Successful business model throughout Asia focus on evolving technologies, such as cloud computing, social media and big data analytics to increase sales, maximize efficiency and reduce expenses. Meanwhile, the array of threats to cyber security continues to grow and evolve. The legal exposure, reputational harm and business interruptions that may wreak havoc on an organization’s bottom line. In the U.S., cyber insurance is a hot topic and almost 90% of high tech companies already adopted cyber insurance. Quantifying and transferring the financial loss of cyber impact is essential to enterprises; therefore, most consider cyber insurance is a part of internal cyber security governance.

To provide cyber total solutions, Aon align with Stroz Friedberg and Gotham Digital Science help your organization seek and shield cyber security risk and recover from the cyber incident. 12 significant cyber claims out of global top 20 cyber incidents response experience, Aon’s professionals assist to reduce risk and help you negotiate cyber coverage in what is a complex and developing area of insurance. In APAC, Aon client portfolio also cover hotels, aviation, financial institutions and high-tech companies, and have experience to assist client to handle cyber claims. Aon as market pioneer, we will share：

1.Cyber insurance global market trend.
2.Why international enterprise buy cyber insurance?
3.What should you do while facing a cyber incident? Claim practice sharing.
4.How to customize risk management plan by using Aon Cyber Solutions. 

Network protocol normalization and reassembly is the basis of traffic inspection performed by Next Generation Firewalls (NGFW) and Intrusion Prevention Systems (IPS). But even common network protocols are complex, with multiple possible interpretations for the same traffic sequence.
 
In this session, learn how targeted protocol stack fuzzing can be used for automated discovery of traffic normalization errors. Attackers can use these errors to evade detection, bypass security devices, and allow exploits and malware (including aggressive ransomware attacks like WannaCry) into your network undetected. 
Specific topics include：

• A brief introduction to evasion vulnerabilities
• Forcepoint’s approach of targeted protocol fuzzing to automatically discover evasions
• Applying evasion to attack to demonstrate efficacy
• A demo of attackers’ methods to evade detection and bypass NGFW and IPS devices

The most basic step in the informational security management is a complete account management. Especially when we have to face various informational systems and deal with different users’ situation.  How to carry out and simplify the account management effectively is an important issue that all administrators need to consider carefully.

As a CISO or an IT Manager in charge of Security topics, do you feel overwhelmed with too many Security events and information? Do you miss the good old days that you could have a nice sleep and never worry to get urgent call at night?

In this session, Koos Lodewijkx, IBM Security CTO and VP, who was IBM CISO, will share his experience about how his team to secure IBM. He will help you to review whether you stick to poor practices, and provide you 5 practical recommendations to improve your company’s security posture in 2019 and beyond.

Closed-door meeting. By Invitation Only.

Can your company move to the cloud without losing visibility and control over your security posture? Can your organization responsibly entrust your most sensitive assets and workloads to a cloud service provider? Must you risk trading security for convenience? With the right planning and cloud partner or partners, even highly sensitive assets can be transitioned to the cloud in a secure, trusted manner. Microsoft has moved ~95% of our corporate workloads in the cloud - Balancing information protection,
device health, identity management, and data telemetry with risk management. In this session we’ll bring hybrid cloud security into focus by sharing highlights reviewing the core requirements for data and workload protection, explaining why the shared responsibility model is different for PaaS, IaaS, and SaaS, and provide practical guidance on way organizations can increase security and visibility in their hybrid cloud environments for 2020 and beyond.

This presentation covers results of our on-going research on disinformation activities in public and social media networks. We will cover additional instruments and methods the potential infiltrators use for disruptive activities as well as discuss the relation and influence of global underground market services in disinformation campaigns.

We will discuss why understanding such campaigns is important component in an enterprise security awareness program and discuss how such monitoring could be used for continuous threat intelligence gathering. A number of case studies will be used to illustrate discussed methods.

Today's network are complex, network security professionals have to manage security policies not only for physical network, they also have to understand security policies for the virtualized network and also the cloud network. With the increased adoption of heterogeneous networks environment in enterprise networks, it is challenging to manage the security policies effectively without having full visibility and understanding of your network. It is also very difficult to enforce compliance for the security policies as the security administrator are overloaded with large number of change requests, and the change processes are performed manually which is time consuming and prone to human error. How can we increase agility in our network? How can we reduce risk in our network? We have to look forward to adopt orchestration tools that can help us automate changes for our security policies. With change automation you can help your organization effectively reduce risk and at the same time increase agility in delivery and maintaining all security policies in your network.

