehensive real-time protection against the latest advanced threats
10h15-10h45 Pause (Salle 520)10h45-11h30
Marc Vael - Comment motiver les membres du Conseil d’Administration d’investir dans la cybersécurité?
Pierre-Marc Bureau - Over 10,000 infected Linux servers – what could possibly go wrong?
Symantec - Neils Johnson - Can you afford the risk? This session will demonstrate Symantec's definition of risk and address a holistic approach to protection
11h45-12h30 Keith Ferguson - Security Analytics: What does it do exactly?
Fortinet - Minh-Quang Nguyen - Next-Gen Visibility in Next-Gen Firewalls
12h30-13h45 Dîner (Salle 520)
13h45-14h30 Panel avec Marc Vael, Vincent Gautrais et Cmdre Darren Hawco - Compounding approaches or confounding the issues: reflecting on cybersecurity through the lenses of governance, government, enterprise, technology, operations and the law (Salle 520)
14h45-15h30 Vincent Gautrais - Preuve des documents technologiques
Kwame Davis - Recognizing the 7 Stages of Advanced Threats & Data Theft
TrendMicro - David Girard - In today’s world, the question is no longer "Will we be attacked?" but "When will we be attacked?"
15h45-16h30 Gaetan Houle - La loi canadienne anti-pourriel : incidence sur les relations d’affaires
Dominique Clément - Attaques DDOS sur l'infrastructure de votre réseau, comment réagir?
BlueCoat - Mohammad Kaouk - Business assurance: Another way to see security
Jeudi 2 octobre
Les conférenciers experts de GoSec 2014
Bienvenue à la 10e édition du rendez-vous annuel des professionnels
en sécurité des TI !
Palais des congrès de Montréal
33 conférenciers expertsPanels et plénières
Un rendez-vous à ne pas manquer pour suivre les nouvelles tendances !
Présenté par :
3
Les conférenciers experts de GoSec 2014
Luigi Avino Sr. Sales EngineerWebsenseComprehensive real-time protection against the latest advanced threatsDid you know that cybercriminals are changing their techniques and evolving their code to evade traditional cyber defenses? The consequences are dire. Breaches are increasing, valuable data is being stolen and organizations such as yours face greater risk than ever before. You can no longer rely upon traditional, static defenses to provide adequate protection from malware and other threats. You will learn how Websense®
Web Security Gateway Anywhere, powered by the unified Websense TRITON® architecture, outperforms all competitors by demonstrating superior web security effectiveness against both known and unknown advanced threats.
Mr. Avino has been in the Canadian IT industry for over 19 years. He spent 11 years at the McGill University Health Centre, developing their IT security practice. Mr. Avino has worked for numerous industry leading security vendors and for a Value Added Reseller. He specializes in helping organizations identify and close the gaps within their IT Security practices.
Travis Barlow VP Threat Intelligence & Active Response General Manager GoSecure AtlanticThe Evolution of Advanced Adversary Detection: Turning Indicators of Compromise into Proof of CompromisesOver the past decade the volume of attacks have increased in sophistication to the point where the industry adopted the Advanced Persistence Threat (APT) terminology (2006). While the term was fitting the industry as a whole has focused its response on defending against these so called APTs. The scope of the threat today, in conjunction with little innovation by the security industry has left organizations more than ripe for compromise. During his talk Mr. Barlow
will discuss the how the industry is now slowly focusing on detecting Indicators of Compromise when they should instead be focusing on Proof of Compromise. He will discuss the common pitfalls of this current industry trend and the challenges of detection and defense based just on IOCs and provide his views on turning IOCs into POCs.
Mr. Barlow has over 16 years of IT security experience developing technology security solutions for a variety of clients, including government, military, education, and fortune 500 companies. Prior to joining GoSecure, Mr. Barlow worked as the Director of Advanced Threat Response for an IT security firm wherein he designed and established an incident response framework and was responsible for incident response actions for a global base of clients.
Gwen Beauchemin Director, Canadian Cyber Incident. Response Centre (CCIRC) Public Safety CanadaCanadian Cyber Incident Response Centre – going forward.A brief look at where Canadian computer emergency & incident response center capabilities have emerged since its change in mandate in 2012, and what lies ahead.
Prior to joining the Canadian Cyber Incident Response Centre (CCIRC), in 2014, Mrs. Beauchemin was posted to the Canadian High Commission, Canberra Australia, as a Senior Counsellor. From 2002-2009, she was a Director at Communications Security Establishment (CSE), where she led teams in a variety of roles the IT Security Branch and the Chief Information Office, including an assignment at Public Safety Canada in 2006-7 in the Canadian Cyber Security Task Force. Mrs. Beauchemin holds an Honours Bachelor of Computer Science, Carleton University.
