The document announces a roundtable discussion on the topic of "From Industry 4.0 to GDPR" regarding ICT security and zero trust. It will take place on November 21st from 4:00-6:00 PM in Fontanafredda, Italy and will include presentations from security professionals from various companies. The event will discuss issues around protecting data and business productivity for stakeholders in ICT security. It will conclude with a networking reception including local products.
Fortinet is a global security company founded in 2000 with over 1,300 employees and 5,000 channel partners serving over 100,000 customers worldwide. Their flagship product, FortiGate, is an integrated security appliance that provides firewall, VPN, intrusion prevention, antivirus, web filtering and other network security functions in a single device. FortiGate appliances leverage Fortinet's proprietary ASICs and FortiOS operating system to deliver high performance security with lower total cost of ownership compared to standalone point solutions. Fortinet has experienced strong growth with 2010 revenue of $325 million, up 29% year-over-year.
Fortinet is a global provider of network security appliances and solutions. In Q1/2018, Fortinet reported $417 million in revenue and $534 million in billings. Some key highlights:
- Fortinet has over 340,000 customers and 5,000+ employees worldwide.
- The FortiGate 6000 Series is Fortinet's new high-performance network security gateway appliance capable of over 1 Tbps throughput.
- Fortinet solutions are powered by its purpose-built security processors and FortiOS operating system. This provides significantly higher performance than CPU-based competitors.
- Fortinet continues to focus on growing its security fabric which now includes solutions for network security, cloud security, IoT/OT security,
The Fortinet Security Ecosystem provides a suite of products that address challenges in four key pillars of network security: securing access, securing applications, accelerating performance, and ensuring business continuity. The ecosystem is designed to help businesses maintain lower operational costs, reduce the need for specialized security staff, combine security technologies and intelligence, better detect and react to threats, and ensure critical applications and network connectivity remain secure. When Fortinet products like FortiGate, FortiSandbox, FortiDDoS, FortiADC and FortiMail are combined in the ecosystem, they provide a more effective and lower cost way to protect against known and new threats compared to individual products.
Neotel is South Africa’s first converged telecommunications network operator, providing business, wholesale, and consumer voice and data services. Cisco Smart Net Total CareTM provides Neotel with proactive support to optimise and secure the network, solving problems faster, improving operational efficiency, and reducing the risk of downtime.“Smart Net Total Care has proactively supported, optimised, and secured our network performance, allowing us to pay more attention to the running of our business.”
— Chala Rao, Chief Network Officer, Neotel
Fortinet is a global leader in network security that provides network security appliances and security subscription services. Their mission is to deliver the most innovative and highest performing network security platform to secure and simplify IT infrastructure. The document then lists and describes various types of cyber crimes and Fortinet services and solutions for enterprises, small businesses, service providers, and industries like critical infrastructure. It concludes by thanking the reader and providing contact information.
Learn what makes SCADAguardian (the Nozomi Networks flagship technology) so unique and powerful. From enterprise IT, to OT, we enable scalable security strategies for ICS.
Fortinet is a global security company founded in 2000 with over 1,300 employees and 5,000 channel partners serving over 100,000 customers worldwide. Their flagship product, FortiGate, is an integrated security appliance that provides firewall, VPN, intrusion prevention, antivirus, web filtering and other network security functions in a single device. FortiGate appliances leverage Fortinet's proprietary ASICs and FortiOS operating system to deliver high performance security with lower total cost of ownership compared to standalone point solutions. Fortinet has experienced strong growth with 2010 revenue of $325 million, up 29% year-over-year.
Fortinet is a global provider of network security appliances and solutions. In Q1/2018, Fortinet reported $417 million in revenue and $534 million in billings. Some key highlights:
- Fortinet has over 340,000 customers and 5,000+ employees worldwide.
- The FortiGate 6000 Series is Fortinet's new high-performance network security gateway appliance capable of over 1 Tbps throughput.
- Fortinet solutions are powered by its purpose-built security processors and FortiOS operating system. This provides significantly higher performance than CPU-based competitors.
- Fortinet continues to focus on growing its security fabric which now includes solutions for network security, cloud security, IoT/OT security,
The Fortinet Security Ecosystem provides a suite of products that address challenges in four key pillars of network security: securing access, securing applications, accelerating performance, and ensuring business continuity. The ecosystem is designed to help businesses maintain lower operational costs, reduce the need for specialized security staff, combine security technologies and intelligence, better detect and react to threats, and ensure critical applications and network connectivity remain secure. When Fortinet products like FortiGate, FortiSandbox, FortiDDoS, FortiADC and FortiMail are combined in the ecosystem, they provide a more effective and lower cost way to protect against known and new threats compared to individual products.
Neotel is South Africa’s first converged telecommunications network operator, providing business, wholesale, and consumer voice and data services. Cisco Smart Net Total CareTM provides Neotel with proactive support to optimise and secure the network, solving problems faster, improving operational efficiency, and reducing the risk of downtime.“Smart Net Total Care has proactively supported, optimised, and secured our network performance, allowing us to pay more attention to the running of our business.”
— Chala Rao, Chief Network Officer, Neotel
Fortinet is a global leader in network security that provides network security appliances and security subscription services. Their mission is to deliver the most innovative and highest performing network security platform to secure and simplify IT infrastructure. The document then lists and describes various types of cyber crimes and Fortinet services and solutions for enterprises, small businesses, service providers, and industries like critical infrastructure. It concludes by thanking the reader and providing contact information.
Learn what makes SCADAguardian (the Nozomi Networks flagship technology) so unique and powerful. From enterprise IT, to OT, we enable scalable security strategies for ICS.
The document discusses the security challenges of modern datacenters and hybrid cloud environments. It introduces Check Point's vSEC solution which includes the vSEC Gateway to prevent lateral threats between applications and the vSEC Controller to automate security through unified management. This provides advanced security that can stay ahead of threats in dynamic virtual, physical and public cloud environments.
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)TI Safe
This document summarizes Darktrace's artificial intelligence and machine learning-based cybersecurity technology called the "Industrial Immune System". The system passively learns what normal activity looks like on networks in real time for each device and user without any configuration. It then detects threats and anomalies to identify both insider and external hackers across operational technology, information technology, and internet of things networks and devices. Darktrace offers proof of value trials where their appliance is deployed for 4 weeks to analyze threats and provide weekly customized reports without any custom models or configuration required.