1. Introduction to distributed artificial intelligence and parallel computing.

2. The use of distributed artificial intelligence in the cloud security.

3. A framework of an distributed incremental machine learning within an intrusion detection system

In recent years, GDPR and related data protection laws are getting attentions around the world. In addition to understanding the regulations, the organizations, that work on huge volumes of information application systems for their daily process, should know how to adapt and adjust. Trend Micro will share its practical experience and the comprehensive solution.

The Fidelis Elevate platform dramatically improves the effectiveness and efficiency of security operations by delivering comprehensive visibility, intelligent deception, automatic alert validation and increased response across network and endpoints.  

1. Automated Detection and Response（ADR） is achieved through the tight integration of network visibility, security and endpoint detection and response（EDR） within a single platform. 
2. Delivers native visibility for networks and endpoints — without reliance on 3rd parties for detection
3. Analyses post-breach attacks and insider threats with high fidelity alerts
4. Enables you to quickly detect and respond to threats at the endpoint
5. Automates rules and behaviours, and leverages threat intelligence that runs in real-time and retrospectively
6. Provides stability via one vendor platform, built with integration as a core goal,versus orchestrating many vendors via APIs with random update cycles and breaking API changes
    

We regularly see application security testing presented as the de facto software security technique in case studies and whitepapers—a kind of magic bullet organizations use to show they take security seriously. Application security testing is a critical and necessary component of every security program. However, “penetrate and patch” application testing alone is not a security strategy at all. Application security testing is a starting block, not the finish line. If you’ve made an investment in application security testing already, then you’re on the right rack to lowering risk. Now, however, it’s time to take it to the next level: turn your application security activities from a cost center to a competitive advantage for your organization by creating a software security initiative (SSI). This presentation details the top reasons why a SSI is required, how you can set this up and the benefits of doing so.

The internet offers a lot of benefits: You can buy almost anything on Amazon and reconnect with old friends and family members through social media.
But, as we all know, the web provides significant security challenges. The threat of phishing, ransomware and other malicious attacks from uncategorized URLs, websites and email is ever-present. 
In order to mitigate these risks, threat isolation strategies have become an innovative way to help agencies fight the efforts of bad actors. These technologies can help agencies keep systems secure, protecting devices, networks and the growing number of web-connected technologies, which have dramatically expanded the traditional boundary.
As background, threat isolation executes web sessions away from endpoints, sending only safe rendering information to users’ browsers thereby preventing any website delivered zero-day malware from reaching devices. It is an emerging technology nowadays, we will discuss how these technologies have evolved and, more importantly, how they can be brought into today’s security environment.
The session will share:
•    The benefits of an isolation strategy and its role in an integrated cyber defense platform
•    How to give privileged users extra protection from web-based threats
•    How threat isolation reduces the inherent risk of messaging and web applications to give IT administrators greater control
 

Closed-door meeting. By Invitation Only.

In critical infrastructure industries, like nuclear and electric power where security is absolutely critical, it is important to develop a secure data workflow for isolated networks. This presentation will classify commonalities with setting up an optimized secure data workflow and explain how to best select policy and technical framework elements to achieve maximum security and productivity.
In this talk we will address recent cybersecurity breaches, the changing technological landscape of Advanced Threat Prevention, Reputation Analysis, Content Disarm and Reconstruction (CDR), and Data Loss Protection (DLP) as they relate to an abstract framework for understanding secure data workflows. Care will be spent to address policy concerns such as Access Controls, Logging and Auditing, Outbreak Prevention, and Encryption at Rest.   
Finally, we will expand our understanding of secure data workflows in terms of the most common communications architectures used to protect critical data:  Networked (Bi-Directional), Air-Gapped, and Networked using a Data Diode (One-Way). We will then look at how specific industries like nuclear and electric power, water, manufacturing, and defense apply aspects of secure data workflows within the greater context of our theoretical framework. 

