Security professionals in general distrust the cloud; they are concerned about losing control, fly-by-night third party solutions, privacy and surveillance.
However, the cloud provides a way to address issues such as the vanished perimeter, ubiquitous connected devices and new categories of attack.
This keynote will discuss how we can shift the dynamic and use the cloud to defend against the increasing security challenges we are facing.
In addition to the keynote session, company executives and researchers will offer insight on current threats and industry trends related to browser security, vulnerabilities within popular embedded devices, and how to best drive effective security programs across government agencies and enterprises.
Continuous Monitoring with the 20 Critical Security Controls (SPO1-W02)
Wednesday, February 26 at 9:20 a.m. PT, Room 131
The 20 Critical Security Controls (CSC) outline a practical approach to implementing security technologies by providing proven guidelines for protecting IT environments. Continuous monitoring plays a critical role in implementing the 20 CSC, and the good news is that there are new tools that can help automate adoption of the 20 CSC.
This session by Wolfgang Kandek, CTO, Qualys, will detail how to use these tools to protect corporate environments and keep your data secure.
Is Your Browser a User Agent, or a Double Agent (DSP-R04A)
Tuesday, February 27 at 12:00 p.m. PT, Room 2006
Privacy shouldn't be an afterthought in the browser. Data security within web and mobile apps relies on technical controls such as same-origin policy and sandboxing. As browsers add more complex features, the industry must weigh the trade-off between improving APIs for developers and limiting the ability of attackers to abuse those APIs.
This presentation by Mike Shema, director of engineering, Qualys, will cover privacy threats that apps may encounter via the browser.