This document discusses how Integra, a provider of networking and communications solutions, built a security operations center (SOC) in 8 months using Splunk software to address various security challenges. It summarizes key steps taken such as redirecting all logs to the SIEM, hiring staff, and defining incident response policies. It also provides examples of how Splunk helped with use cases like detecting brute force attacks, web application security issues, and malware detection by correlating and analyzing machine data across the organization. The document emphasizes engaging the business, having a balanced security program, and removing limits of outsourced security operations.
This document discusses how Integra, a provider of networking and communications solutions, built a security operations center (SOC) in 8 months using Splunk software to address various security challenges. It faced a wide range of security requirements and cultural challenges around security priorities. Integra insourced its SOC to improve visibility, control, and change the culture. Using Splunk, it was able to break down data silos, rapidly detect security incidents like brute force attacks and web application vulnerabilities, and correlate logs across systems to discover compromised devices and malware. Splunk helped Integra create an effective analytics-driven security program.
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...CSA Argentina
Dell provides comprehensive cloud client computing solutions including thin/zero clients, tablets, and cloud desktops/laptops running virtualized operating systems and applications in a cloud datacenter. This allows businesses to empower their mobile workforce, optimize IT resources, improve security, and reduce costs. Dell's solutions are tailored for businesses' needs and provide validated architectures and engineered appliances to easily deploy cloud client computing.
This document provides instructions for setting up an intrusion detection system (IDS) in a home network. It explains that an IDS monitors network traffic to detect malicious activity and policy violations. It recommends using open-source tools like Security Onion and SELKS to set up the IDS. The document outlines installing the software, duplicating network traffic to the IDS, tuning the IDS to ignore false alarms, and provides sample enhanced network architectures and dashboards.
This document provides an overview of information security management systems (ISMS) and the family of ISO/IEC 27000 standards related to ISMS. It defines key terms and describes the basic components of an ISMS, including identifying security requirements, assessing risks, selecting controls, and monitoring/improving the system. The standards provide requirements, guidelines, and sector-specific implementation guidance for establishing, operating, and improving an ISMS to manage information security risks.
The document appears to be a sales presentation from Check Point Software Technologies promoting their new "Infinity Total Protection" product. The summary includes:
1) Check Point is introducing a new consolidated cyber security architecture and all-inclusive consumption model called "Infinity Total Protection" that provides threat prevention across networks, cloud, and mobile from a single vendor.
2) Infinity Total Protection offers simplified per-user pricing and promises to adapt to customers' business needs with a focus on threat prevention and consolidated management.
3) The presentation outlines the various security components that would be included with Infinity Total Protection, such as network security, cloud security, endpoint security, mobile security, and security management products.
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
What is an IDS? What is required for a successful implementation and utilisation? IDS can also be used for penetration testing activities, not just for defence purposes. See how!
This was presented as part of the FIRST Technical Colloquium 2017 Conference in Mauritius on the 30th of November 2017.
Feel free to contact us for more information.
If you are reusing some of the slides or their content, can you please reference our website as the source: https://www.elysiumsecurity.com
Andrew Ginter, Waterfall's VP Industrial Security speaks to three networks at the DHS ICSJWG 2019 event in Springfield, MA. Secure sites, however, generally do not use three security standards - two are unavoidable and three is two too many.
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
The document discusses the evolving role of the Chief Information Security Officer (CISO) in light of digital transformation trends like cloud computing, the Internet of Things, and mobile technology. It notes that CISOs now need to take a more strategic role focusing on skills development, adaptive security architectures, and extending security to new digital business models. The use of managed security services is also positioned as an opportunity for CISOs to help address skills shortages and the increasing complexity of securing modern IT infrastructures.
Check Point provides cybersecurity solutions that offer robust security and efficient management. Their solutions are differentiated by their efficient security management capabilities, innovative threat prevention technologies, proven record of security excellence through third-party recommendations, and extreme urgency in addressing vulnerabilities.
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
This document discusses Cisco's journey to intent-based networking with Meraki. It outlines Cisco's vision of a network that is constantly learning, adapting and protecting based on business policy and segmentation. The network would utilize everything as a sensor with telemetry and machine learning/AI to enable features like predictive self-healing. The document highlights Cisco's current focus on scaling the network through the cloud, expanding visibility and assurance through tools like DNA Center and Meraki Insight, and enhancing operational efficiency through wireless health monitoring and business intelligence tools. It also provides demos of these capabilities and discusses the importance of API's and programmability for enabling native Cisco integrations, third-party integrations relevant to lines of business, and multi-
The document discusses Fortinet's security fabric, which provides a comprehensive network security solution through a unified platform. It summarizes the key components of the security fabric, including next-generation firewalls, switches, virtual firewalls, endpoint security, cloud security, advanced threat protection, and management solutions. It also outlines how the security fabric delivers broad, powerful and automated protection through its integration of these components and intelligence-driven capabilities.
Physical security and IT security: at Expo Milan
2015 the protection of people, resources, data
and devices was a key factor in the success of the
event. From video surveillance to the prevention
of cyber attacks, Cisco’s IP network, the pervasive
multilevel security and a task force dedicated to
monitoring the entire infrastructure allowed the
organizers to concentrate on operational tasks
knowing that the event was in safe hands.
ICC's security philosophy is based on creating multiple layers of security to make hacking financially unwise. This includes edge devices with built-in firewalls and intrusion detection, controller-based aggregation layers with authentication, encryption, and advanced routing options, and broadband connectivity using military-grade encryption. The solution helps customers maintain PCI compliance by providing wireless scanning, rogue access point detection and mitigation, wireless usage enforcement, and network segmentation.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
- The document presents an ICS cybersecurity training program created by TI Safe to educate professionals on identifying risks in industrial networks and recommending countermeasures according to international security standards.
- The 20-hour course aims to train students to design and deploy a Cyber Security Management System for critical infrastructure automation networks. It covers topics such as ICS architectures, risks and attacks, and provides demonstrations on industrial network simulators.
- Supporting materials include apostilles in Portuguese and English that are constantly updated based on technical references from leading books and companies in the ICS security field. Practical classes complement the theoretical concepts taught.
Conference Security by Design - Gemalto - Security in IoTWitekio
For those who didn't come to our conference "Security by Design : An IoT must have", or those who want to see it again, here is the presentation made by Gemalto.
