UNC Charlotte Logo
SESSIONS

The times below have been modified to reflect the most recent schedule.

8:45 - 9:30
McKnight Auditorium
Steve Scott, Keynote
The Challenge with Detecting Silent Exits

In computer programming, when a process ends via exit, all of the memory and resources associated with it are de-allocated so other processes can use them. If resources are not replenished, the application or underlying computer operating system could end up crashing. Modern operating systems have been outfitted with logic that allows a program to be configured to alert when a process silently exits. By leveraging this programming principle, systems and applications will often experience an increase in availability, performance, and resiliency. Today’s advanced threat actors are having record success with gaining access into organization’s networks and systems, and remaining present for months or even years, until their mission is complete. Their exit is usually silent and unnoticed, however what follows can often take down an organization. The financial services industry is currently in a transition period, where security controls and monitoring systems are being re-outfitted to detect and stop situations that could result in “silent exits.” During this keynote, Mr. Steve Scott will discuss recent trends and advancements in how financial services companies are re-engineering their security programs to deal with attackers who have figured out how to extract millions of records from organizations that had previously invested in traditional security controls and skillsets.

9:30 - 10:45
McKnight Auditorium
Portrait of a Targeted Attacker: Who's Behind Today's Most Sophisticated Attacks

The cyber security landscape has seen dramatic changes in recent years with the advent and evolution of new, growing, and ever-present adversaries. As targeted attacks and advanced adversaries continue to evolve and become increasingly sophisticated, it becomes difficult to keep pace and stay protected. Dmitri Alperovitch, CTO and Co-Founder of CrowdStrike, will present ways to identify and prevent damage from targeted attacks using an intelligence-driven security approach. Enterprises need to proactively defend against and effectively respond to cyber incidents by using intelligence - to reveal not only where the adversary is today, but where they have been and what their objectives will be tomorrow. This approach requires a security strategy that is business aligned, threat based, and intelligence driven. This dynamic session will dive into a recent case study and reveal ways that nation-state adversaries are conducting malware-free intrusions. Dmitri will walk-through a scenario and demonstrate how to combat security threats that elude current defenses.

11:00 - 11:35
McKnight Auditorium
Creating an Effective Software Security Program

Building a software security program from the ground up can seem like a daunting task for even the bravest among us. This is true when nothing yet exists and when code, process, and culture have already been established and rooted in the corporation. Simply knowing where to begin can be overwhelming in and of itself. But soon even greater challenges will present themselves, such as understanding what is really important, effectively measuring and communicating the program’s value, and motivating the people around you. Yet, the process and the program can bring great benefits to the organization and can be effectively built and managed one piece at a time. This happens layer upon layer, success upon success. Join Jim and Don in this presentation, as they explore these topics and share some of their success stories and pitfalls during a four+ year journey in creating an effective and dynamic software security program.

11:00 - 11:35
Cone 210
The Revolution Will Be Automated

While targeted attacks may get the most attention, it is the automation of attacks that makes the cybercrime economy run. In this session, we will dive into how automated attacks are changing with recent examples from the real world, and how these changes almost certainly impact risk for every enterprise. In addition to understanding how the latest malicious automation works, we will dive into the economics of cybercrime, and investigate how disrupting automation can provide security before, during, and even after a breach.

11:00 - 11:35
Cone 112
Securing the Endpoint with Micro-Virtualization

Endpoint systems remain the easiest route for hackers to penetrate the Enterprise. With an attack surface of many tens of millions of lines of code, commodity operating systems, such as Windows and OS X, expose a relatively easy target to attackers. Enterprise users may be duped into exposing their systems to such attacks through a variety of means, such as malicious web links, poisoned email attachments, or rogue USB sticks, though increasingly attackers are using techniques such as malicious advertisements or "watering hole" attacks that compromise systems without the user even having to click on anything bad. Having achieved compromise of the client, the attacker not only has access to all information on the client, but has an excellent launching pad for deeper penetration of other Enterprise systems. Exfiltration of information and command and control traffic are relatively easy to hide amongst the browsing and other external network activity of client systems. Existing security products do a weak job of defending endpoints. Approaches that rely on detection can do little to counter zero-days or polymorphic malware. White listing is of limited use when many attacks involve using tricking trusted applications into doing bad things through supplying malicious data. Security vendors have tended to categorize such attacks that successfully hide from them as Advanced Persistent Threats, but, in reality, the techniques aren't particularly sophisticated and are increasingly being used by run of the mill criminals as well as nation states. Securing the endpoint is going to require a new approach. If it is inevitable that an instance of a client OS is going to become compromised, how can we build systems that still achieve security goals? This talk introduces an approach called micro-virtualization, in which a separate micro-VM OS instance is created for each individual task that a user performs on a machine. Hence, each web site, each document, each spreadsheet opens in its own isolated micro-VM. Hardware virtualization capabilities of modern CPUs can be used to achieve robust isolation between micro-VMs with excellent performance. The user experience is unchanged, but with each task running it its own disposable micro-VM, malware is unable to persist or move laterally or vertically. Hence micro-virtualization provides a practical implementation of the principle of least privilege that operates below the client OS, implemented using a small, hardened code base that is orders of magnitude harder to attack.

