Date: 31 May 2018. #bigcyber18
Quick programme listing: Programme.
The world is moving towards Big Data, with Cyber Security and the tracking of network events, one of its leading applications. Threats to organisations increase by the day, and many have responded by moving towards the integration of SIEM (Secure Incident and Event Management) and Threat Analysis tools in order to detect malicious activity.
This conference brings together industry, academia and law enforcement to share insights, ideas, expertise and resources in responding to current security challenges, and in particular to look at the opportunities and challenges in managing and using big data in a cyber security context.
The conference is hosted by The Cyber Academy, with the principal sponsor of SBL (Software Box Limited) and in collaboration with SICSA Cyber NEXUS. We will investigate best practice in industry and look to future Big Data infrastructures for the benefit of organisations in monitoring security events, and in automated generation of audit information and business analytics.
Within the conference there will also be a research track [here], where research papers will be presented. The best papers submitted will be published within the Journal of Cyber Security Technology.
Further supporters and sponsors include ECS (Edinburgh), a company that has been a collaborator and partner for many years now. The application of SIEM is now being applied in many areas including security monitoring, incident response and Cyber Crime investigation. The event aims to showcase best practice in industry and in network investigations.
We will be transmitted live from three venues including:
- Riady - Link.
- Lindsay Stewart (Live with the Canadian Institute for Cybersecurity from 15:00-16:45) - Link.
The final registration page is now open. Please click here to book your place.
The areas covered include:
- insights into current high profile security incidents, their impact, and how they are reported.
- impact of GDPR.
- key threats and risks associated with losing business critical data.
- leading tools, techniques and insights in network threat analysis, detection and investigation.
- best practice in implementing SIEM strategy.
- developing and testing effective incident response.
- evolution of the Security Operations Centre (SOC) and its emerging future requirements.
- the need for skills, knowledge and awareness across an organisation.
- latest research and innovation around threat discovery, machine learning, and data analysis.
We are finalising our programme, but here is the draft programme:
|Riady Theatre (400)
|Lindsay Stewart Theatre (200)
|PCiCS-2018 (TBC) & CSDF-2018 (3/03)
|Welcome and Opening Address.
|IoT: Safety and Security of Human Digital Memories, Prof Madjid Merabti
|Mark Baker and Adam Brady, LogRhythm
|Threat hunting in the O365 ecosystem, David Stubley, 7Elements
|How Big Data helps Trend Micro make the World a Safer Place to Exchange Digital Information, Simon Edwards, Trend Micro
|Andy Shepherd, Symantec, SSL/TLS and why it keeps your Lake empty
|11.00-11.30: Coffee (Foyer)
|The 3rd Evolution of Cyber Security, Simon Crocker, Palo Alto
|Cracking Light-weight cryptography with Side Channels, Keysight/ENU
|Poster Competition (PCiCS-2018) Judges: Dr Zeeshan Pervez UWS and Dr Xavier Bellekens Abertay University (Room: TBC)
|Using DevOps Practices to Implement a Full Route-to-Live for SIEM Platforms, Harry McClaren, ECS
|Enterprise Killers, Eammon Keanne and Miguel Merayo, Police Scotland
|Poster Competition (PCiCS-2018) Judges: Dr Zeeshan Pervez UWS and Dr Xavier Bellekens Abertay University (Room: TBC)
|12:30-13.30: Lunch (Chapel and Rivers Suite)
|AI and Security: Threats and opportunities, Dr Jamie Graves, Zonefox
|Sharing Identities, Mark Sadler, Verisec
|Adversarial Learning Framework for Network Intrusion Detection: Dr Chunbo Luo, University of Exeter
|AI and Cyber Security, Mark Menzies, Check Point
|Big Data at Secureworks, Lewis McLean, Secureworks
|A Supervised Energy Monitoring-based Machine Learning Approach for Anomaly Detection in a Clean Water Supply System: Andres Robles, ENU
|How to Keep Your Endpoints Safe from Cybercrime, David White, Director of Engineering for EMEA at Carbon Black
|Finding Nemo: Adventures in Big Security Data, Federico Charosky, Quorum Cyber
|Big Drive Forensics: Faster Processing Using Reduced File Representations: Sean Mckeown, ENU
|14.45-15.00 Coffee (Foyer)
15:00 - 15:10 Introduction: Canadian Institute for Cybersecurity