Enterprise-Grade Trust: Collaboration Without CompromiseRobb Boyd
In today’s agile work environment, customers need to collaborate in real time with partners, vendors, and customers, and they want the best collaboration tools possible. At the same time, they’re cognisant of potential accidental or intentional misuse of data and malicious attacks – and the ramifications they can have for their company’s finances and reputation.
Cisco provides best-in-class collaboration tools with true end-to-end encryption that enable secure cross-company collaboration. Find out more about the six considerations for collaboration security and the new Cisco Webex Extended Security Pack – which provides a full-functionality Cisco Cloudlock cloud access security broker for Webex Teams with native Webex anti-malware capabilities powered by Cisco Talos ClamAV.
Resources:
TechWiseTV: http://cs.co/9009DzrjN
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
As a novel computing platform in network, IoT will bring many security challenges to enterprise networks, and create new opportunities for security industry. This talk will provide a general overview of enterprise network security problems, especially the data security, caused by IoT. After that, a few existing security technologies are evaluated as necessary elements of a holistic network security that cover IoT devices. These technologies include : (a) IoT security monitoring and control; (b) FOTA for firmware vulnerability management; (c) NetFlow based big data security analysis. In the end, the practice of standard security protocols (such as OpenIoC and IODEF) will be strongly advocated for delivering effective IoT security solutions.
The document discusses various topics related to digital security presented at different events, including a keynote on issues with encryption for IoT devices, a panel discussion on authentication technology at the BankTech Asia conference, and presentations on blockchain, IoT, and quantum attacks at the PrimeKey PKI Tech Days. It also describes a solution implemented by SecureMetric using multi-factor authentication with RADIUS and one-time passwords to securely access the SWIFT application.
The document discusses the security challenges of modern datacenters and hybrid cloud environments. It introduces Check Point's vSEC solution which includes the vSEC Gateway to prevent lateral threats between applications and the vSEC Controller to automate security through unified management. This provides advanced security that can stay ahead of threats in dynamic virtual, physical and public cloud environments.
CLASS 2018 - Palestra de Mariana Pereira (Diretora – Darktrace)TI Safe
This document summarizes Darktrace's artificial intelligence and machine learning-based cybersecurity technology called the "Industrial Immune System". The system passively learns what normal activity looks like on networks in real time for each device and user without any configuration. It then detects threats and anomalies to identify both insider and external hackers across operational technology, information technology, and internet of things networks and devices. Darktrace offers proof of value trials where their appliance is deployed for 4 weeks to analyze threats and provide weekly customized reports without any custom models or configuration required.
This document discusses how Integra, a provider of networking and communications solutions, built a security operations center (SOC) in 8 months using Splunk software to address various security challenges. It summarizes key steps taken such as redirecting all logs to the SIEM, hiring staff, and defining incident response policies. It also provides examples of how Splunk helped with use cases like detecting brute force attacks, web application security issues, and malware detection by correlating and analyzing machine data across the organization. The document emphasizes engaging the business, having a balanced security program, and removing limits of outsourced security operations.
This document discusses how Integra, a provider of networking and communications solutions, built a security operations center (SOC) in 8 months using Splunk software to address various security challenges. It faced a wide range of security requirements and cultural challenges around security priorities. Integra insourced its SOC to improve visibility, control, and change the culture. Using Splunk, it was able to break down data silos, rapidly detect security incidents like brute force attacks and web application vulnerabilities, and correlate logs across systems to discover compromised devices and malware. Splunk helped Integra create an effective analytics-driven security program.
Csa summit cualquier aplicación, desde cualquier dispositivo, en cualquier ...CSA Argentina
Dell provides comprehensive cloud client computing solutions including thin/zero clients, tablets, and cloud desktops/laptops running virtualized operating systems and applications in a cloud datacenter. This allows businesses to empower their mobile workforce, optimize IT resources, improve security, and reduce costs. Dell's solutions are tailored for businesses' needs and provide validated architectures and engineered appliances to easily deploy cloud client computing.
This document provides instructions for setting up an intrusion detection system (IDS) in a home network. It explains that an IDS monitors network traffic to detect malicious activity and policy violations. It recommends using open-source tools like Security Onion and SELKS to set up the IDS. The document outlines installing the software, duplicating network traffic to the IDS, tuning the IDS to ignore false alarms, and provides sample enhanced network architectures and dashboards.
This document provides an overview of information security management systems (ISMS) and the family of ISO/IEC 27000 standards related to ISMS. It defines key terms and describes the basic components of an ISMS, including identifying security requirements, assessing risks, selecting controls, and monitoring/improving the system. The standards provide requirements, guidelines, and sector-specific implementation guidance for establishing, operating, and improving an ISMS to manage information security risks.
The document appears to be a sales presentation from Check Point Software Technologies promoting their new "Infinity Total Protection" product. The summary includes:
1) Check Point is introducing a new consolidated cyber security architecture and all-inclusive consumption model called "Infinity Total Protection" that provides threat prevention across networks, cloud, and mobile from a single vendor.
2) Infinity Total Protection offers simplified per-user pricing and promises to adapt to customers' business needs with a focus on threat prevention and consolidated management.
3) The presentation outlines the various security components that would be included with Infinity Total Protection, such as network security, cloud security, endpoint security, mobile security, and security management products.
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolSylvain Martinez
What is an IDS? What is required for a successful implementation and utilisation? IDS can also be used for penetration testing activities, not just for defence purposes. See how!
This was presented as part of the FIRST Technical Colloquium 2017 Conference in Mauritius on the 30th of November 2017.
Feel free to contact us for more information.
If you are reusing some of the slides or their content, can you please reference our website as the source: https://www.elysiumsecurity.com
Andrew Ginter, Waterfall's VP Industrial Security speaks to three networks at the DHS ICSJWG 2019 event in Springfield, MA. Secure sites, however, generally do not use three security standards - two are unavoidable and three is two too many.
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
The document discusses the evolving role of the Chief Information Security Officer (CISO) in light of digital transformation trends like cloud computing, the Internet of Things, and mobile technology. It notes that CISOs now need to take a more strategic role focusing on skills development, adaptive security architectures, and extending security to new digital business models. The use of managed security services is also positioned as an opportunity for CISOs to help address skills shortages and the increasing complexity of securing modern IT infrastructures.