4
Les conférenciers experts de GoSec 2014
Pierre-Marc Bureau Security Intelligence Program Manager ESETOver 10 000 infected Linux servers – what could possibly go wrong?Windigo is the name given to an operation that has been ongoing for at least two years. More than ten thousand of Linux systems are currently infected by a piece of malware named Linux/Ebury. This malware is the backbone of the Windigo. In this operation, malware operators are using a large network of infected servers for two main purposes: sending high volume of spam and redirecting web traffic to malicious content. In collaboration with various international organizations, ESET has been investigating the Windigo operation for more than eighteen
months. In this presentation, we will describe the Windigo operation and its three main components: Linux/Ebury, an SSH backdoor, Linux/Cdorked, a set of modified web servers used to redirect web traffic, and Perl/Calfbot, a Perl script used to send spam messages. ESET has already published a technical analysis of Operation Windigo in March 2014. This presentation will give the highlights of the technical paper as well as an update on how the operators have reacted to this publication.
Pierre-Marc Bureau is responsible of investigating trends in malware and finding effective techniques to counter these threats. Prior to joining ESET, he worked for a network security company where he was senior security analyst. Mr. Bureau finished his Master degree in computer engineering at École Polytechnique de Montréal.
Dominique Clément Directeur Régional RadwareAttaques DDOS sur l’infrastructure de votre réseau, comment réagir ?Nous vous invitons à cette conférence pour en apprendre davantage sur les techniques d’attaques DDOS. Cette nouvelle réalité apporte de grands changements au niveau de la stratégie que les spécialistes en sécurité doivent prendre pour protéger adéquatement le périmètre du réseau et l’information qui y réside. La conférence inclut des exemples d’attaques, une présentation des statistiques concernant les attaques DDOS et les conclusions de l’étude « Radware’s Global Application and Network Security Report on DDOS ».
Diplômé des HEC en technologie de l’information, Dominique Clément possède plus de 12 ans d’expérience en TI. En plus d’avoir occupé plusieurs postes de gestion dans ce domaine, il a eu le privilège de travailler dans des environnements d’envergure où la sécurité du périmètre est critique. Grâce au travail effectué avec Radware, entreprise qui se spécialise en protection contre les attaques DDOS, et à son implication dans plusieurs projets de protection du périmètre réseau, M. Clément a développé une expertise unique dans le but d’aider les entreprises à se protéger contre les attaques DDOS.
Doug Cooke Director Sales Engineering, Canada McAfeeThe dramatic changes in the security landscape is driving new approaches to safeguard organizationsThis presentation will demonstrate an integration approach to security that will enable organizations to leverage multiple technologies to:• gain the visibility they need to understand their
security posture• leverage threat intelligence to thwart the
sophisticated attacks • Adapt protection mechanisms as the threat
landscape evolves.
Mr. Cooke has over 25 years’ experience in the vendor IT community in Canada holding roles in Ottawa and Toronto. His background includes mainframe transaction processing, service management and application delivery. For the last 15 years Mr. Cooke has managed the technical resources of McAfee Canada assisting Canada’s largest organizations to deploy endpoint and network security solutions. Mr. Cooke holds a Bachelor of Science – Computer Science from the University of Toronto.
5
Les conférenciers experts de GoSec 2014
Bob Corson Director, Solutions Marketing Trend MicroHow to stop attackers from scoring a grand slam with targeted attacks and advanced threatsAs tactics and techniques behind targeted attacks and advanced threats continue to evolve, having a flexible line of defense is crucial. To do so, leading organizations are enhancing their security posture with the ability to detect and respond to advanced malware, zero-day exploits and attacker behavior that is behind targeted attacks. This presentation will review the major requirements and capabilities needed for a strong cyber-defense against targeted attacks.
At Trend Micro, Mr. Corson’s focus is to help enterprises comprehend, and expediently address, the growing strategic problem of targeted attacks and advanced threats. Prior to joining Trend Micro, he led the competitive intelligence practice for Business Intelligence and Data Integration at Oracle and provided provided strategic guidance and insight regarding cloud, enterprise and emerging markets. Mr. Corson’s holds an MBA from the University of Ottawa, a Graduate Certificate in International Business from ESC Rheims as well as an undergrad degree in Economics from Carleton University.
Kwame Davis Sr. Director- Sales Engineering-Americas WebsenseRecognizing the 7 Stages of Advanced Threats & Data TheftHackers today are organized, sophisticated and committed. Their targeted attacks can easily bypass URL and AV defenses, and traditional security systems do little to prevent data theft and cybercrime call-home communications. Add to this the continued growth in SSL traffic due to Cloud apps, increased mobility and remote users, and you have the potential for “blind spots” in your defenses that hackers use to their advantage. Join us to learn more about these increased risks and sophisticated threats. It
will help you understand the signs of advanced attacks and provide insight on how you should respond—which is the first stage in stopping hackers in their tracks.
Mr. Davis is responsible for all pre-sales technical activity for the enterprise, SMB, Systems Integrator and channel business at Websense. Over the last ten years, he specialized in Internet security and held leadership positions at several start-ups. At Reflex Systems (formerly Reflex Security), he led the global pre-sales team as Vice President of the global team. Early in his career, Mr. Davis worked at various financial accounts on Wall St and moved to work as an SE in NYC working with some of the largest global financial accounts. He studied communications at Hunter College.
Benoit Dupont Professor, Director of the International Centre for Comparative Criminology, Chair Holder of the Canada Research in Security, Identity and Technology, Université de MontréalThe cybersecurity horizon: what to expect (and to fear) in 2022This presentation will explore the disruptive potential of nine technological trends from a cybersecurity perspective. It will examine in particular how the exponential growth in data, connections, flows, malicious opportunities, regulatory complexity, as well as the reduction in security by design and control of users will create a challenging environment for organizations whose mandate it is to protect the integrity of the digital ecosystem.