Wireless remote controllers are widely used in industrial and home appliances, whereas radio cybersecurity is not prioritized.  The cost of wireless attack has been lowered to very affordable since the birth of software defined radio, but patching radio vulnerabilities is still costly if not infeasible.
The talk will focus on introducing a legal way to capture, replay, reverse and forge radio packets.  We urge the designers of wireless controllers to prioritize radio cybersecurity and make them safer to use.

We have been preaching about information security for a long time and have always cited Confidentiality, Integrity and Availability (CIA) as the cornerstone in our solution design. That works for enterprise IT solutions with some limitations. Now we are faced with the challenges from the OT sector; with push from the authorities and regulators. 
This session will show how an engineering technology firm addresses the challenges from the OT perspective.
 

In Philip K. Dick’s The Minority Report murder was eradicated due to the predictive “Pre-Crime Division”. Sixty years later, elements of pre-crime cybersecurity are already in place. But how do we toe the line between safety and Big Brother? Session will discuss history of predictive analytics, privacy implications of monitoring and how AI / machine learning will shape future society.

The Personal Data Protection Office (PDPO) was established under the National Development Council (NDC) in July 2018. One of the missions of PDPO is to coordinate all matters relating to the GDPR and to initiate “adequacy talks” with the EU. In this session, NDC’s Counselor Chih-Hsien Lin will elaborate on the background, focus and cross-border transmission issue of the GDPR. He will also discuss the impact of GDPR on Taiwan business communities and the coping strategies of Taiwan Government.

In today’s digital age, it is quite surprising to find that most people are unaware that only 4% the Internet is publicly searchable. This is known as the Surface Web, which is the part of the Internet that can be discovered, index, and retrieved, by ‘normal’ search engines such as Google, Yahoo, or Bing. The other 96% of the Internet is closed off to the public, and is made up of the Deep Web, and the Dark Web.
Whenever a major hack is carried out somewhere, typically resulting in a massive data breach, that personal data usually ends up on the Dark Web. There are currently over 5.6 billion sets of hacked credentials already posted, and the number is growing fast.
 In this talk, we will highlight the current cyberthreat landscape, the difference between the Deep and Dark Web; and discuss the consequence of a data breach, and the advantages of outsourcing your cybersecurity to an MSSP, for Dark Web monitoring and other cyberthreats.

“Digital business is built upon an intelligent mesh of devices, software, processes and people. This means an ever more complex world for security, demanding a continuous, contextual and coordinated approach.” 
Version 2 (ESET Taiwan Exclusive Distributor) will share on this session how to help companies make better use of intelligent security intelligence and tools, build proactive detection, protection and response, and combine risk management with risk management to quickly advance The transformation of the organization's innovation.

Security professionals are dealing with pressure from all angles. They must protect an expanding attack surface caused by employee mobility, while staying on top of evolving threat actor tactics and continued compliance mandates. To help mitigate the risks, security pros need to rethink their current security strategies and move past reactive security technologies.
The session will cover how modern approaches must balance prevention with detection capabilities in the context of an overall security strategy backed up with Threat Intel and Managed Threat Hunting. Ultimately, this will give security professionals the ability to better deal with the influx of new device types and data access requirements to prepare for and respond to targeted intrusions and attack.
 

In the modern environment, there is no way to know who are using what devices with which apps installed on them and when are they connecting to the network, you need a new approach to protect your network. 

Aruba IntroSpect integrates AI-based machine learning, pinpoint visualizations and instant forensic insight into a single solution. Malicious, compromised or negligent users, systems and devices are found and remediated before damaging the operations and reputation of the organization. 

On the other hand, legacy networks may not be created with mobility, IoT access or security in mind. By implementing Aruba Dynamic Segmentation, role-based policy decisions and access rights are made based on the device type, application used, and even the location of the user or device. The network will be segmented automatically based on device profiles and diverts traffic from selected devices to the controller for further inspection and policy enforcement. Therefore, it simplifies IT operations and improves security by dynamically applying unified policies and enforcing advanced services anywhere in the network. This ensures that appropriate access and security policies are seamlessly distributed, automatically applied, and independently enforced for all wireless and wired users and devices.

Closed-door meeting. By Invitation Only.

