PROTECTING THE VALUE CHAIN OF SOCIETY
7th November 2017

2016 was the most critical year for Cyber Security so far – and 2017 will prove no less. Looking ahead to 2018; IT infrastructure is undeniably strained by an increasingly mobile workforce that demands always-on access to corporate resources, and the continued adoption of SaaS to name a few challenges in the new landscape.

Despite shrinking data centers, the growing complexity of expanding amount of distributed applications and data creates weaknesses used by attackers with record effectiveness. The urgent need, proven by recent successful attacks, to have a modern infrastructure in place, business strategy and contingency plans is making us aim for change. Fast.

The new world of IT security is a world we have not been part of before. Hybrid infrastructures, mobile workforces, data protection regulations, IoT, and disinformation are things tht are rapidly setting their footprint on how the security landscape is shaped today.

Nordic It Security is the key meeting place for this brave new IT security world

Our dynamic summit and exhibition bring together the converging worlds of IT, Cybersecurity and Information security line events where pioneers and leaders develop partnerships in a creative collision of the best industry minds. Combining our history with our passion, we are committed to bringing you the most business-critical event in the market change, and your business is changing. So, we are changing.

AN EVENT FOR THE BRAVE NEW WORLD OF IT-SECURITY – WELCOME TO NORDIC IT SECURITY 2017

Expo Stage

09.00

Official Opening of conference and Opening Keynote

11.30

MIND LEADER HUBS by Darktrace, Bomgar, Fortconsult
3*20 minutes

11.30 – 11.50

MINDLEADER HUB 1

The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defense
From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network – before they turn into a full-blown crisis.

Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat.

Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense, is relied upon by organizations around the world, and can cover up to millions of devices.
In this session, learn:
• How new machine learning and mathematics are automating advanced cyber defense
• Why 100% network visibility allows you to detect threats as they happen, or before they happen
• How smart prioritization and visualization of threats allows for better resource allocation and lower risk
• Real-world examples of unknown threats detected by ‘immune system’ technology
Dave Palmer
Darktrace

11.30 – 11.50

MINDLEADER HUB 2

Bypassing Biometric Authentication
Biometric authentication is becoming more and more popular. Fingerprint and/or facial recognition is more or less standard in high-end mobile devices, while retinal scanners are used in high security environments. Attack scenarios where fingerprint scanners are bypassed using moulds and 3D printers have already been proven. However, these attacks are not practical and therefore unlikely to be used in real life scenarios. Similarly, facial recognition has been successfully bypassed with the help of pictures in the past – a technique that no longer works on recent facial recognition devices, but leaves food for thought nevertheless. This session will not only focus on bypassing biometric authentication, but will look at doing so practically – in a manner that would be efficient in a real-life scenario. Are these attacks actually able to put end-user and/or corporate devices at risk? You can
• Always change a compromised password, but it is a lot harder to change your finger or face!
• Biometric authentication is not unhackable
• Vendors have to address IT security in biometric authentication
Neal Hindocha
Regional Manager – Sweden, Fortconsult A/S

14.20

PANEL: Democracy Disrupted – Media’s role in an era of disinformation

Jan Helin
Program director, Sveriges Television
Linus Larsson
Tech editor, Dagens Nyheter
Eva Burman
Editor-in-chief, Eskilstuna-Kuriren
Henrik Tilly
Head of operations, Schibsted
Thomas Mattsson
Editor in chief, Expressen

16.00

After work bar opens

16.15

Closing Keynote

17.30

Conference ends

Room 1

09.50

Privileged Access – Is it time for a cyber-based and not a compliance approach

Privileged Access is a re-occurring theme in Compliance Regulations and therefore regularly targeted by both internal and external auditors. Organizations frequently tackle such challenges tactically and do not address the active and real risk of Privilege abuse to the business.Cyber-attacks have reached a level of sophistication that allows attackers to potentially evade existing security controls and access privileged credentials. To mitigate the risks, many organizations now proactively shore up privileged access controls. There is much to learn from these organizations.
• Compliance Approach
• Risk Approach
• Organisations = Risk Approach
Andreas Nordenadler
Regional Manager, Sweden & Norway, Cyberark