Through the study of several specific types of crimes such as identity theft, bank fraud, and computer hacking or telecommunications fraud, Mr. Dupont has currently invested interest in his research based on the reciprocal adaptations of technology and delinquency. He focuses on the technological ecosystems, criminals and control that favor the emergence of certain types of illegal practices and the processes by which offenders detect new opportunities and profit. He questions the methods by which criminals acquire skills, confidence, division of labor and coordination methods are at the heart of its concerns. As Canada Research Chair in Security, Identity and Technology, M. Dupont examines the policies of cyber security and the instruments that allow regulating the internet which are gradually being implemented to address the risks associated with cyber crime, cyber espionage or cyber attacks.
6
Les conférenciers experts de GoSec 2014
Ryk Edelstein Founder and CEO Cicada Security TechnologiesWhat we fail to see when our security focus is distractedWe spend a great amount of money, time and effort to assure our respective security practices comply with organizational need, best practice and regulatory obligations. Perimeter Security, file, disk and communication encryption, strong authentication, end point security suites, event monitoring and management technologies have all become common and necessary components in the construction of the typical organizational security model. Yet, despite our efforts to deliver a comprehensive approach to preventing risk at the logic level, it seems that most every security policy neglects any consideration of how we protect against risk posed by physical threat, including human error, end point theft, and tamper. As we develop highly effective protective measures to secure our digital information from logical threat, the vulnerability of active and authenticated end points becomes a sitting duck
for those who have a need or desire to access our protected digital assets. The need for active and intelligent physical threat aware technologies, and the convergence of physical threat awareness into our protective models is no longer an option, it is a necessity. Learn how active theft and tamper aware technologies can protect your mobile users, and remote end point devices from potential compromise in this session.
Mr. Edelstein has been actively involved in the IT industry since the early 80’s, and is the founder and CEO of Cicada Security Technologies. He is a veteran of the IT security service provider industry and has been involved in building practices specializing in guiding public and private sector clients in the development of secure end efficient data communication environments. Mr. Edelstein has been trained in the UK by ex-MI in technical counter surveillance, and has delivered Technical Surveillance Counter Measures services to a select client list. He is the co-author of the guide titled “Best Practices for the Destruction of Digital Data”.
Keith Ferguson Senior Systems Engineer Solera Networks, A Blue Coat Company
Security Analytics: What does it do exactly?Today’s advanced malware and zero-day attacks fly under the radar of traditional security technologies. As a result, organizations are accepting the fact that at some point their networks will be breached. That is why a shift is now underway toward a more modern strategy — a comprehensive approach that provides the intelligence and real-time analysis needed to see, understand, respond to, and fortify the network against advanced threats and targeted attacks. Security Analytics Platform closes the security gap by combining security visibility, security
analytics, and real-time intelligence for immediate detection and effective incident response. Simply put, it enables advanced threat protection and empowers you to get beyond fear and anxiety about each new security threat – and start seeing new possibilities for your business.
Mr. Ferguson possesses over 20 years of experience in Information Security, Management, Software and Systems Engineering. He is recognized as a highly skilled, highly motivated technical visionary with innovative, entrepreneurial spirit. Mr. Ferguson’s strong career allows him to transfer his deep knowledge in a unique way to any audience, regardless of the subject complexity.
7
Les conférenciers experts de GoSec 2014
Sebastien Ferreira Director Eastern Canada Checkpoint Software TechnologiesHow to Implement Software-defined Protection in Your NetworkBusiness today is driven by free-flowing information. Corporate data travels through the cloud and mobile devices and radiates through ideas and posts in social networks. BYOD, mobility and cloud computing have revolutionized static IT environments, introducing the need for dynamic networks and infrastructures. In a world with high-demanding IT infrastructures and networks, where perimeters are no longer well defined, and where threats grow more intelligent every day, we need to define the right way to protect enterprises in the ever changing threat landscape.
A new paradigm is needed to protect organizations proactively. Learn how modern security architecture powered by collaborative intelligence can assist your organization improving its security posture.
Mr. Ferreira’s background includes over 19 years of experience in IT technology in which 14 were devoted to security. Previously, he has worked as a consultant and has served as CSO for many companies in the financial fields, telecommunications providers and various government agencies. In these companies, he was involved in the set-up of many executives risk management allowing him to grow extensive expertise in the development of performance indicators and risk analysis. Mr. Ferreira joined the Check Point team in 2005 as a technical specialist and consequently allowing him to lead a team.
Mary Ann Fitzsimmons Country Manager and Director – Canada Bit9 + Carbon BlackEvolution of Endpoint Security: Detecting and Responding to Malware Across the Entire Kill ChainOver the past decade, the volume of malware produced and potentially infecting organizations, has multiplied by orders of magnitude. The scope of the threat, in conjunction with little to no innovation by traditional security vendors has left organizations like yours vulnerable. The time is NOW to expand security infrastructures to include detection and response capabilities that allow you to fully scope, contain and remediate each
threat in real-time on your endpoints and servers. Join Bit9 to discuss the emergence of endpoint malware and the new class of security solutions that can detect threats early and across more points in the kill chain.