Advances in AI tie closely to how AI is trained. Lack of sufficient data-set and lack of domain know-how validation would result in misjudgments and let malware evolution has the upper-hand. We have an novel approach to the hard problem “detecting the undetected” by using machine learning to simulate context events and compete each other for optimal storyline. This breakthrough sets a milestone for boosting security team's capability.

There are more and more malicious programs protecting themselves by packer and Anti-Debug on Android. Knowing the principle of packing and unpacking is the only way to break through the malware and analyze its further behavior. 
1.    Introduction to packing and unpacking
2.    Android malware
3.    Android malware variation (packer)
4.    Introduction to commercial packer software
5.    Android Dex Runtime
6.    Android dynamic packing mechanism

Along with the rapid growth of IoT, more and more devices are connected to the internet and with one another. This has opened the door for DDoS (Distributed Denial of Service) attacks, with some taking up to terabit-level, imposing serious threats to the networks. Conventional DDoS solutions rely on network packet inspection, attack pattern comparison, and simple rate analysis to detect anomaly events. These methods are no longer sufficient to cope with the rapid advancement of today’s DDoS threats. In this session, we will discuss how Artificial Intelligence and Machine Learning technologies can provide more proactive protection against DDoS attacks. By implementing big data analytics, self-learning of network traffic behavior, and statistical analysis mechanisms, we can create a quicker and more precise network-wide anomaly detection system that facilitates real-time network security.

Network security is no longer so simple as “detecting attack packets on the network and then blocking its source”. Cyber criminals nowadays are spending more time on spying their targets before committing destructive attacks. They use stealthy and advanced hacking techniques to stay as long as possible inside target networks, so as to maximize their profits by exploring all exploitable. Some even conduct espionage for their supporting governments. They are known as APTs (advanced persistent threat), and we identify them by their TTPs (tactics, techniques, and procedures). AI-Aided Attribution is about identifying the APTs hidden in your network leveraging the knowledge of TTPs, and can be conducted before the destructive attacks, which may wipe out the evidences you need for attribution. Knowing the hidden APTs in advance will allow network owners to determine the scope of the threat, and remedy the situation before it’s too late.

There are some penalty cases has really happened since 2018 May.  Whether GDPR is the crisis or opportunity for data usage in different industries?  Application development is always function-oriented, most of the security design & control start from process, then integrate with personnel & technical controls.  However, when PII has been also becoming concern issues, we have to re-consider the privacy design & data usage.  In this session, we will discuss privacy with global regulation, smart connected-device, and My Data commercial market opportunity.  We will also provide KPMG viewpoint for privacy engineering with SSDLC, and de-identification with data value-add usage.

Any organization’s security depends on their ability to rapidly detect and respond to emerging threats across your cloud and on-premises environments. Yet, attack methods and strategies evolve constantly, making threat detection an always-moving target.

Many organizations simply don’t have the resources or time to extensively research the global threat landscape for the latest attack vectors, nor can they spend time analyzing every indicator that an attack is happening.

AlienVault Unified Security Management (USM) is built with these organizations in mind. AlienVault USM performs advanced threat detection across your cloud and on-premises environments. 

In this session you will learn:
-    How to focus on threats that matter most
-    How to get complete threat visibility of all your assets within and outside the corporate boundary 
Staying vigilant with continuous threat intelligence delivered

Varonis is a pioneer in data security and analytics, specializing in software for data security, governance, compliance, classification, and analytics.  Varonis detects insider threats and cyberattacks by analyzing file activity and user behavior; prevents disaster by locking down sensitive data; and efficiently sustains a secure state with automation.

Varonis started operations in 2005 and, as of March 31, 2018, had approximately 6,000 customers worldwide — comprised of industry leaders in many sectors including financial services, healthcare, public, industrial, insurance, energy and utilities, consumer and retail, education, media and entertainment and technology.

In the past two years, many well-known multi-national companies and important organizations have been hit hard by WannaCry. Undoubtedly, the victim units are already equipped with considerable information security defense forces. This makes us wonder whether the current security defense strategies need to be reviewed. 

Tracing to its source, the two points should be the key: 

1.Inability to protect end points from malware infection. 