10.20

Session by Raul Rikk

10.50

Security is Everywhere

In this session, learn about Synopsys’ initiatives and how you can directly and meaningfully help enhance cyber risk standards and programs.
Michael White
Director Solution Strategy, Synopsys Software Integrity Group, Synopsys

12.40

PKI for battery-powered IoT

Asymmetric cryptography has long been considered infeasible for resource-constrained devices. However, since the new IoT devices are equipped with sufficient RAM, flash, a standard 32-bit CPU and crypto hardware it is possible to run certificate- based security in such devices. Also, the lack of a user interface and unattended deployments hinder relying on traditional methods of initial authentication using a username and a password (which also becomes a weakest link in security). Therefore, an automated key management solution that also supports PKI is inevitable for IoT. A number of PKI providers offer or claim PKI solutions for IoT. However, none of them covers long-life battery-powered or energy-harvesting devices, without breaking end-to-end security. This talk will present PKI building blocks for these extremely resource-constrained IoT devices, present implementation and evaluation of these solutions in state-of-the-art IoT hardware, and provide the performance benchmarks.
Shahid Raza
Director of Security Lab @ RISE SICS, RISE SICS, Stockholm

13.10

The Dangers of the Dark Web

Christian Lees will discuss the inner workings of the Dark Web. How cyber criminals and cyber gangs infiltrate organizations and exfiltrate data. The Dark Web is a closed community where cybercriminals can share information, attack vectors and buy and sell stolen data containing PII. Infiltrating the Dark Web requires a high level of expertise and years of trust with threat actors. True threat intelligence should be derived from operatively-sourced threat intelligence using HUMINT. Many organizations struggle in gaining the upper-hand by gaining pre-emptive threat intelligence to combat targeted malicious activity and overall threats.
Christian Lees
CISO, InfoArmor

13.40

Whistleblow – Secure or just complicated?

• What are the options out there?
• Will the end user manage to use it?
• What are the new demands on our journalists?
Our media companies need to meet tomorrows sources, with a modern and secure solution. How can we provide this service to our readers, without the need for them to have deep technical skills, but still be able to guarantee source protection?
Henrik Tilly
Director of Operations, Schibsted Enterprise Technology

15.00

Fraud Analytics in Insurance

In this talk I will explain how If P&C have utilized graphs and analytics in order to find more fraud cases and stop advanced types of fraud. Strategies from fraudsters evolve rapidly and it is necessary to equip sophisticated but agile fraud detection and prevention systems. They have to detect elements such as synthetic identities acting as capital vehicles, fraud rings or money laundering structures. With graphs we are now able to leverage connections and act fast to prevent fraud in the first place. This gives if P&C new means to fight and detect fraud more easily.
Kalle Lindblad
Head of Fraud Analytics, IF P&C

15.30

Human Rights & IT Security: How Digital Solutions Save Lives

The Human Rights Innovation Initiative was founded by Civil Rights Defenders to support Human Rights Defenders. Our partners, these Human Rights Defenders, are brave so that you don’t have to be. We employ our Defender-Centric approach to improve their security and impact, so that they can fight for improved human rights in their context, for their community. In a world with mass surveillance, the chances of unlawful or arbitrary arrests and disappearances increase. In a world where governments demonise and hunt whistleblowers transparency and accountability is challenged. With the journalistic business model in disarray and filter bubbles, even the very access to information is problematic. As such the work of Human Rights Defenders is as important today as ever. Internet and communication technologies underpin the work of many Human Rights Defenders while simultaneously, being an avenue for attacks against them.
Mathias Antonsson
Innovation, Civil Rights Defenders

Room 2

09.50

Session by Outpost 24

10.20

Car Hacking, a Real Threat?