Mrs. Fitzsimmons has more than 25 years of IT sales and technical experience, including the past 5 years focused on IT Security. In her actual role, she is responsible for driving revenue growth and regional expansion for the latest in advanced threat protection, detection and response for endpoints and servers. Prior to Bit9, she held senior leadership positions with global IT companies including CGI, IMRGlobal and Ernst & Young.
Vincent Gautrais Professeur titulaire à la Faculté de droit de l’Université de Montréal, Directeur du Centre de recherche en droit public (CRDP), Titulaire de la Chaire UdeM en droit de la sécurité et des affaires électroniques.Preuve des documents technologiquesLe changement est d’envergure : il n’existe pas une journée où la jurisprudence ne fait état de preuves présentées devant les juges qui sont sur des supports technologiques. Courriels, captures d’écran, fichiers excel, word, pdf, la liste est longue. Pourtant, et en dépit de lois qui depuis près de 15 ans sont venues modifier la donne, rares sont les décisions qui évoquent les particularités tant juridiques que techniques que ces documents présentent. Face à ces
incertitudes, tout gestionnaire diligent dispose pourtant de solutions pour augmenter la force probante de ses documents.
M. Gautrais est professeur titulaire à la Faculté de droit de l’Université de Montréal et est le nouveau directeur du CRDP (juin 2014). Depuis 2005, il est titulaire de la Chaire d’excellence de l’Université de Montréal en droit de la sécurité et des affaires électroniques et auteur d’un blogue juridique sur ces sujets. Il enseigne plusieurs cours en droit des affaires et en droit des technologies. M. Gautrais est diplômé de l’Université de Rennes 1 en France (Licence, Maîtrise) et de l’Université de Montréal (LLD, LLM, LLB). Sa thèse de doctorat, publiée chez Bruylant (Bruxelles), s’intitule «Le contrat électronique international ». Il est aussi avocat au Barreau du Québec.
8
Les conférenciers experts de GoSec 2014
David Girard Senior Security Advisor Trend MicroIn today’s world, the question is no longer “Will we be attacked?” but “When will we be attacked?”In recent years, the landscape of information security has changed dramatically. The traditional approach to protecting computer networks is seemingly no longer sufficient. Using deceptive social engineering techniques, custom malware, morphing attacks and other increasingly sophisticated techniques, cyber criminals today are seemingly unstoppable. Join this session and:• Learn how attackers are bypassing traditional
defenses• Discover the key capabilities needed to truly
counter these threats• Find out how you can readily implement a
custom defense in your network• Get answers to your important architectural
questions about detecting and stopping targeted attacks
Mr. Girard joined Trend Micro in May, 2010, following 6 years as the senior security advisor for Quebec’s Ministry for Health and Social Services’ public network and coordinator of the Security Operational Center. He worked as security officer of a Canadian Forces unit until 1993. He then began his career as a security consultant and has helped create many security systems and has collaborated with many police departments in computer forensic investigations. In 2001, he founded Secumetrix with two partners; a company specialized in biometrics and security. During 2003-2009 in his role with Quebec’s Ministry for Health and Social Services, he was also the liaison officer with Sûreté du Québec cybercrime unit. Mr. Girard possesses many security and IT certifications (CISSP, CWSP, CHFI, ISO 27001 ISMS PA, ITIL, TCTP, and TCSP).
Geoff Hancock CTO Advanced Technology, Intelligence and Cyber Solutions CGI Federal Cyber risk managementIn this session you’ll learn:• An actionable definition of cybersecurity• The most common types of attacks• What specific best practices to adopt to prevent
& mitigate breaches• How to budget appropriately for cybersecurity
protection• The myth of brand name solution superiority• How to find and select cybersecurity experts for
your business
Participants will also receive best practice handouts that can be used immediately as checklists to move toward better cyber risk management
Mr. Hancock is a 20-year veteran of IT and Cyber Security. He has worked with the federal government on new technologies and how they apply and has specialized in Cyber Security, Cloud and Mobility Solutions for across Military, IC, Civilian and Healthcare agencies. He is Chairman of the CISO Alliance at AFCEA DC and spends his time advising Senior Executives on the use strategy and planning of technologies and the impact to cyber security.
9
Les conférenciers experts de GoSec 2014
Cmdre Darren Hawco Director General Cyber Warfare, Chief of Force Development, Department of National DefenceThe cyber threat posed to National Defence operationsCommodore Darren Hawco will present and provide context on the cyber threat posed to National Defence operations. The presentation will consider the cyber landscape, outline the national cyber security framework, examine sovereign and allied cyber security considerations, and consider cyber security implications to modern network enabled military operations.