Rosheen Awotar-Mauree, ITU - The International Telecommunications Union (Remote presentation from Geneva, Switzerland)
|15:10-16:00 Canada Live: Cyber Security Data Repository. Assist. Prof. Arash Habibi Lashkari, CIC
|Cyberbullying Detection - A State of the Art: Lulwah Alharigy, ENU & King Abdulaziz University
|Beyond The Network; Beyond The Human: Welcome (Back) To The Intergalactic Computer Network, Prof Colin Williams, SBL
|16:00-16:45 Canada Live: MotionSpy-vibration energy harvesting sensor can track train passengers using machine learning techniques. Dr. Marzieh Jalal Abadi, CIC
|Defeating Self-Mutating Malware: The Application of Evolutionary Machine Learning for Metamorphic Malware Analysis and Detection: Kehinde Babaagba; ENU
|Efrene G.Sakilayan, FBI
|Secure Threshold-Cloud Disaster Management: Elochukwu Ukwandu, ENU
|Machine Learning and AI for Cyber Security, Prof Bill Buchanan, ENU
|Security Analysis of Contiki IoT OS: Budi Arief, University of Kent
|Dave Lewis, Global Security Advocate, Akamai Technologies
|16:45 - 17:15 Canada Live: Handover to Montreal Cyber Revolution Live Stream.
Find out more about our international speakers. Click here to see their bios.
Beyond The Network; Beyond The Human: Welcome (Back) To The Intergalactic Computer Network, Prof Colin Williams
The phenomenon we call big data is in fact a systemic manifestation of a social and a societal imperative. It is both a symptom of and cure for the existential reliance we and our societies have on information. As our societies become more sophisticated, so too the information they generate amplifies exponentially in scale, scope, complexity and velocity. This is at once inevitable, essential and desirable. This talk signposts a way in which we might reimagine the human relationships to the big data of our big societies through the lens of Cybernetics.
Using DevOps Practices to Implement a Full Route-to-Live for SIEM Platforms, Harry McClaren
Many organisations have invested millions in building security operations teams, deploying powerful monitoring and reporting tools and then asking for continual improvement in the form of tuning, threat hunting and developing new threat models. However, within large enterprises, these types of changes either represent a risk of making changes to a live production platform or take weeks or months to go through the development and release process or route-to-live. This session outlines some DevOps principals and associate framework for enforcing change management, but still supporting rapid changes to code and configuration.
IoT: Safety and Security of Human Digital Memories, Professor Madjid Merabti
Pervasive wireless communication systems have transformed human communication over the last twenty years. The exponential growth and availability of portable devices from computers to mobile phones is heralding a noticeable change in human interaction. This can be seen daily in the behaviour exhibited by many young people, perhaps, resulting in a new generation that are always connected but never physically there. Another feature of this 21st Century communications technology centric human behaviour is the drive to capture the moment and then share it with the world in a byte by byte as in TWITTER mode or in its entirety through the likes of YouTube or Facebook.
The commonly heralded development of the Internet of Things (IoT) and Internet of Anything (IoA) will enable all manner of devices on the individual, such as wearable devices, in the home and the car and beyond to communicate with each other and humans in an integrated cyber-physical world. More importantly, this proliferation of information gathering devices is likely to enable us to move nearer the long hoped for goal of capturing human digital life memories. This talk will explore the great challenge of capturing human digital memories and the impact on safety and security from a highly connected world of the Internet of Things (IoT) and Internet of Anything (IoA).
How to Keep Your Endpoints Safe from Cybercrime
The black market for cybercrime is worth more than $2 trillion, and more than half of companies have been hit with successful attacks. No matter the crime, the threat of punishment historically has not deterred criminals. So what does? You must change the economic equation. If they can’t make money, they don’t do the crime.
During this discussion, David White, Director of Engineering for EMEA at Carbon Black, will share insights on the business of cybercrime and why your endpoint security strategy is essential to ensuring you do not become a victim.