The malware can reach a PC through a TLS/SSL file download link, which is an encrypted phishing URL. Alternatively, it can be an internal attack that takes place when an infected device connects to intranet or through USB injection.

2.Inability to detect the spreading of malware:

Spreading behavior, usually called lateral movement, cannot be detected by the security devices. It is because the place where spreading occurs is just the dark side of the network which is not monitored.

For the challenges above, should we have to modify our network security strategies?

Zenya has the solution to implement a practical strategy. To provide pervasive visibility to enlighten the dark zones by using PacketX so that help security devices to detect malware spreading. Moreover, we need to protect the network without checking content which is usually encrypted while decryption cannot work all the time. Thus, Zenya suggests to use PacketX and Silicom to build the most efficient zero-downtime perimeter defense that can block the millions of threaten IPs/domains provided by ISACs or intelligence vendors.
 

Total Document Security 

• 2018 Cases studies sharing in Taiwan market.
• Next Phase - AI
• Ricoh’s IoT strategy to FSI customers.

Closed-door meeting. By Invitation Only.

Enterprises focus on security defense. When facing the unknown threat of security, it is impossible to build up the effective defense boundaries immediately. In the era of digitalization and mobile application, the typical security defense cannot be put to good use on facing the attacks and threats from all directions. Should the only thing we do is surrendering? Or should we fight against aggressively? Blue team is a security conscious that every enterprise should re-build. How to use limited security resources to integrate the original skills and workable defense equipment, and then establish a strong defense boundary? 

With the rapid growth of blockchain in the recent years, this technology is bringing better decentralized verification mechanisms to the world, but at the same time is also bringing new security issues.
In this presentation, we will talk about blockchain security and provide prevention solutions from multi-dimensional attack vectors, such as exchange website, software wallet, hardware wallet, blockchain core architecture, smart contract, etc. 
Operating system kernel architecture is often an important consideration for stability and security. This talk will also share the kernel architecture of an operating system with security enhancements for blockchain software operations.

In today's business environment, securing the perimeter is no longer enough. The endpoint is the new perimeter, and effective endpoint protection is so much more than anti-malware.

First of all, effective prevention of cyber threats requires a layered approach that covers endpoints as well as servers, gateways, email, and other communication and collaboration channels.

And in addition, effective prevention today uses technologies and features that keep potential intruders out of your systems with next-gen technologies and additional security features that let you take control of your security. And we don't stop there – we bring in the human intelligence of hacker motives and tactics and amplify human expertise with automated scalable technology.

With F-Secure Business Suite you get：

• Better visibility into the state of your security across the company network
• Scalability for changing needs and demanding environments
• Centralized control over every user and endpoint so you can deploy the right policies 
   

Machine Learning has been proved to be a powerful tool for detecting unknown threat in cyber security field.
However, hacker can also use AI technologies to find the weakness or exploit of machine learning models.
We are going to introduce the concept and mechanism of the Adversarial AI, to see how hacker and cyber security companies fight with each other.

Personal data protection as a basic human right is already a global trend. How to protect information privacy under the digital trend has become a challenge for all enterprises. This is not only a matter of compliance, but also a company should actively face the issue of how to “Use personal data in a reasonable base” Therefore, data governance is the best solution for both "Anti-money laundering", "Big data", "Cloud computing", “Information security" and "Privacy protection". Privacy protection will eventually be internalized into the basic understanding of all people. However data governance is a long road to the future of every company. How to integrate information management and enhance competitiveness is an continuous task for enterprises.

In this talk, several bugs related to ELF parsing will be presented. These bugs make modern disassemblers such as objdump, IDA Pro have wrong results. And we will demo how to use a Linux kernel 0-day bug to create a seems-harmless binary that actually a malware.

In many cases, different attackers may use similar methods for intrusion. Meanwhile, lots of tools designed to do Red Team Assessment are abused by attackers. These tools, as well as their source codes, are easily available in public. It makes the tools for security improvement and assessment become the intrusion means. However, the public tools are not only the attackers’ chances, but also the defenders' turning points. Attackers can access the public tools to attack at will, we can study the tools as well. In this talk, we understand attackers’ thinkings and methodologies through open source tools to strengthen the defense awareness and to ensure the network security.