Check Point provides cybersecurity solutions that offer robust security and efficient management. Their solutions are differentiated by their efficient security management capabilities, innovative threat prevention technologies, proven record of security excellence through third-party recommendations, and extreme urgency in addressing vulnerabilities.
Cisco Connect 2018 Thailand - Cisco Meraki an innovation journey to a smarter...NetworkCollaborators
This document discusses Cisco's journey to intent-based networking with Meraki. It outlines Cisco's vision of a network that is constantly learning, adapting and protecting based on business policy and segmentation. The network would utilize everything as a sensor with telemetry and machine learning/AI to enable features like predictive self-healing. The document highlights Cisco's current focus on scaling the network through the cloud, expanding visibility and assurance through tools like DNA Center and Meraki Insight, and enhancing operational efficiency through wireless health monitoring and business intelligence tools. It also provides demos of these capabilities and discusses the importance of API's and programmability for enabling native Cisco integrations, third-party integrations relevant to lines of business, and multi-
The document discusses Fortinet's security fabric, which provides a comprehensive network security solution through a unified platform. It summarizes the key components of the security fabric, including next-generation firewalls, switches, virtual firewalls, endpoint security, cloud security, advanced threat protection, and management solutions. It also outlines how the security fabric delivers broad, powerful and automated protection through its integration of these components and intelligence-driven capabilities.
Physical security and IT security: at Expo Milan
2015 the protection of people, resources, data
and devices was a key factor in the success of the
event. From video surveillance to the prevention
of cyber attacks, Cisco’s IP network, the pervasive
multilevel security and a task force dedicated to
monitoring the entire infrastructure allowed the
organizers to concentrate on operational tasks
knowing that the event was in safe hands.
ICC's security philosophy is based on creating multiple layers of security to make hacking financially unwise. This includes edge devices with built-in firewalls and intrusion detection, controller-based aggregation layers with authentication, encryption, and advanced routing options, and broadband connectivity using military-grade encryption. The solution helps customers maintain PCI compliance by providing wireless scanning, rogue access point detection and mitigation, wireless usage enforcement, and network segmentation.
Overview on the state of WIFI security for WEP, WPA/WPA2, WPA3. Looking at their protocols, weaknesses and attacks.
The presentation finishes with a live demo on 2 attacks: Karma Attack and Evil Portal Attack
- The document presents an ICS cybersecurity training program created by TI Safe to educate professionals on identifying risks in industrial networks and recommending countermeasures according to international security standards.
- The 20-hour course aims to train students to design and deploy a Cyber Security Management System for critical infrastructure automation networks. It covers topics such as ICS architectures, risks and attacks, and provides demonstrations on industrial network simulators.
- Supporting materials include apostilles in Portuguese and English that are constantly updated based on technical references from leading books and companies in the ICS security field. Practical classes complement the theoretical concepts taught.
Conference Security by Design - Gemalto - Security in IoTWitekio
For those who didn't come to our conference "Security by Design : An IoT must have", or those who want to see it again, here is the presentation made by Gemalto.
Enterprise-Grade Trust: Collaboration Without CompromiseRobb Boyd
In today’s agile work environment, customers need to collaborate in real time with partners, vendors, and customers, and they want the best collaboration tools possible. At the same time, they’re cognisant of potential accidental or intentional misuse of data and malicious attacks – and the ramifications they can have for their company’s finances and reputation.
Cisco provides best-in-class collaboration tools with true end-to-end encryption that enable secure cross-company collaboration. Find out more about the six considerations for collaboration security and the new Cisco Webex Extended Security Pack – which provides a full-functionality Cisco Cloudlock cloud access security broker for Webex Teams with native Webex anti-malware capabilities powered by Cisco Talos ClamAV.
Resources:
TechWiseTV: http://cs.co/9009DzrjN
IoT Security: Problems, Challenges and SolutionsLiwei Ren任力偉
As a novel computing platform in network, IoT will bring many security challenges to enterprise networks, and create new opportunities for security industry. This talk will provide a general overview of enterprise network security problems, especially the data security, caused by IoT. After that, a few existing security technologies are evaluated as necessary elements of a holistic network security that cover IoT devices. These technologies include : (a) IoT security monitoring and control; (b) FOTA for firmware vulnerability management; (c) NetFlow based big data security analysis. In the end, the practice of standard security protocols (such as OpenIoC and IODEF) will be strongly advocated for delivering effective IoT security solutions.
The document discusses various topics related to digital security presented at different events, including a keynote on issues with encryption for IoT devices, a panel discussion on authentication technology at the BankTech Asia conference, and presentations on blockchain, IoT, and quantum attacks at the PrimeKey PKI Tech Days. It also describes a solution implemented by SecureMetric using multi-factor authentication with RADIUS and one-time passwords to securely access the SWIFT application.
Software security, secure software development in the age of IoT, smart thing...LabSharegroup
How to design secure software products for IoT, embedded application, smart metering, smart lighting, medical application with the help of Common Criteria
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleForgeRock
In this webcast, KuppingerCole´s Principal Analyst Martin Kuppinger will introduce the concept of Identity Management for the Internet of Things. Following Martin's opening talk, ForgeRock´s Gerhard Zehethofer will discuss how ForgeRock is now extending these capabilities into the areas of managed and unmanaged devices, enhancing the customer experience as well as security and privacy at scale for people, services, and things.
Key Findings:
- We are in an industrial revolution… right now!
- User Experience must extend “from the screen to the shop”
- Security considerations continue to increase in scope
- AWS infrastructure and SMART COSMOS platform services are powerful options for realizing Industry 4.0
Medtec - Cyber-security Challenges on the Horizonteam-WIBU
MEDTEC is the largest pure medical design and manufacturing event. The health industry is being deeply transformed by a wave of technological innovation. Machines greatly improve the quality standards of service from surgery rooms to analytical laboratories. Just as humans have their fallibilities, machines show their points of vulnerabilities too. Medical device companies as well as advanced technology providers need to extend their expertise to the security measures they should already implement during the design phase of their projects.
Wibu-Systems’ technology delivers award-winning solutions that protect software from piracy and reverse-engineering, and secure code integrity from tampering while monetizing business to a new level through a highly flexible licensing system.