Commodore Hawco’s sea going career includes a 9-month operational deployments as NATO Standing Naval Force Atlantic staff to the Adriatic for OP SHARP GUARD to enforce a UN embargo against the Former Republic of Yugoslavia, and three 7-month deployments to the Persian Gulf enforcing UN sanctions and as part of the
Global War on Terror. His shore appointments include Senior Air Control instructor, Commander Naval Combat Training Division, Senior Staff Officer Plans & Exercises, Director of Maritime Requirements Sea, Director General Maritime Strategic Management, and a year-long operational deployment to Afghanistan as an Advisor to COMISAF within his Commander’s Initiatives Group. Commodore Hawco has a Bachelor of Administration, a Masters in Defence Studies, and a Masters in Defence Policy. In addition to operational medals, he was awarded the Meritorious Service Medal by both Canada and the United States for service within the USS BOXER Expeditionary Strike Group. On return from Afghanistan, Commodore Hawco was promoted to his current rank and appointed to Command of the Atlantic Fleet in January 2012. Following Fleet command, Commodore Hawco was appointed to his current position in Chief of Force Development as the second Director General Cyberspace.
Gaétan Houle Leader national, Sécurité des TI Ernst & YoungLa loi canadienne anti-pourriel : incidence sur les relations d’affairesLa nouvelle Loi canadienne anti-pourriel (LCAP) est entrée en vigueur le 1 juillet 2014. Pour plusieurs consultants et cabinets d’avocats c’est un autre «Y2K». Pour les entreprises, c’est un risque de plus à gérer. Avant d’entrer dans le vif du sujet, M. Houle va résumer les grandes lignes de la nouvelle loi, puis il va vous soumettre à un barrage de questions pièges. La LCAP peut paraître complexe, mais dans son allocution il vous amènera à conclure qu’à la fin de tout, si vous suivez un bon code de déontologie et vous comprenez bien les raisons fondamentales derrière la loi, la LCAP n’est pas si compliquée que ça.
M. Houle a occupé plusieurs postes de haute gestion au sein du Gouvernement fédéral, incluant Ingénieur en chef de la sécurité des télécommunications au Ministère de la défense nationale, Directeur de la Sécurité corporative aux ministère des Affaires étrangères, et Consul à l’ambassade canadienne au Pérou. Dans le secteur privé, il a occupé les postes de Responsable de la sécurité d’entreprise au sein de plusieurs grandes entreprises multinationales dont Bell Canada, où il a sécurisé l’infrastructure de télécommunication pour les Jeux olympiques d’hiver de 2010 à Vancouver. Il détient un baccalauréat en génie électrique du Royal Military College of Canada, et un MBA avec concentration en cyber sécurité de l’université Jones International University du Colorado
10
Les conférenciers experts de GoSec 2014
Neils Johnson Technical Evangelist SymantecCan you afford the risk?Information is the lifeblood of today’s connected world. It plays a critical role in our personal lives and drives our businesses. Each year, the amount of information we create —from digital photos to business critical data— increases exponentially. Securing and managing our information, and the identities to access that information, becomes even more important and challenging. Can you afford the risk? Most targeted attacks sit silently, collecting information, for months before they are
discovered. Since the tools attackers use adapt so rapidly and the profile of a hacker is so diverse, you can’t possibly know who’s targeting you—and what they’re targeting you with—it’s imperative to protect your entire infrastructure.
Mr. Johnson is responsible for sharing the story and message of Symantec, its vision and strategy, as a global leader in infrastructure software. His ability to talk about the technical in very simple terms, and the capacity to address the complex issues of risk definition and mitigation is born out of his 19 years with Symantec. Mr. Johnson regularly conducts corporate presentations and internal training in cities around the world.
Ben Johnson Chief evangelist of Bit9 and former co-founder and CTO of Carbon Black Bit9 + Carbon BlackBreached: Hunting Threats on the InsideProtecting your endpoints and servers from relentless attacks by smart, focused threat actors is hard enough. Finding them once they get inside your systems with valid credentials and start operating as “outsider-insiders” is even harder. How do you even begin to defend your organization against these clever adversaries? And how can you have some resiliency? In this session we’ll discuss the threat landscape, the trend of attackers “living off the land,” and how
you can successfully hunt these threats to reduce the scope of your incidents and keep your data—including customer PII and other proprietary information–safe.
Mr. Johnson uses his experience as a co-founder and chief technology officer for Carbon Black, which merged with Bit9 in February 2014, to drive the company’s message to customers, partners, the news media and industry analysts. He was directly responsible for the powerful functionality of the Carbon Black endpoint threat detection and response (ETDR) solution and has extensive experience building complex systems for environments where speed and reliability are paramount.
Mohammad Kaouk Senior System Engineer BlueCoatBusiness assurance: Another way to see securitySecurity is often seen as protection against threats and attacks, a means of avoiding the catastrophic event that could cause the business to crumble. But there’s another way to see security—and a better way to extract business value from security technology. Come and listen how, through its “Business Assurance Platform”, Blue Coat Systems creates an agile security framework that solves security challenges today, evolves with your business, and opens the door to new opportunities. It harnesses open technology and a strong, vibrant partner ecosystem to enable customers to integrate best-of-breed products and technologies as they emerge. Let us show you how we integrates products from our Security and Policy Enforcement Center and our Resolution Center to deliver a comprehensive lifecycle defense that fortifies the network by blocking
known threats, proactively detecting unknown and already-present malware, and automating post-intrusion incident containment.