Global, national, and local privacy breach  response requirements are more complex than ever before, and at the same time continually evolving.  It's no wonder that the solution of incident response (IR) is an emerging market. Many security teams are now applying Security Orchestration and Automation to simplify their daily tasks.  These include security event classification and digital forensics, that often involve repetitive and tedious tasks. By taking these burdens away from security analysts, they can pay closer attention to more critical tasks.
 
However, the value of IR Orchestration goes far beyond the initial response stage. With proper usage, IR Orchestration not only helps SOC respond when incidents occur, but also helps orchestrate and automate all tasks in the incident response cycle, including resetting certificates, applying security patches, or updating security *firewalls* or SIEM rules to prevent future cyber attacks.
 
We will share the value of Incident Response Automation and Orchestration and give a live demo to help the audience experience next-gen incident response. Integrating the power of IR Orchestration, Artificial Intelligence, and security analysts into one platform can help increase response speed and lower security risks.

CITIC Telecom CPC is one of the leading MSSPs in Asia Pacific region, and offers a full portfolio of Managed Security Services (MSS) to enterprises that require total protection solutions. And also TrustCSI™ Secure AI, a new approach of enterprise cyber defense solution enables full prevention, detection to corporate cyber risks. 

In this session we specially invite Adan Zhan ,Deputy Director of Data Science and Innovation from CITIC Telecom CPC, demonstrate how TrustCSI™ Secure AI actively investigates all anomalous activities and identifies threats using the behavioural approach and advanced machine learning algorithms to quickly hone in the root cause and severity of the anomaly detected, formulate findings into actionable insight and predict whether any anomalous network behavior is significant enough to cause alarm. 

Also aligning with TrustCSI™ MSS , the solution provides powerful security technology, accurate threat intelligence, proven processes and security expertise, can definitely shorten the time it takes for customers to contain threat and limit the extremity and cost of an attack when it occurs.
 

This is the era of digital transformation while Trade Secret is not a news for industries; with the Trade War between the US and China, the issue of Trade Secret or technical know-how protection plays a key-role in our market again. In the meanwhile, the explosion of information technology makes great changes to both attacking and defending players of Trade Secret protection that all about the trend of cross-disciplinary and border-less against. Thus, our session would start from the changing of information technology to the trend of Trade Secret protection development, from enterprise internal management to supply chain management, and try to redefine the management framework for Trade Secret and provide a new management concept and strategy advisory for enterprises.

A lot of cyber security solutions focus on driving up the cost for the attacker. What about the poor defender? In this talk we discuss how we at PolySwarm think about flipping the equation: making economic incentives constant, accessible, and attractive for good defenders. How can the hacker community work together to solve open challenges and make attacking a low-wage job”

Nowadays, information security is an inevitable challenge for enterprises.

In the world of open source software, there are many solutions that can help.

From virtualization, backup, device monitoring, log analysis, vulnerability scanning and so on, you can find a pretty good suite.

Speakers will share his experiences with open source software.

As enterprises often just focus on the security issues of servers and personal devices, the fragile security and large number of IoT devices have become new targets for hackers.
Beginning in 2016, DDoS attacks based on IoT devices began to global networks (eg, "Dyn attack events").
It is expected that by 2020, 25% of attacks against enterprises will be related to IoT devices (eg Mirai).

"More Internet of Things, the battlefield is wider." As enterprises build more and more IoT equipment, accelerate informationization and improve operational efficiency, it also tests the ability of the security department to respond to the emerging security battlefield. This agenda will lead new recruits to think about how to step into the vast battlefield of security.

Challenges Faced by Traditional IT Infrastructure and Security Architecture 
New it solution with Minimalist Architecture and Effective protection from Sangfor
Best Practice and Case Sharing from Outstanding Companies in the Industry

When the whole world is raving about MDR, what exactly is MDR? What issues is MDR trying to address? Why is MDR different from other existing security solutions? How does MDR help businesses achieve better security? This session provides an easy-to-grasp yet insightful introduction to the capabilities of MDR services/offerings and the key points to keep in mind when choosing MDR.

As more sophisticated security tools are developed to combat these adversaries, bots are consuming a huge amount of bandwidth and can sometimes account for more than 90% of the traffic on a website. Losing large amounts of network bandwidth to bots means lower online revenue and poor user experience leading to both brand damage and lower profitability.