Block Armour Zero Trust Cybersecurity Mesh for Oil and GasBlockArmour1
For oil and gas companies navigating the complex intersection of IoT, hybrid IT environments, and cybersecurity, Block Armour's Zero Trust Cybersecurity Mesh offers a comprehensive solution. By leveraging the strengths of SDP together with the transparency and immutability of Blockchain, this design ensures robust Zero Trust based security tailored to the industry's critical cybersecurity needs.
Now It Is Easily To Be Maintain The Industrial Machine- Part 2Infyiot Solutions
In today’s fast-growing industrial world, the Internet of Things has emerged as a transformative force. Among its many applications, the Industrial Internet of Things stands out in improving operations and productivity to attain business growth. At the heart of this technological revolution is the IIoT Gateway, a key component that facilitates seamless connectivity by providing real-time data for machine analytics.
kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel
This document contains the slides from a Kaspersky Technical Training presentation on cybersecurity given in June 2016. The presentation covers several topics:
- The changing nature of work, security, and threats as more devices and data move to the cloud.
- New rules for security like avoiding complexity, recognizing borderless attack surfaces, and not slowing networks for security.
- Gartner's 2016 Magic Quadrant ratings which recognized Trend Micro, Intel Security, and Kaspersky Lab as leaders in endpoint protection.
- The rise of ransomware as a growing threat.
- Kaspersky's security solutions including their endpoint protection, virtualization security, threat intelligence, and focus on research to discover
Chanigng industrial Control Systems Conference and Networking Session
CICS Introduction
We are in the throes of witnessing an Industrial Revolution, The Industrial Revolution Who Should Attend 4.0! A revolution that will completely change the way we live, work, and relate to one another. In its scale, scope, and complexity, the transformation will be unlike anything humankind has experienced before and with it will change the Industrial Control Systems (ICS).The boundaries delineating the ICS world from the civil world are denigrating, we are now looking at future where residences will be connected the Power Grids, supplying back rather than receiving energy (Renewable Energy – Reverse Metering), Smart Cities which will enable its residents and allow them to interact with the cities control systems and more.In this exciting times, we have created a unique conference where we will hear from the experts from the industry in ICS Domain, on what new is happening? We will endeavor to build a 360° view on the subject and understand the happenings, the challenges, the innovations that is changing the face of Industrial Control systems.
Attendees
SAMIR K PAWASKAR
Cyber Security Expert - GICSP, CRISC, CISM, CISSP, AMBCI, CICA, ISO 27001 LA, CCNP, MCSE
FARIS ABDULLAH AL-KHARUSI
Head of Business Excellence -Real Time Operations & Smart Fields,Petroleum Development Oman
NILANGSHU DEY
Senior Automation Engineer-Qatar Petroleum, Vice President-ISA(International Society Of Automation)
MALIKE BOUAOUD
Director/Lead, ICT and CS Strategy Research & Development QATAR FOUNDATION
KARMA SAMIR SHERIF
Professor -Management Information Systems College of Business and Economics Qatar University
JAVIER DIÉGUEZ BARRIOCANAL
Director – Basque Cybersecurity Centre
SAMUEL LINARES
Partner - iHacklabs
OMAR SHERIN
Director -Cyber Security Advisory - Africa, India & Middle East (AIM)Ernst & Young
SULTAN SALIM HUMAID AL-YAHYAI
Manager Information Technology
MOHAMMED IKRAMI
Senior Security Engineer, Qatar Aluminum Limited
FADI ADLOUNI
Senior Security Systems engineer, Palo Alto Networks.
GOPI KRISHNA DURBHAKA
Technology Evangelist Senior Member, IEEE fellow of ISECE
The Most Definitive guide to Industrial IoT ImplementationAditya Basu
Industrial IoT has the potential of USD 15.3 trillion to the global economy by 2030 subjected to an improvement of 1-1.5%. Industrial Internet is a revolutionary technology that enhances the Industrial environment with the IoT capabilities. IIoT helps to solve the bottlenecks in the business environment, provides operational efficiency, increases productivity and reduces the complexity of the process.
The main benefit of Industrial IoT is the connected enterprise that enhances the visibility across various departments and benefits with a smooth workflow. According to General Electric CEO, Jeff Immelt, IIoT has twice the market potential than that of the consumer IoT.
In this Guide you will know everything about
a) The Connected Factory! Role of IIoT
b) Evolution of IIoT to Industry 4.0
c) Industrial IoT Ecosystem
d) Value Chain Players today and what you can learn from them
e) How IIoT is Different from IoT
f) Technology Drivers and Adoption
g) Market Indicators and why you should jump the Bandwagon NOW!
h) Market Revenues and Areas of Focus
i) The Digitization Wave
j) Real World Industrial IoT Case Studies Including Solutions & Outcomes
Presentación de la Mesa de debate 14: 'Ciberseguridad en el automóvil Autónomo y Conectado' en el 32º Encuentro de la Economía Digital y las Telecomunicaciones, Santander (3-5 septiembre 2018)
[Webinar] Why Security Certification is Crucial for IoT SuccessElectric Imp
[View the Webinar] - https://electrici.mp/2v1fQlI
Electric Imp CEO, Hugo Fiennes, and UL’s Director of Connected Technologies, Rachna Stegall discuss the unique demands of helping to secure the IoT — and why independent certification is even more critical in the fast-evolving world.
Join us to hear Fiennes & Stegall share candid insights into why establishing an IoT Security Benchmark, such as UL 2900-2-2 Cybersecurity Certification, is critical for due diligence of edge to enterprise technologies — and the future of commercial, industrial and consumer IoT overall.
This document summarizes an event hosted by Lan & Wan Solutions and Fortinet Italy to discuss innovating businesses and network security. The agenda includes presentations on Fortinet's security solutions and a free cyber threat assessment program. It promotes Fortinet's integrated security platform and threat intelligence from FortiGuard Labs. The event also includes a network assessment report and lunch at the Zonin winery.
The document provides an overview of Bitdefender's GravityZone security platform. Some key points:
- GravityZone is an integrated security platform that provides unified prevention, detection, response and risk analytics across endpoints, network, cloud and human assets.
- It features next-generation endpoint protection, extended detection and response (EDR) capabilities, sandboxing, anti-exploit technologies, and risk analytics.
- GravityZone can be deployed via a Bitdefender-hosted cloud control center or an on-premises GravityZone control center virtual appliance.
The document provides an overview of Bitdefender's GravityZone security platform. Some key points:
- GravityZone is an integrated security platform that provides unified prevention, detection, response and risk analytics across endpoints, network, cloud and human users.