Here are some elements Mr. Kaouk will talk about:• Security Analytics and Packet Shaping• Open Architecture and Intelligence Ecosystem• Global Cloud Infrastructure• Lifecycle Defense
Mr. Kaouk has over 10 years of expertise and is recognized with international caliber experience. Following his University education in Computer Science, he has embarked on a journey as an IT specialist and consultant. Having the knowledge of 3 languages, he has quickly advanced in his career by implementing and managing projects in security and networking through important firms in the Middle East. It has been 3 year since he has moved to Canada for his family. His wide range of experience and expertise allowed him to quickly assess the focal points of a successful network and proposed solutions vanguard while paying attention to the return on investment.
11
Les conférenciers experts de GoSec 2014
Aamir Lakhani Senior Security Strategist FortinetCasting Light on a Dark WebWe cannot afford to wait for the adversary to make their move first, nor can we hide from them. The most active and proven attack techniques of 2014 will be examined derived from Fortinet threat research. Hackers do not just use one tool to infiltrate networks. Two significant attacks will be discussed that outline a growing problem of destructive threats that, in an instant, can cause tens, or hundreds of millions of dollars in damages. South Korea was hit with an attack that wiped out over 50,000 systems using trusted channels, and destructive malware on both PC and critical backend (Linux) systems. In 2014, the Dragonfly group infiltrated industrial
systems (SCADA) using the Havex Trojan. A drill down of Havex will be provided, along with their spy tactics. Proactive security will be discussed, including deep inspection technology, attack surface coverage, incident response and actionable threat intelligence.
Mr. Lakhani is considered an industry leader in support of detailed architectural engagements and projects on topics related to cyber defense, mobile application threats, malware and Advanced Persistent Threat (APT) research. In its recent list of 46 Federal Technology Experts to Follow on Twitter, FedTech magazine described Aamir Lakhani as “a blogger, infosec specialist, super hero...and all around good guy.” Lakhani runs blog, DrChaos.com. Additionally, he is a published author and has been featured on Federal News Radio.
Michael Lawson Sales Systems Engineer, ATD, NA McAfeeFind, Freeze & Fix Advanced ThreatsIn today’s advanced threat landscape, it is critical, now more than ever, to manage your security in a dynamic and scalable manner. The Security Connected framework from McAfee enables integration of multiple products, services, and partnerships for centralized, efficient, and effective risk mitigation. Built on more than two decades of proven security practices, the Security Connected approach helps organizations of all sizes and segments—across all geographies—improve security postures, optimize security for greater cost effectiveness, and align security strategically with business initiatives. The Security Connected Reference Architecture provides a
concrete path from ideas to implementation. Use it to adapt the Security Connected concepts to your unique risks, infrastructure, and business objectives.
Michael Lawson is a computer security specialist who leverages his 20 years of information technology experience in solving complex problems. His career includes ten years military service in the United States Navy, five years banking\e-commerce experience, and five years as a Pre-Sales solutions architect. This experience serves him well with a solid understanding of the security challenges that face many government entities, the compliance and regulation in banking\e-commerce industry, and his Pre-Sales roles have given him exposure to many different companies unique security needs.
Gianni Leone Senior Manager Advisory Services Ernst & YoungThe importance of constant evolution for a user organizationFor a user organisation, one of the key questions both in choosing a service organisation, and in managing that relationship, is whether that service organisation operates a well-controlled environment that will protect their reputation by continuing to operate at the level they require. Service organizations have evolved, third party reporting has evolved….the user organizations need to evolve as well. For many years, user organizations have used different methods to obtain the required assurance including third party reporting. This presentation will focus on what is changing in the
IS/IT outsourcing world, what are the reasons/benefits for assessing IS/IT outsourcers and how to do it, including the common issues and challenges. In addition, an overview will be provided on the evolution of third party reporting and how to use and interpret the reports.
Mr. Leone has over 19 years of professional services experience with the last 15 years spent primarily in the Information Technology Risk Advisory (ITRA) services sector, serving global and local companies, and a key member of the account teams serving these companies. He has deep knowledge of the IT outsourcing solutions business and is the EY Canadian Service Organization Control Reporting (SOCR) co-leader. He also has deep experience in IT governance and best practices and extensive knowledge of IT Governance and Control Frameworks.
12
Les conférenciers experts de GoSec 2014
Chad Loeven Director, Technology Partnerships RSAOperational CyberThreat Intelligence: 3 Years of Critical Incident Response Center experiencesChad Loeven came on board RSA as part of RSA’s acquisition of Silicium Security and ECAT. At Silicium he was responsible for worldwide sales and marketing, channel development and partnerships. Within RSA, he and his team handle inbound and outbound technology partnerships. Prior to RSA, Mr. Loeven held various management and executive management positions in the technology industry, most recently building and leading GFI’s Advanced Technology
Group (ATG). At GFI ATG he brought to market the industry’s leading malware analysis tool, GFI Sandbox, as well as ThreatTrack data feeds and oversaw licensing GFI’s antimalware solutions to the global security community. At Vircom he was responsible for international channel and business development and at Messaging Architects as COO overseeing the daily operations and international channel networks. Additionally, Mr. Loeven co-founded Zenon Systems and grew the company to be the largest Microsoft Solution Partner and Advanced Product training center in eastern Canada at that time. While with Zenon, he received the Ernst and Young Entrepreneur of the Year and Profit100 awards. Mr. Loeven graduated with a Bachelor’s degree in electrical engineering from Concordia University in 1989.
