Event 6/9/17 - Delaware InfraGard - Protecting Your Cyber Assets
Post date: Jun 7, 2017 12:45:35 AM
The Delaware InfraGard Members Alliance presents: Protecting Your Cyber Assets
(This meeting is open to all with registration), RSVP at https://idmajune2017.eventbrite.com
Agenda: (Light refreshments will be served)
8:00 am Registration & Networking
8:45 am InfraGard Announcements
9:00 am The Latest ICS Threats
10:00 am Credential Theft as a Primary Attack Vector
11:00 am Security for Business Travelers
Noon: End of Program
The Latest ICS Threats
An overview of the latest ICS (Industrial Control System) threat intelligence. Detail Operation BugDrop, a cyber-surveillance operation leveraging DropBox that used PC microphones to "bug" critical infrastructure, scientific research, and media organizations in the Ukraine. Review Information learned about the evolution of industrial malware like BlackEnergy3 and KillDisk. Describe IIoT botnets operated by criminal gangs to deliver DDoS-as-Service. And discuss recently-announced zero-day vulnerabilities in widely-used industrial devices.
Phil Neray is currently the VP of Industrial Cybersecurity at CyberX. Phil began his career as a Schlumberger engineer on oil rigs in South America and as an engineer with Hydro-Quebec. He has a BSEE from McGill University, is certified in cloud security (CCSK), and has a Black Belt in American Jiu-Jitsu. Prior to CyberX, Phil held executive roles at enterprise security leaders including IBM Security/Q1 Labs, Guardium, Veracode, and Symantec.
Credential Theft as a Primary Attack Vector – Detect and Respond to Privileged and Service Account Attacks
Privileged accounts have been at the center of each recent high-profile attack. Moreover, attackers are leveraging Privileged credentials as their entry point to high value systems within the network. This session will explain how hackers that successfully exploit these credentials are able to gain a privileged foothold, allowing them unfettered access to elevate privileges and move about the network freely without detection. With a solid understanding of this well-used method of attack, attendees will learn how to properly secure and manage these powerful credentials. We will discuss growing trends in regards to attacks and what Security Leaders are doing to protect their organizations from these advanced attacks. And walk through a typical attack that utilizes privileged accounts and how passwords can be exploited to break down the front door.
The session will touch on the growth and prevalence of privileged credentials. We will discuss how to securely store and manage credentials and how to reduce the attack surface, specifically attack surfaces favored by insiders and outsiders with insider credentials. We will also discuss detecting credential harvesting and blocking future attempts. All while maintaining governance and compliance standards.
Nick Dulavitz is a national director of engineering at CyberArk. He assumed the role in 2016 and is based in Boston, Massachusetts. Mr. Dulavitz joined CyberArk in 2013 coming from Sophos where he held a variety security focused positions specializing in encryption technologies. Since joining CyberArk he has focused primarily on how privilege is leveraged by attackers to accomplish their goals and the most effective ways to mitigate such techniques.
Security for Business Travelers - Our Tools Betray Us
We will watch several insightful videos and participate in related discussions about how our tools and social media betray and endanger our business and our business travelers. This presentation will use recorded actual events to portray the dangers of using today's technology and social media to support our businesses. We will also discuss the actions we can take to make us safer.
Mr. R. C. Smith is a professional security specialist with over 40 years of hands on experience in many aspects of security and intelligence. He has served in a wide variety of roles including program, personnel, physical and information security/assurance, OPSEC, Security Awareness/Security Education and counterintelligence. He has served on the Board of Directors for the Maryland InfraGard for two years, serves as the Programs Chief and Chairs the Insider Threat Special Interest Group. He has supported the National Classification Management Society as their technical advisor for the Education and Training Committee and has served on the board of the Industrial Security Awareness Council of Central Maryland. He serves as Sponsor Coordinator for the highly successful FBI Outreach program, Intelligence and Law Enforcement Training Seminar or INLETS. R.C. Smith was a recipient of the 2017 Governor’s Crime Prevention Award.
For more information about the Delaware InfraGard, go to: www.infragard.org