- It offers both cloud-hosted and on-premises console delivery options for centralized management.
- The platform brings together next-gen endpoint protection, endpoint detection and response, and risk analytics technologies through a single agent and console.
- Its integrated technologies and services are designed to provide best breach avoidance through detection and response, prevention, risk analytics, and security services.
The document discusses six key steps that companies should take to secure their Internet of Things (IoT) initiatives and businesses. These include: 1) adopting a comprehensive security framework and strategy; 2) conducting a full audit of current and potential security risks within IoT projects; 3) building security into IoT devices and processes early in development; 4) mobilizing the entire workforce to support IoT security; 5) ensuring partners meet rigorous security standards; and 6) rethinking the role of IT to support security across the business in the context of IoT. Taking these steps with executive support is important to manage the security risks that accompany the large opportunities presented by IoT technologies.
Why IIoT Gateway is Critical for Smart Manufacturing?Infyiot Solutions
Smart manufacturing, also known as Industry 4.0, has been transforming the manufacturing industry with the integration of cutting-edge technologies like the Industrial Internet of Things (IIoT), artificial intelligence (AI), and machine learning (ML). IIoT is a network of interconnected devices, sensors, and machines that communicate with each other to improve operational efficiency, productivity, and quality control in manufacturing. However, the integration of IIoT devices into the existing manufacturing infrastructure can be challenging. This is where the IIoT Gateway comes into play.
Ähnlich wie RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust (20)
Slide Webinar - Firma Elettronica: aggiornamenti normativi e casi d’usoTalea Consulting Srl
Le slide trasmesse durante il Webinar del 12 aprile 2022, tenuto insieme a Namirial, con l'obiettivo di illustrare le nostre soluzioni per la gestione delle firme dei DDT e dei contratti da qualsiasi dispositivo.
Le slide trasmesse durante il Webinar del 2 Marzo 2022 in cui abbiamo parlato di fatturazione e conservazione elettronica con particolare focus sul tema dell'affidabilità finanziaria e su come creare report on-demand con Credit Score e Credit Report.
Nuove Linee Guida AgID per la Conservazione Digitale: Che cosa cambia da Genn...Talea Consulting Srl
Le slide trasmesse durante il Webinar del 26 Ottobre 2021, tenuto per approfondire sui nuovi adempimenti normativi e sul Manuale di Conservazione, documento informatico obbligatorio che dovrà essere conservato digitalmente.
La Digital Transformation per il miglioramento continuo nella gestione delle ...Talea Consulting Srl
Le slide trasmesse durante il Webinar del 5 Ottobre 2021, realizzato per presentare le funzioni di OnBase, la piattaforma in grado di gestire in maniera completa e stabile documenti, informazioni, processi e workflow di qualsiasi dipartimento aziendale, e trasversali ad essi.
Slide Webinar La Digital Transformation della tua azienda grazie alle diverse...Talea Consulting Srl
Le slide trasmesse durante il Webinar del 21 Settembre 2021 dal titolo "La Digital Transformation della tua azienda grazie alle diverse tipologie di firma, dalla consegna dei DDT ai Contratti", promosso da Confindustria Romagna.
I contenuti trasmessi durante il Webinar tenuto insieme a SCS Venturini, realizzato per scoprire come la Dichiarazione Doganale Elettronica possa offrire, alle aziende internazionalizzate, vantaggi a ritorno economico immediato.
Slide Webinar 30 aprile 2021 "Digital Transformation a supporto dell’RSPP per...Talea Consulting Srl
I contenuti trasmessi durante il Webinar "Digital Transformation a supporto dell’RSPP per gestire la Sicurezza aziendale: un caso d’uso completo implementato con OnBase – Entreprise Content Management by Hyland" tenuto il 30 Aprile 2021
Slide webinar “Dalla fattura elettronica alla digitalizzazione del Ciclo Pass...Talea Consulting Srl
Le slide trasmesse durante il Webinar del 30 marzo 2021 realizzato con l’obiettivo di approfondire i vantaggi che tante aziende hanno già avuto modo di verificare, ampliando la digitalizzazione della Fatturazione Elettronica, verso l’automatizzazione dei processi del Ciclo Passivo, partendo dalle RDA.
Un caso di successo sulla dematerializzazione a 360° di un'azienda leader nazionale e internazionale nella costruzione di macchine speciali personalizzate ad elevata automazione rivolte al settore bakery, con l'utilizzo dell’applicativo di Information & Process Management ARXivar.
Le slide trasmesse durante webinar del 19 Novembre 2020, organizzato in collaborazione con SCS Venturini, promosso da Unioncamere Lombardia e Camera di Commercio di Mantova, in cui abbiamo approfondito sul tema Dogana 4.0 e su come digitalizzare tutti i documenti e i processi del Fascicolo Doganale.
Slide del Webinar "Dogana 4.0 Next: digitalizzazione delle procedure di impor...Talea Consulting Srl
Le slide proiettate durante il webinar del 9 Ottobre 2020, organizzato in collaborazione con SCS Venturini, in cui abbiamo approfondito sul tema Dogana 4.0 e su come digitalizzare tutti i documenti e i processi del Fascicolo Doganale.
Le slide trasmesse durante il Webinar del 26 Giugno 2020, organizzato in collaborazione con Colin & Partners e promosso dal programma Sinergie di Confindustria Romagna, con l'obiettivo di fornire una panoramica sull'adeguamento dei flussi per gli utenti interni ed esterni all'azienda, sia in ambito normativo che tecnologico, in ottica dei protocolli di sicurezza COVID-19.
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofsAlex Pruden
This paper presents Reef, a system for generating publicly verifiable succinct non-interactive zero-knowledge proofs that a committed document matches or does not match a regular expression. We describe applications such as proving the strength of passwords, the provenance of email despite redactions, the validity of oblivious DNS queries, and the existence of mutations in DNA. Reef supports the Perl Compatible Regular Expression syntax, including wildcards, alternation, ranges, capture groups, Kleene star, negations, and lookarounds. Reef introduces a new type of automata, Skipping Alternating Finite Automata (SAFA), that skips irrelevant parts of a document when producing proofs without undermining soundness, and instantiates SAFA with a lookup argument. Our experimental evaluation confirms that Reef can generate proofs for documents with 32M characters; the proofs are small and cheap to verify (under a second).