Minh-Quang Nguyen Pre-Sales Security Engineer FortinetNext-Gen Visibility in Next-Gen FirewallsIn this session, Mr. Nguyen will present Fortinet’s next-generation visibility tools empowering users of the industry’s leading network security platform and discuss how Fortinet achieves 5X the performance of comparable cost solutions. This presentation will feature live demonstration of the much awaited FortiOS and FortiAnalyzer 5.2.
Mr. Nguyen has cumulated over 8 years in IT Security and holds the CISSP certification. After his studies in computer engineering at Ecole Polytechnique de Montreal, he briefly worked in the software industry before joining GoSecure as an analyst where he got addicted to the security field. During this time, he has acted as a consultant for several mid to large security infrastructure projects in both private and public sectors, from the financial industry to behemoth utilities while also designing network architectures for all level of government including the Federal. Fast forward to today, after a long stint at another leading security vendor, he is now part of the pre-sales security engineering team at market-leader Fortinet Technologies for Eastern Canada.
Alexander Rau National Information Security Strategist SymantecCurrent manufacturing related IT security issuesMr. Rau will elaborate on current manufacturing related IT security issues. From the threat of trade secrets being leaking out of the organization to using the organizations network as a bridging point to gain access to other suppliers’ networks, Alexander will discuss the threat landscape manufacturers specifically need to protect themselves from.
With over 15 years’ experience in IT specializing in security, Mr. Rau holds CISSP and CISM certifications and has consulted with many large public and private sector organizations on how to address their security challenges. Prior to joining Symantec, he held a Sr. IT Security role with IBM and was the Manager of IT for a small manufacturing company. Since 2008, Mr. Rau has also been a part-time faculty member at Georgian College in Barrie, ON, teaching computer and network systems security.
13
Les conférenciers experts de GoSec 2014
Avi Rembaum Director, Incident response and Security Check UP consulting CheckpointAttack Trends, the Need for Intelligence Integration and a Prevent-Based Security PostureThis presentation will review recent trends associated with malware, advanced threats and risky applications. It will also highlight security administrator views toward their ability to identify, analyze and prevent security breaches. The data points associated with these findings identify a clear need for information security intelligence that is rich in content and also actionable. Security administrators must be able to integrate intelligence into their security controls in near real-time to prevent evolving attacks. The session will also raise the need for security practitioners to consider switching their security postures from detect to prevent.
Mr. Rembaum is Check Point’s Director, Incident response and Security Check UP consulting. He first joined Check Point in 2006 as Head of the Solution Center, and in 2009 he took on ownership of the company’s business relationships with the Tier-1 Telcos in North America. In his current capacity, he oversees Check Point’s incident response team and strategic consulting programs. He is also responsible for new programs, such as the global Financial Services Security Workgroup and critical infrastructure security initiative. Mr. Rembaum first began working in the information and network security industry in 1997, when he joined RADGUARD’s marketing team. He also held product management positions at RedCreek and SonicWALL. Prior to joining Check Point, he served as a practice manager in Getronics’ North American information security group, joining the global IT services firm following its acquisition of RedSiren.
Alon Sadeh Sales Engineer - Canada Bit9 + Carbon BlackEvolution of Endpoint Security: Detecting and Responding to Malware Across the Entire Kill ChainOver the past decade, the volume of malware produced and potentially infecting organizations, has multiplied by orders of magnitude. The scope of the threat, in conjunction with little to no innovation by traditional security vendors has left organizations like yours vulnerable. The time is NOW to expand security infrastructures to include
detection and response capabilities that allow you to fully scope, contain and remediate each threat in real-time on your endpoints and servers. Join Bit9 to discuss the emergence of endpoint malware and the new class of security solutions that can detect threats early and across more points in the kill chain.
Mr. Sadeh has been working in the software industry for over 15 years. After graduating from the University of Waterloo, he has taken various roles at some of the worlds largest software companies. His background includes security, systems management and data management.
Michael J. Scanlon Executive Vice President ResilienceCurrent manufacturing related IT security Overview of Resilience’s Defense in Depth approach to CybersecurityResilience Technology Corporation offers a Full line of products that offer protection at multiple layers for a true Defense-in-depth approach to security. From DNS attacks to protecting your desktop from zero day attacks, with several features in-between the Resilience suite of security products has you covered.
Mr. Scanlon leads the Resilience’s Sales and Marketing division, and serves on the Board of Directors of Resilience Technology Corporation.
An experienced computer security professional, he joined Resilience, assuming management of Resilience’s eastern U.S. and Canadian sales regions in 2006 and has achieved Top Revenue Producer status every year since 2008. Expanding sales territories in North America and Asia. He has also established Resilience’s presence in South America. Before 2006, Mr. Scanlon worked as an account executive for MTM Technologies (formerly NEXL, Inc.), in total IT solution sales for the northeast region and upstate New York. His efforts led to the company’s receiving Quantum’s Top Reseller Award for 2005. Mr. Scanlon has also worked as a senior account executive for firms Adaptive Communications, LLC and Sarcom Co. /Peripheral Innovations, Inc. A graduate of the University of Massachusetts, Amherst, he is based in New England.