In this session, we look into attacks against cars. Why did the attacks succeed? We talk about vulnerabilities in cars and challenges for the automotive industry. We also talk about, ways to secure the connected car and what we can learn from earlier mistakes.
Kim Strandberg
1st Analysis Engineer, VOLVO CAR CORPORATION

10.50

Turning the Tide: Fending off Cyber Threats

Cybercriminals are Increasingly targeting the human vulnerability. With businesses more interconnected than ever and with the perimeter being progressively blurred, we will show how Proofpoint will bring a more deterministic way of building resilience into the ecosystem that protects our employees, business partners and customers from cyber threats. In this session, we will discuss how Proofpoint’s market leading and unique technology is restoring trust to today‘s number one attack vector: email.
Werner Thalmeier,
SE Director EMEA, Proofpoint

12.40

Delivering responsible innovations in the digital era

Nowadays, global companies seek to drive responsible innovations and earn the trust of customers, partners, and employees. But in the interconnected digitized world, never has that challenge been more difficult. With 160,000 employees across 100+ countries, Schneider Electric, a leading energy management expert that takes “digital” seriously, has created a solution that enables responsible and sustainable innovation practices and embeds privacy and security into hundreds of applications on a global scale. The talk aims to share how Schneider Electric transformed cybersecurity and compliance, which are usually perceived as a cost, into value for the business and its employees and customers alike. Beyond sharing how the company successfully delivered a global application security and compliance framework, the talk equips the audience with actionable strategies that empower them to create strong, responsible innovations in their own companies as well.
Ilya Kabanov
Global Director Application Security, Schneider Electric

13.10

Navigating Infosecurity’s Role in GDPR Compliance

GDPR is changing how companies must manage and secure EU customer data. With the May 2018 deadline approaching, organisations now have less than 12 months to get their IT systems and processes compliant. For many companies, this project may not even have started, yet six months will not be enough time to complete compliance efforts. This session will help attendees understand requirements and challenges that IT teams have to get to grips with, as well as how to build more budget support for compliance efforts.
Joash Herbrink
CISSP, Security Solution Architect, Qualys Inc.

13.40

Session by Michele Hanson, Head of Information Security, News UK

Michele Hanson,
Head of Information Security, News UK

15.00

Session by Nyotron

15.30

Session by Sven Kivvistik, Head of Anti-Financial Crime, Swedbank Estonia

Sven Kivvistik
Head of Anti-Financial Crime, Swedbank Estonia

Room 3

09.50

Behaviour is the new authentication

The problem with authentication is that it normally happens at the beginning of the session, once. After authentication is successfully performed, the privileged user is free to do whatever until the end of the session. If the attacker already has access, none of the existing controls will prevent or detect malicious activities. This is the reason why companies should monitor the privileged sessions and ensure the authenticity of their users continuously – without constraining them in their day to day work. The solution is to look at user behavior continuously by applying unique biometric analytics and machine learning to privileged users.
Viktor Varga
Technical Account Manager, Technical Account Manager, Balabit-Europe Kft

10.20

Session by Kjetil Stormark, Editor, Aldrimer.no

Kjetil Stormark
Editor, Aldrimer.no

10.50

Session by Logpoint

12.40

199 days left. It is not to late if you haven’t started to prepare yet!

The GDPR is around the corner. Most organisations has run GDPR projects for months or even years. But it is never to late to start. If you work smart you still have time to be finished by May 2018, or at least have decimated your risks in order to continue to work in a calm environment. Regardless, what will happen if you’re not finished?
• Five quick steps to decimate your risks
• Legal does not equal clever
• Is GDPR the new Y2K?
Filip Johnssén
Senior Legal Counsel Privacy, Klarna Bank AB

13.10

Session by GlobalSign

13.40

Keys to internet names as PKI critical infrastructure or how DNSSEC could save you from installing exPetya

DNSSEC does not protect you against DDoS attacks or protect your privacy directly but it indirectly provides some benefits as trusted global PKI infrastructure for each single address in internet. The established by ICANN “Chain of trust” in 2010 (updated in 2017) can potentially find new applied solutions. Especially when user identification and authorization, is needed i.e. when you need to conduct financial transactions, vote in an election, sign an e-petition to government or download software update from trusted site.
Oleksandr Tsaruk
Advisor to the Committee on ICT, Parliament of Ukraine