Paper: https://eprint.iacr.org/2023/1886
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Communications Mining Series - Zero to Hero - Session 1
RoundTable: da Industria 4.0 a GDPR #ICTSecurity #ZeroTrust
1. 21/11/19 h15,30
FONTANAFREDDA
FICO BOLOGNA
Agenda:
Ore 16.00 – Introduzione e moderazione
di Gabriele D’Angelo – Researcher & Professor @ Unibo
Parteciperanno alla tavola rotonda:
Valerio Dalla Casa – ICT Security Manager @ VM Sistemi
Giulia Caliari – Security Architect @ IBM
Massimo Lucarelli – Senior Sales Engineer @ Bitdefender
Alessandro Cecchetti – General Manager @ Colin & Partners
Mario Anglani – Founder @ HackInBo
Andrea Biondo – Capitano Nazionale Italiana
Cyber Defender
Ore 18.00 – Chiusura lavori e aperitivo di networking
con la degustazione di prodotti
di qualità del territorio.
RoundTable: da Industria 4.0 a GDPR
#ICTSecurity #ZeroTrust
Il punto della situazione sulla protezione dei dati e della produttività aziendale:
stakeholder dell’ICT Security a confronto.
18. Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
Valerio Dalla Casa
ICT Security Manager
@ VM Sistemi
19. 19
Operational Technology è l’insieme dei sistemi di
monitoraggio e di controllo di processi fisici,
dispositivi ed infrastrutture aziendali.
Che cosa è
l’Operational Technology (OT)?
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
21. 21
l’OT che converge verso l’IT
Prima l’OT…
• Era Disconnesso dall’IT
• Utilizzava protocolli proprietari
• Utilizzava sistemi di cablaggio
proprietari
• Utilizzava HW e SW proprietari
• Erano solitamente sistemi dimenticati
Ora l’OT…
• È Incorporato nel network aziendale
• Utilizza protocolli Internet
• È in crescita l’utilizzo di tecnologia
wireless standard
• È in crescita l’utilizzo di HW general
purpose e sistemi operativi
molto diffusi
• È Un crescente target del cybercrime
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
22. 22
La differenza tra l’IT e OT
Requisiti Real-Time
Disponibilità
Ciclo di vita dei dispositivi
Aggiornamenti
Maturo
Ritardi accettati
Ritardi accettati
Regolari e schedulati
4/5 anni
Schedulati e mandatori
Molto Alta
Aspetto necessario e critico
Oltre 20 anni
Poco frequente
Occasionali
In crescita
Test sicurezza/audit
Sicurezza
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
24. L’approccio Fortinet alla Sicurezza OT
24
Enterprise Zone
DMZ
Operation & Control
Control Zone
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
26. Gestione Access Point integrata
all’interno della dashboard del firewall
26
• SSID Singola
• Multiple PSK (MPSK)
• Segmentazione rete per device
• Vlan policy o device policy
• Autenticazione Radius
• Autenticazione MAC
• Dynamic Vlan allocation
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
27. Fortiguard Industial DB
27
IPS e
Application
control su
protocolli
industriali
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
28. Use Case – Necessità:
28
IT
CDL 1 Network CDL 2 Network
1) Integrazione OT con IT per
elaborazioni dati, monitoraggio,
manutenzione ecc..
2) Messa in sicurezza centri
di lavoro
3) Livelli di sicurezza maggiori per
centri di lavoro specifici
4) Unico SSID per il mondo OT
5) Gestione automatica
degli incidenti di sicurezza
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
29. 29
1) Collegamento al mondo IT tramite FW
dedicato alla gestione dell’infrastruttura OT
2) Separazione network centri di lavoro tramite
VLAN gestite centralmente da OT FW
3) Separazione singoli device all’interno del
CDL1 tramite policy di device isolation
gestite da OT FW
4) Unico SSID per l’ OT ed autenticazione
tramite MAC address gestita dal NAC.
5) FortiAnalyzer con IoC
e integrazione con la Fabric
Fortinet per isolamento
device compromessi
OT FW
FortiNAC FortiAnalyzer
Security Fabric
CDL 2 Network
Device isolation con Intraswitch policy
CDL 1 Network
IT
Soluzioni
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
30. 30
Automazione della messa in quarantena di device che presentano
Anomalie o tracce di comportamenti malevoli
OT FWFortiNAC FortiAnalyzer
CDL 1 Network
OT FWFortiNAC FortiAnalyzer
CDL 1 Network
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
31. Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
Giulia Caliari
Security Architect
@ IBM
42. Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
Massimo Lucarelli
Senior Sales Engineer
@ Bitdefender
43. Non è possibile visualizzare l'immagine.
A GLOBAL SECURITY-TECHNOLOGY CO.
Founded in 2001
1,600+ employees …
800 in R&D /
engineering
Enterprise HQ in Silicon
Valley (Santa Clara,
California)
Enterprise business
growing 92%+ year-
over-year
Operates world’s largest
security-delivery
infrastructure
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
44. Estimated 38% of global cyber security solutions use Bitdefender software in some form.
500 Million
Endpoints Protected
150 Countries
WORLD’S LARGEST SECURITY-DELIVERY INFRASTRUCTURE
More than 150 OEM partnerships
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
45. BITDEFENDER
GRAVITYZONE
Single Agent
Single Console
All Endpoints
END-USER DEVICES
DATACENTER & CLOUD
Public, Private &
Hybrid Cloud
Software-Defined &
Hyperconverged
Infrastructure
Servers
(physical)
Virtual Desktops
(VDI / DaaS)
Mobile
Laptops &
Workstations
(physical)
AN INTEGRATED ENTERPRISE-SECURITY PLATFORM
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
46. Single
Modular
Agent
INTEGRATED LAYERED NEXT-GEN EPP AND EDR PLATFORM
Next-Gen EPP
EDR
Sandbox
Patch
Management
ERA
Full-Disk
Encryption
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
47. 47
GravityZone
Prevention, Detection, Response and Risk Analytics
REPORTING AND INTEGRATION
DETECTION AND RESPONSE
PREVENTION
RISK ANALYTICS and
HARDENING Encryption Web Threat Protection Application Control Device ControlPatch Management
Endpoint Risk
Analytics
Powershell Script Protection Local & Cloud Machine Learning HyperDetect Sandbox Analyzer Firewall
Machine
Learning
Dashboards & Reports Notifications SIEM Integration API Support
IoC Lookup Blocklist Network Isolation Sandbox Detonation Visualization
Access Blocking Quarantine Disinfection & RemovalProcess Termination Rollback
Exploit Mitigation Process Inspector Event Recorder Threat Analytics
Managed EDR and MDR
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
48. HYPERDETECT – TUNABLE MACHINE LEARNING
Protects from:
• Ransomware
• Exploits
• Fileless attacks
• Script-based attacks
Provides maximum
detection accuracy
without false positives
Delivers full visibility
into suspicious
activities
Set the detection-aggressiveness level…
…to counter relevant threats
Gain full visibility and enable automatic action
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
49. Advanced detection and
response shows precisely
how a potential threat
works and its context in
your environment.