11:40 - 12:15
McKnight Auditorium
Human Behavior, the Soft Side of Security

Questions -
1. Given the current threat environment and the state of security technologies, how important is end-user behavior in the security strategy?
2. How does a company go about implementing behavioral change?
3. What are keys to sustaining behavioral improvements?

11:40 - 12:15
Cone 210
A Crash is Worth a Thousand Logs

Crashdumps are one of the most underestimated source of interesting information. It is a common belief that a crash is useful only to certain categories of individuals: developers to solve bugs, system administrators to deal with systems issues, and researchers to find vulnerabilities. In this presentation, we’ll present a different approach to analyzing this source of information and show other benefits that could be gained from a specialized crashdump analysis more focused on detection and threat intelligence.

11:40 - 12:15
Cone 112
Do You Have Enough Executioners?

Advanced threat detection is an ongoing battle. Network prevention controls will fail to catch them all. When that happens, incident responders shift into CSI detective mode, furiously hunting for clues to find the bad guys before damage is done. Given the deluge of daily security events, sending in a CSI specialist into the crime scene every time isn’t sustainable. The answer lies in automating the hunt and verification of successful infections with a security platform that transitions responders from detectives into well-informed forensic executioners. Today’s most potent security teams have the tools to remediate threats immediately instead of sifting through terabytes of data and alerts to find infections. They decisively act on threats within minutes instead of hours, days, and weeks. How? By leveraging a platform built on advanced data science principles that automatically finds infections that are actively operating on devices; successfully communicating with criminal Command & Control posing an imminent risk to the business

1:15 - 1:35
McKnight Auditorium
Yi Deng
Ehab Al-Shaer
Marjorie Bray
Center for Configuration Analytics and Automation Update

The University of North Carolina at Charlotte and George Mason University have formed the Center for Configuration Analytics and Automation under the National Science Foundation’s (NSF’s) Industry/University Cooperative Research Center (I/UCRC) Program. The mission of the Center is to enable collaborative industry and government directed research in configuration analytics and automation capabilities and their integration for the efficient, accurate, and timely operations management and defense of complex networked information technology (IT) systems and environments; and the encouragement and development of top-quality graduates with knowledge and experience in this field.

1:35 - 2:15
McKnight Auditorium
Sam Phillips, Keynote
Mobility and BYOD

The session will focus on reviewing the opportunities and issues that companies face in the mobile environment today, including BYOD which brings employee privacy concer ns, endpoint and data management. Security is a key consideration and one solution doesn’t necessarily meet all needs, so what are some alternatives and how do you chose.

2:30 - 3:05
McKnight Auditorium
Mind the Gap: Evolving Cyber Information Sharing

Private companies operate our nation’s most critical infrastructure, including our electrical grid, water utilities, hospitals, and financial institutions. Well-funded nation-state and organized crime cyber-organizations are aggressively attacking US critical infrastructure every minute of every day. Ensuring that these private companies are able to protect themselves from these sophisticated attacks is deemed a matter of national security by the US government. As such, the US government is interested in arming these private entities with sensitive and classified government vetted cyber threat intelligence to assist in thwarting these attacks. This session will focus on how the US government uses creative information sharing programs to protect private critical infrastructure companies and Federal civilian agencies from infiltration and attack. The session will highlight two Department of Homeland Security Programs – Enhanced Cybersecurity Services (ECS) and Einstein 3 Accelerated (E3A) – as key tools used to combat against the evolving cyber threat.