Traditional signature-based security solutions fail to respond to threats and automated attacks fast enough. ForceShield’s unique Dynamic Transformation Technology stops online fraud by eliminating automated BOT attacks on your Web and Mobile applications. Reserve bandwidth for
Real customers and stop losing money and valuable network resources to attackers.

DarkHotel ( or Darkhotel ) is a targeted spear-phishing spyware and malware-spreading campaign that famous in one operation. This campaign selective and attack business hotel visitor through the hotel's in-house WiFi network.
DarkHotel are aimed primarily at executives in investments and development, government agencies, defense industries, electronic manufacturers and energy policy makers. A large number of victims have been located in Korea, China, Russia, Japan and other countries in Asia.
In this presentation, we are going to talk about their previous operations and recent activity what we found. We will share our experience of the cutting-edge APT with attendees, and the skills and tools that the threat actors adopt. In the end, attendees will leave with a suitable defense strategy and useful tools to against DarkHotel.

In 1995, the International Society of Automation published the ISA-95 standard for enterprise integrating the operation control of the factories. It defined the terms IT and OT and set up 7 levels of  the enterprise integration network. OT includes Level-1 ICS. Controller network, Level-2 Supervisory ICS human-machine interface network and Level-3 factory short-range operation management network. 
From this on, IT and OT develop their systems based on their needs. IT attaches importance to confidentiality and integrity and OT attaches importance to stability and availability. Especially, except the factory regular maintenance, ICS system functions 24 hours a day. The characteristic that ICS operators have to process real time alarm immediately. It makes packets are not encrypted while communicating, the password control is weak , and ICS is difficult to update the patches of the system in time. In addition, the system life cycle could be extended to 20 years. For IT staff members, it is really unimaginable. In this session, we will base on the nature of OT when discussing OT security. 

Software Security for product is critical to risk control; Agile for product is able to move faster to market. However, "Agile" in practices sometimes ignore "software security". This session will introduce how to integrate "Software Security" and "Agile".

This session will take the C/C++ language as an example to explore the problems and possible impacts of writing C/C++ languages, and show some common and rare examples. Help you can discover security issues when you develop or code review.

Traditional security solutions are reactive. First detect the threat. Then deal with it. But today’s threats are too sophisticated, too dynamic, too fast to get caught. Networks are often infected before alarm bells go off.

Menlo eliminates all web and email security risks through isolation—providing the first truly 100 percent safe browsing experience. The Menlo Security Isolation Platform works by moving the fetch and execute functions of web browsing away from your network to our cloud-based platform. Only sanitized, nonexecutable content is rendered safely in users’ devices—providing a safe yet seamless experience that is no different than before. Suspicious web forms—a common target for hackers—can be rendered in read-only mode, preventing anyone from entering their credentials by accident or on purpose.

Join our speaking session and learn why Isolation should be a part of your Modern Security Architecture.

What is Vulnerability? What is the real impact?
What is ZDI (Zero Day Initiative)?
Product Vulnerability Handling and Response

Due to massive development of digital transformation of enterprise and IoT applications, information security has become an important but difficult issue for enterprises. But how enterprise can overcome multi-environment to deploy information security infrastructure? To solve this problem, Taiwan Mobile launched 「TWM information security solutions」to help our enterprise clients achieve the goal of complete protection.

1. How to use AIOPs to quickly find out attacks
2. How to use various prevention resources and integrate with Clean Pipe equipment
3. Introducing network traffic attacks and network prevention architecture for CC attacks

Taiwan has the excellent manufacturing capability.  However, in recent years, while people have intensive discussion on smart manufacturing, the lack of awareness of industrial security reveals.
Most of the enterprise has the misunderstanding on industrial security. It was considered that there will be no risk of hacker issues as long as the factory network segments are separate from enterprise or each other.  In fact, this method could only be applicable when the risk of factory attacks is low and the impact of the attacks is minor in the past. With the ever-changing attacks, the segmented network can no longer protect the factory from hackers or viruses. Especially, the upstream and downstream supply chains of the shopfloor equipment, and the systems, including PLM and SCM closely linked. If there is any process being attacked, the production capacity , revenue and even stock prices would be immediately impacted and result in corporate reputation damaged.

