The recent software supply chain attacks that have been rocking the internet shows how important it is to have the right solution that ensures immediate visibility of the blast radius of new vulnerabilities. Join us to learn one of the most effective ways to rapidly identify systems impacted through a proper SBOM Strategy, to help organisations secure their software supply chain and reduce risk of cyber attacks. We’ll dive into:
• SBOM Analogy
• SBOM History
• Why it makes sense?
• SBOMs, Languages and Formats
• Difference between VEX and SBOM

• Interesting Facts on electronic signatures
• The relevance of eSignatures
• The history of electronic signatures
• Challenges eSignatures address
• Benefits for businesses
• A legal perspective on electronic signatures
• The future of digitalization and the role of eSignatures

This talk will introduce the Attack Tree methodology and explain how Attack Tree diagrams are constructed. It will discuss how attack paths are identified using based on the logic of the Attack Tree diagram. It will demonstrate how the likelihood of each attack path may be estimated based on the obstacles faced by the attacker.

As the sprawl of devices, device types, and solutions continues to skyrocket, environments only grow more complex. But there’s good news: asset management has evolved. Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, always up-to-date view into all assets via integrations of existing tools, data correlation at scale, and querying capabilities to find and respond to gaps. Join this session to learn how asset intelligence and the emerging Cyber Asset Attack Surface Management (CAASM) category improves security hygiene, reduces manual work, and remediates gaps.

Cloud native development has changed the way developers both build and secure applications. It’s more important than ever for apps to remain secure through their entire development lifecycle – but without impacting dev teams’ ability to innovate with efficiency. One way to balance these needs is to approach security from a dev point of view.
This live demo will demonstrate how Snyk’s cloud native application security platform is designed to work like a developer tool, all while enabling one continuous feedback loop between dev and security personnel. This makes it easy to not only find security issues in your code, open-source dependencies, containers, and infrastructure as code, but fix them quickly. See why 2.2 million developers choose to use Snyk to build securely.

Risk Quantification can be both an enticing and intimidating exercise for a business to pursue. How does an organization get from point A to point B (and back again) to score and value risk? In this session, we'll take a back-to-basics approach to break down the concept of risk, contrast this understanding with some of the modern applications of risk in business, and discuss how people across your organization may interpret the meaning of risk. We'll diagnose some of the common pitfalls companies fall into and identify perspectives to help account for variables that do not have defined parameters when understanding risk.
KEY TAKEAWAYS:
• Understand how you can use risk metrics as a planning tool beyond mitigation tactics.
• Identify five simple steps to apply and guide your quantification strategy.
• Account for the "new normal" businesses are navigating for today and tomorrow.
• Take a mixed approach to quantification to help retain qualitative risk insights

• Nowadays, automated application security testing is a well-established field, but several IT trends are changing it.
• We'll look at some of those and see how we can deal with them from an app sec perspective, for example:
o API security
o Cloud-Native application security
o Supply chain risks
• We'll look at the capabilities that Micro Focus Fortify delivers in these areas.
 

4,000+ customers producing a 40PB threat data lake provides Alert Logic with unique insight into threats and adversaries
Clustering observed activity allows us to connect disparate indicators together
These activity clusters allow us to closely track prominent adversaries closely
Organisations benefit both directly and indirectly from our understanding of adversaries
Join us to understand the value behind understanding adversaries through threat hunting and threat intelligence

• Understand the value of deception as a viable IT strategy
• Drastically lower the time to detect all activity without overloading the IT teams
• Respond much more quickly and drop your time to remediate down to as low as possible
• Understand how deception can also help clarify overall infrastructure risks
• Optimise your costs to cover both IT and OT networks with a single automated solution 

Join ThreatLocker's Director Cybersecurity, Ben Jenkins, as we discuss endpoint evasion techniques that are undetectable by most EDR/MDR and antivirus solutions. Understand how businesses are enhancing their cyber resilience and significantly limiting the damage vulnerabilities can inflict with a Zero Trust architecture

In six steps, Rowan will consider the misgivings of conventional security risk management (i.e., the desire to lead conversations around security with a technology-first approach whilst ignoring the fundamentals) and introduce cyber-security in terms of this dilemma instead: exactly how should we secure an empty room?

Thinking beyond the obvious and focusing on context rather than generalisations, the empty room concept allows security professionals to think much more granularly. Rowan will go on to explain how to influence organisational conditions so that your organisation has a secure production capability for creating the only thing it needs to create: value.If you’re sick and tired of listening to the same re-hashed, generic security advice, we recommend you don’t miss this talk.

• OSINT investigations can be used in a variety of exercises, such as red teaming, blue teaming and threat intelligence investigations
• Breach data is a mighty source of OSINT data, which can be leveraged in investigations
• This session will give an overview of how to investigate breached data in OSINT investigations.

Cybersecurity is always thought about in terms of technology, but is it that simple or does it involve more to secure an organization? Join this session with Mimecast to learn the cybersecurity intersection between communications, people, and data to protect your organization, reduce risk and manage complexity.

Cyber Runway is the UK’s largest cyber accelerator programme. Fast-tracking the growth of over 100 innovators across three streams: Launch, Grow and Scale.

Join us for this showcase and hear from some of the most exciting cyber start-ups and scaleups in the ecosystem today.