2:30 - 3:05
Cone 210
PANEL SESSION
Defense Against Advanced & Malware-Free Intrusions

Traditional defense in-depth has been increasingly unable to deal with advanced malware and tactics. New tools and methods are needed to combat the ever-growing sophistication of the adversary. We will highlight some of the latest malicious techniques including leveraging memory-based and malware-less methods of penetration, persistence, and command and control. We will also demonstrate how these tactics can be countered with real-time continuous monitoring and visibility of endpoint activity.

2:30 - 3:05
Cone 112
I WANT MY BILLION$ BACK: IRS Refund Fraud A-to-Z

Tax refund fraud costs taxpayers billions of dollars every year. This presentation will step you through the steps criminals take to conduct refund fraud, from the initial harvesting of personal information, through the filing and tracking of fraudulent returns, to the ultimate cash-out.

3:10 - 3:45
McKnight Auditorium
The Cloud for Security Incident Responders

Security Incident Response is a critical piece of the CERT Prevent/Detect/Respond cycle. Modern incident response teams are well-versed in investigating and responding to on-premise incidents; however, once services and data move to cloud-based services, these teams may run into deep challenges. Using Microsoft Azure and Microsoft Office 365 as examples, this session will work through the challenges that incident responders need to address in various cloud computing models

3:10 - 3:45
Cone 210
PANEL SESSION
Security Big Data Challenge – It is not securing data anymore

The concepts of data warehousing and business intelligence have been prevalent in the IT industry for over a decade and recently were pulled into the overall concept of “Big Data.” When that concept was initially discussed at RSA in 2013, the security concerns were focused on how does a security organization prevent these large data stores from becoming the treasure room for attackers. As the year progressed, it is becoming apparent that security may also be a consumer of “Big Data” concepts. In this panel, we will discuss some of the principles of business intelligence and how that applies to security analytics. How can security organizations benefit from the tested business analytics practices to improve how we manage our security controls? Given the amount of security data, how do we assure that we also not creating a second treasure for attackers to exploit?

3:10 - 3:45
Cone 112
Identity Authentication for the Mobile Enterprise

With applications moving to the cloud and mobile devices becoming more prevalent amongst employees, enterprises need to know how to enable easy access for employees while keeping corporate data secure. Learn about the latest trends and technologies that will empower your organization to deliver an effective identity management strategy for mobile and protect your corporate data from being compromised, wherever it may be accessed from.

4:00 - 4:35
McKnight Auditorium
Securing the Internet of Things

The Internet of Things is here. Some things, like tablets and smartphones, are designed for connectivity, but add new sensors every day. Some things, like cars and refrigerators have connectivity forced upon them. This presentation discusses the security and data issues involved when the entire world is wired and every corner holds a dozen sensors.

4:00 - 4:35
Cone 210
Supply Chain Cyber Risk for the Enterprise

This presentation will review current requirements and thinking with regard to several aspects of supply chain risk and supply chain cyber risk management. The discussion will include: - review of the "players" in supply chain cyber security activities - adversary supply chain operations process - requirements from government agencies and others - considerations for your companies - what you should ask your vendors about supply chain cyber risk. We'll leave time for Q&A, and enable you to advance the discussion.

4:00 - 4:35
Cone 112
Think Like a Hacker! Common Techniques Used to Exploit Mobile Apps and How to Mitigate these Risks

The first step in learning how to protect and defend your applications from hackers is to think like one. During this session, you’ll learn just how easy it is for hackers to leverage widely available third party tools to completely disable and compromise mobile apps. This can lead to unauthorized access to source code, tampering of apps to enable advanced malware attacks, stealing of sensitive data or intellectual property, and conducting fraud. Attendees will:

  • Learn about the evolutions in the mobile threat landscape
  • View a live demonstration of various reverse-engineering and tampering attacks and how hackers use third party tools to compromise app integrity (e.g. Clutch, IDA, Hex-Rays, otool, classdump, Theos, gds/nm/strings debuggers.)
  • Learn how to mitigate app binary risk and implement new approaches to mobile app security
4:35 - 5:00
McKnight Auditorium
PANEL SESSION
Conspectus Insights Panel

A plenary panel of cyber security professionals, who are managing cyber risks in different business sectors. Panelists will provide their perspectives on important insights heard during the symposium and engage in a town hall discussion, as they offer their prognostication of emerging threats and risks to pay attention to during the coming year.