MITRE attack techniques
and indicators of
compromise provide up to
the minute insight into
named threats and other
malware that may be
involved.
Easy to understand visual
guides highlight critical
attack paths, easing
burdens on IT staff.
EDR workflow and visualization
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
50. SANDBOX ANALYZER
Uses machine learning and behavioral
analysis to assess suspicious files
Runs in blocking or monitoring mode
Provides a verdict in near-real-time
and takes policy-based remediation
action
Delivers in-depth reporting on malware
behavior
Protects against:
• Advanced targeted
attacks
• Custom malware
• Unknown packers
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
51. GravityZone Endpoint Risk Analytics
Enterprise-Wide Risk Dashboard
View prioritized risks across the
Enterprise (1240 Disabled Firewalls)
See the highest priority
endpoints by Risk Score
View Risks by endpoint
and automatically fix
specific misconfigurations
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
52. Helps improve security posture by expediently
discovering and eliminating vulnerabilities
Provides the widest range of security- and non-
security patches for operating systems, third-
party applications and golden images
Covers Windows-based physical, virtual on-
prem and cloud-based endpoints and servers
Is deployed and managed from the GravityZone
console and integrated into its agent
INTEGRATED PATCH MANAGEMENT
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
53. Full-disk encryption
Leverages native Windows BitLocker and Mac OS FileVault
encryption to ensure compatibility and performance
Is fully integrated into the GravityZone Control Center for
centralized deployment, management and key recovery
Requires no additional agent to deploy or key management
server to install
Delivers encryption-specific reports to help prove compliance
Supports pre-boot authentication enforcement
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
54. GRAVITYZONE SECURITY FOR HYBRID & MULTI-CLOUD ENVIRONMENTS
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
55. • SEE WHAT OTHERS CAN’T
WITH LIVE HYPERVISOR
MEMORY INTROSPECTION
Protection against advanced persistent threats
Isolated and impossible to compromise
Truly agentless
No impact on consolidation ratios
Deploys in minutes
Supports any EPP
BITDEFENDER HYPERVISOR INTROSPECTION
A REVOLUTION IN DATACENTER SECURITY
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
56. Global Protective Network Threat Intelligence System
Bitdefender Cyberlabs and the Global Protective Network
• 77M+ malicious URLs
• 1PB+ of known files
• 3M+ threat samples
processed/day
Classification and Analysis Transforms data
in into Technical Threat Intelligence (IOCs).
Use AI/ML models, Event Correlation,
automated IOC creation tools
Global
Protective
Network
Telemetry from 500M
Bitdefender Customers
Honeypot Infrastructure
Dark Web monitoring
Web crawlers
Customer submissions
IoT focused Honeypots
Blogs, News, Social Media
monitoring
SPAM feeds
Telemetry from 500M
Bitdefender Customers
Honeypot Infrastructure
Dark Web monitoring
Web crawlers
Customer submissions
IoT focused Honeypots
Blogs, News, Social Media
monitoring
SPAM feeds
Classification and Analysis Transforms data
in into Technical Threat Intelligence (IOCs).
Use AI/ML models, Event Correlation,
automated IOC creation tools
Data
Clustering
Machine
Learning engines
used to group by
feature
Advanced
Sandboxing
Records
complete
malware
behavior
Object features
extraction
Extract over
80,000 features
and behaviors
Network
Threat
Inspection
Stream based
machine
learning engine
Object
Reputation
Billions of known
file hashes used
for whitelisting
Event
Correlation,
IOC Creation
Identify
malicious
content across
multiple engines
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
68. Team Italy & mhackeroni
Andrea Biondo
2019-11-21
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
69. About me
● MSc student in CS @ UniPd
● Security researcher (academia / industry)
○ Memory corruption (esp. browsers)
○ Reverse engineering / code analysis
○ Exploit mitigations
● Capture The Flag player
○ 4 years with spritzers/NoPwnIntended
○ 2 years with mhackeroni
○ 2 years with Team Italy
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
70. What are CTFs?
● Set of vulnerable challenges in various categories
○ Binary, web, cryptography, forensics, reversing, …
● Each challenge holds a flag
○ FLAG{this_is_a_flag}
● Hack the challenge to get the flag
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
72. Styles of CTFs
● Jeopardy
○ Hack the challenge, get the flag
● Attack/defense
○ Each team hosts a server with the same vulnerable services
○ Teams attack and defend against each other
○ Flags change every “tick” (few minutes)
○ Points for availability (“SLA”)
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
74. mhackeroni
● Born in 2018 for competing at DEF CON CTF
○ Most prestigious A/D hacking competition in the world
● Coalition of some of the best italian teams
○ ~50 persons
= + + + +
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
77. DEF CON CTF 2018, Las Vegas
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
78. DEF CON CTF 2019, Las Vegas
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
79. HITB PRO CTF 2019, Abu Dhabi
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
80. Team Italy
● “Nazionale Italiana Cyberdefender”
○ 10 persons
○ Some also from mhackeroni
● Supported by the government
● Selected (partially) from CyberChallenge.IT
○ Intensive 3-month cybersecurity training for high-school/university students
● One competition: European Cybersecurity Challenge (ECSC)
○ Each participating European country sends a team
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust
86. Why?
● A lot of fun, but also a great way of learning
○ We are integrating CTFs in university education
○ Some tech companies (e.g., Google, Facebook) do it too
● Compared to the real world:
○ Less attack surface and exploit polishing
○ Complex, state-of-the-art vulnerabilities and exploitation techniques
https://ctftime.org/
Da Industria 4.0 a GDPR – RoundTable - #ICTSecurity #ZeroTrust