Attend this session to:
- Discover how cybercriminals and nation states are scaling and modernising the cyberattack kill chain;
- Learn about the latest skills needed to stop the newest cybercrime attacks;
- Get insight into the challenges in identifying the differences between cybercrimes and tried-and-true business practices;
- Learn how next-generation endpoint security in the cloud disrupts cybercrime and protects your business.
SSL/TLS and why it keeps your Lake empty, Andy Shepherd, Symantec
How much information or evidence is missing from your big data/dashboards/investigations because your network security stack is being bypassed by SSL/TLS? As SSL/TLS is hitting 60-70% in many networks your <<tool name here>> is unable to block or remediate incidents, but have you realised that it is therefore unable to create the logs either? This presentation recaps the fundamentals of SSL/TLS, covers the main changes with the recent release of TLS1.3, and touches on some tips and challenges of safe and fast decryption.
The 3rd Evolution of Cyber Security, Simon Crocker, Palo Alto
How we consume Cyber Security is changing. Big Data analytics is becoming integral within security products, and how we manage and consume these technologies is becoming critical for security operations. How can we ensure we have high quality data? How can we make this data available for multiple applications? And how can we harness data analytics into our workflows to benefit SecOps.
Cyber Security Data Repository, Dr. Arash Habibi Lashkari, Canadian Institute for Cybersecurity (CIC)
On the one hand, it is an undeniable fact that current information is a pretty significant presence for all companies or organizations. Therefore, protecting its security is crucial and the security models driven by real datasets has become quite important. Also, the urgently growing number of cyber-attacks has caused machine learning and deep learning based technologies as a crucial part in detecting and characterizing cyber- threats which need reliable and realistic datasets. On the other hand, the ongoing change of network behaviours and patterns along with intrusion evolution makes it necessary to move away from static and one-time datasets to dynamically generated data sets. These must not only reflect the abnormal users and intrusions, but also be modifiable, extensible, and reproducible. However, the selection of a suitable dataset is a significant challenge itself since many such cybersecurity datasets are internal and cannot be shared due to privacy issues. Also, most of the available cybersecurity datasets are heavily anonymized and do not reflect the current real world trends. Therefore, having a comprehensive cybersecurity data repository is very essential and vital for all researchers, industry developers and governments.
MotionSpy-vibration energy harvesting sensor can track train passengers using machine learning techniques, Dr. Marzieh Jalal Abadi, Postdoctoral Research Fellow, Canadian Institute for Cybersecurity (CIC)
Today’s mobile devices are equipped with a range of embedded sensors. These sensors can be used to infer contextual information such as location, activity, health, etc. and thus enable a range of applications. Recent research has demonstrated that applications with access to data collected from GPS, accelerometer and even device battery profile can accurately track the location of users as they move about in urban spaces. In recent years, vibration energy harvesting (VEH) has emerged as a viable option for mobile devices to address the inadequacy of current battery technology. VEH harnesses power from human motions and ambient sources and it could be used as a motion sensor. In this talk, we reveal that VEH signal contains rich information and it is possible to precisely identify the passenger’s trip using machine learning techniques. To demonstrate our hypothesis, we collected real-world motion data from 4 distinct train routes in the Sydney metropolitan area. Our data set includes motion data from 36 trips. To exploit the MotionSpy, we achieves accuracy 97.2% for a journey of 7 stations.
Sharing Identities, Mark Sadler, Verisec
We use weak insecure static passwords across many applications. We have 100’s of digital identities. It’s a poor user experience and insecure. Let’s take a look at how the Swedes are tackling these problems.
The areas covered include:
- insights into current high profile security incidents, their impact, and how they are reported
- key threats and risks associated with losing business critical data
- leading tools, techniques and insights in network threat analysis, detection and investigation
- best practice in implementing SIEM strategy
- developing and testing effective incident response
- evolution of the Security Operations Centre (SOC) and its emerging future requirements
- the need for skills, knowledge and awareness across an organisation
Sponsor of the Poster Competition in CyberSecurity (PCiCS-2018): SICSA
Sponsor of the The First International Conference on Cyber Security and Digital Forensics (CSDF-2018): SICSA NEXUS
Satisnet is our partner in the SOCLAB project, providing know-how, training and tools for research in cyber security at Napier.