14
Les conférenciers experts de GoSec 2014
Ajay K. Sood General Manager FireEyeSecurity Reimagined – Today’s Threat Landscape is not Tomorrow’sInformation Technology (IT) Security is a dynamic domain of study, fuelled by rapid developments in the attacks and their countermeasures. What has been at the source of this evolution is a change in the motivation and organization of the groups leading the attacks. Capitalization on data is now the key driver behind cyber-attacks, whether it is financial, intellectual, or political. Accepting the new paradigm of the adversary being a motivated, well organized, and intelligent set of actors has not been easy. Neither has accepting the high cost of being unprepared for their operationalized attacks on our IT infrastructures. Today’s attacks are stealthy, coordinated, and effective. Current IT security controls are failing, because they are not designed or able to meet the dynamic challenges of an intelligent assault. In this session, Mr. Sood will discuss the evolution of the attacks, as well
as the attackers themselves, and offer context as to how the “why and who” is as important as the “what” of an attack. He will explore the impact of breaches as well as the value of being prepared for the inevitability of failure of traditional controls.
Key Points:• Discuss the evolution of malware and APT
Campaigns• Differentiate Threat Technology from Threat
Actors• Clarify the evasive nature of modern threats• Explain new security model
Mr. Sood has been instrumental in introducing many leading and disruptive security vendors to Canada, and is currently serving as the General Manager for FireEye Canada. A technologist and security advocate, he has participated in the architecture and implementation of some of the largest and most robust perimeters in Canada as well as internationally. Mr. Sood holds the CISSP and SANS GSEC designations.
Marc Vael Directeur de l’Audit Interne chez Smals/ Président de l’ISACA Belgique Comment motiver les membres du Conseil d’Administration d’investir dans la cybersécurité?Chaque jour, toutes sortes de cas de cyber-criminalité ou cyber-infractions surviennent tout autour du globe mais beaucoup les ignorent ou préfèrent les cacher. Plusieurs incidents graves de cyber-sécurité ont ainsi eu lieu. Il est aussi devenu de plus en plus évident que plusieurs gouvernements étrangers sont prêts à investir massivement dans la collecte d’informations.. Les membres de Conseils d’administration ont besoin d’un résumé des risques relevants et des questions de sécurité dont ils pourraient s’entretenir avec la direction en ce qui a trait à l’intégration du cyberespace dans la stratégie d’affaires. Ils doivent être capable de poser des questions afin de mieux comprendre les mesures que prend la direction pour protéger les actifs informationnels et autres éléments d’actif importants de l’organisation tout en profitant des occasions d’affaires considérables qu’offre le monde virtuel.
Le guide développé en Belgique pour toutes les enterprises, dont surtout les PMEs, présente les principes clés en matière de cyber-sécurité et fournit une liste de vérification simple, conçue pour vous se lancer dans la bonne direction et mettre facilement en oeuvre les conseils prodigués.
M. Vael a 20 ans d’expérience active dans la gestion des risques et de la sécurité de l’information, BCM / DRP, la protection des données / vie privée et l’audit informatique. Il est président de l’ISACA Belgique, professeur à l’Antwerp Management School , Solvay Brussels School et l’Ecole Supérieure de Bruges (HOWEST), membre de la Commission de la vie privée flamande, membre du conseil d’administration de SAI et membre du Groupe d’Experts conseillant ENISA. M. Vael est devenu membre du Comité d’Audit de l’Ecole Supérieure de Gand (HOGENT) depuis septembre 2014. Il a obtenu et maintient les certifications suivantes: CISA, CISM, CRISC, CGEIT, CISSP, ITIL Service Manager, Prince2 foundation et GUBERNA Administrateur. Il est membre d’ISACA depuis 1996 et était membre du Conseil d’Administration d’ISACA International entre 2011 et 2014.
Les conférenciers experts de GoSec 2014
Nart Villeneuve Senior Intelligence Researcher FireEyePatriotic Hacking to Cyber EspionageThe transition from patriotic hacking to cyber espionage typically follows an increasing politicization within the hacking community, particularly around geopolitical events and the realization that long-term covert operations have greater impact. This presentation will focus on attackers based in the Middle East that have made this transition opting to leverage malware to compromise their targets rather than engaging simple website defacements. In particular, it will focus on two groups: “Molerats” and “Ajax Security Team”. The activity of these groups demonstrates that there is a relatively low barrier to entry. There are a variety of exploits and tools readily available that can be used in successful operations, even by less skillful actors. As an increasing number of actors with
varying capabilities and motivations engage in targeted attacks the ability to identify and track their activity becomes increasingly difficult and important. This presentation will highlight the threat tracking techniques used to investigate the activities of these groups as well as the tools, techniques and procedures they use to compromised their targets.
At FireEye, Mr. Villeneuve focuses on targeted malware attacks, botnets and the criminal underground. He has conducted in-depth investigations of malware-based espionage networks and continues to monitor numerous targeted attack campaigns with an emphasis on building threat intelligence by developing indicators that can be used to identify the tools, tactics, and procedures used in targeted attacks. Prior to joining FireEye, his research at Trend Micro and the University of Toronto led to the discovery and documentation of multiple cyber-espionage networks and in-depth reports on cybercrime networks as well.