15.00

Ensuring a Trusted Internet of Things

While the Internet of Things provides abundant opportunities, it also opens doors to new threats that could have a significant impact on how we utilize and interact with technology. A secure IoT ecosystem is possible when people, devices, and systems are able to trust each other. A secure ecosystem is possible when people, devices, and systems are able to trust each other and the concepts of identity play a foundational role in establishing this trust. Solution must enable organizations to quickly establish trust in their infrastructure and secure the interaction between users, devices, and systems in a manner that recognizes the customer’s need to leverage existing environments and remain flexible in choosing devices, backend applications, and data analytics platforms best suited to their specific business environments.
• IoT Security – Best Practices
• IoT Security – Secure by Design
• IoT Security as Enablement
Jason Soroko
Manager, Security Technologies – Office of CTO, Entrust Datacard

15.30

Security in Docker: More than containers

During this talk we will see the benefits of using Docker, how it works, building and testing your deployment and configurations; finally the security risks and challenges related to identify vulnerabilities before and after the implementation.
Maximiliano Soler
CTO, ArtsSEC Information Security

Room 4

09.50

Hand-to- Hand Combat With an Advanced Attacker

Learn new attack techniques that have been uncovered by CrowdStrike’s threat hunting and incident response teams including: initial attack vectors, persistence, lateral movement and data exfiltration techniques. See new techniques for dealing with malware, ransomware, spearphishing, exploits and malware-free intrusions. Leave knowing how to identify and stop advanced threat activity in your environment.
• How nation-state threats are crafted and how their Tactics, Techniques, and Procedures (TTPs) help identify them from more routine advanced attacks
• Who are the most notable adversaries in 2017 and the key European security themes based on the latest intelligence compiled across CrowdStrike’s global intelligence gathering operation
• What are the indicators of attack and how you can apply them to defeat the adversary?
• CPE credits are available for live attendance of this keynote
John Titmus
Director, EMEA – Cybersecurity Strategy Advisor, Crowdstrike UK Ltd

10.20

Cyber Forensics – You’ve Been Hacked, Now What?

The widespread use of computers in many daily bases fields has caused computer crimes to increase. This allowed cyber criminals to maliciously attack vital computational infrastructure to obtain or misuse the information illegally. After a crime occurred in a computer device, an investigation process should take place to reveal what happened based on some evidence. It is used to solve a mysterious event to help the court ascertain whether the suspect is innocence or guilt. In this talk I will be showing various techniques to extract and investigate any digital evidence. I will also discuss some areas where an investigator can extract data from digital mediums.
Ahmed M. Neil
IT head at Ri8Tech, OWASP

10.50

Session by DUO Security

12.40

Learnings from the Darknet – applied in high pressure situations at a UK newspaper

The UK has suffered five terrorist attacks in six months, including three van attacks in London and a bombing in Manchester. In the aftermath of an attack, finding and verifying information from social media is crucial, but platforms quickly become clogged with hoaxers and trolls. Louis Goddard shows how techniques used to unmask drug dealers and paedophiles on the dark net can be applied in a high-pressure situation to verify witnesses and establish the facts, drawing on his own experi- ence at The Times of London.
Louis Goddard
Data Journalist, The Times and The Sunday Times, UK

13.10

Ditch The Spreadsheets! And Turn Vulns Into Actionable Intelligence

Security Analysts are increasingly overwhelmed by the volume of security alerts. Often spending valuable time trying to aggregate and prioritise the information in spreadsheets instead of focusing on critical remediation. This session looks at how advances in automation are now enabling organisations to quickly collate data across multiple data sources from different vendors into a single view. Then apply exploit feeds and real time information about how those vulnerabilities are being exploited in the wild to score and prioritise fixes, as well as generating the security intelligence you need to manage your risk posture.
Trevor Crompton
EMEA Leader, Kenna Security