Major cloud services are encrypted in https. Once opened for enterprises, behaviors & contents in cloud cannot be audited. Cloud services such as WebMail (Gmail / Outlook / Yahoo Mail), WebHD (Google Drive / Dropbox), Social (Facebook / Twitter), Messengers (Line / Skype / WeChat / Fb Messenger / Google Hangout), are possible channels of leaking confidential information. We focus on these topics:
(1)    Law compliance of cloud service https decryption: discussions on how enterprises compose Internet access policy rules for employees, and how to construct auditing policy to avoid abuses by someone, so as to formally auditing the private contents of employees.
(2)    Decrypt https and filter C&C / malicious links or files: discussions on how enterprises direct contents to 3rd party engines, such as Google Safe Browsing®, Malware Patrol®, Aegis Lab®, OCR Lab®, or other IPS.
(3)    Sadness after decrypting https: what enterprises encountered after https decryption.

In this presentation, we will describe the security development lifecycle of Trend Micro.
Agenda:
-  Introduction
- Threat Modeling and Security Design
- Static Source Code Analysis
- Software Build Security
- 3rd Party Vulnerability Scanning
- Dynamic Security Analysis
- Penetration Testing
- Lesson Learned

In recent years, automated robotic program attacks have threatened almost every industry. Such as account takeover, fraud, web crawling, digital ad fraud and form spam. Affect the customer experience and damage the brand's reputation, resulting in lost revenue. 
Through this session we will explain how Radware uses artificial intelligence and machine learning techniques to analyze user history, user behavior and related raw data. Classify WEB/API requests and highlight exceptions to build normal access behavior. Separate malicious robots from human users to improve the ability of enterprises to obtain inappropriate information about malicious robot programs.
 

The ICS-CERT (Industrial Control System Network Emergency Response Team, part of the US Department of Homeland Security) is designed to prevent hackers in seven steps of effective protection of industrial control systems, and the most rigorous step is completely isolating the network. Sometimes it is necessary to exchange internal data to the outside, or to transfer external data to the internals, how to achieve complete isolation of the network, and transmit the endless operational data at the same time is not easy to achieve. Network isolation can be divided into one-way isolation and operational two-way isolation. The above two kinds of network isolation are not achieved by firewalls, while Owl and Fidelis can satisfy the above two difficult technology.

Cybersecurity is a big question. In the process of industrial transformation facing the Internet of Things, this problem is even more arduous, and the impact is not only the choice of solutions but also including product development, deployment, and management ownership, this also means that Cybersecurity requires a strategic tactic to assist the internal operations and business continuity.  

What will be presented in this session is to list the Security Stacks and classify them into Embedded Security, Application Security, Network Security, Cloud Security and eventually SOC/SIEM by using the commonly used architecture on the Internet of Things. The main idea is to establish the Cybersecurity Strategies by the concept of Dot, Line, Surface, and Watch deployment. Connected Car and IIoT as will be the example in the presentation.

Cyber criminals today target people, not infrastructure. They trick your workers into opening an unsafe attachment or clicking on a dubious web link. They impersonate your CEO and order your finance department to wire money. And they con your customers into sharing login credentials with a website social-media account they think is yours. No matter how well you’re managing your IT infrastructure, you can't patch your way out of these types of attacks. Learn how to build and implement a people-centered security approach at your organization in this valuable session with Proofpoint.

Machine learning is widely used for computer visions, natural languages processing, game playing, malware detection, etc. However, researchers recently found that adversarial attacks can easily nullify those detection/defense models. We want to show how adversarial attack impacts on security models. Therefore, in this talk, we would like to:
1.    Build a phishing detection model.
2.    Show how adversarial attacks impact on security models.
3.    Show how to protect security models from adversarial attacks.
 

The promotion of SCADA/ICS security is not only a technical issue, but also needs to find a niche and push steps from compliance, talent, and even the industrial ecosystem. The speech begins with the ecosystem from the global view. The degree of maintenance and compliance of the domestic and international security industry and the compliance of the industrial security and OT gaps in the security industry. After that, we introduce the trend of ICS security development, such as: ISA /IEC 62443, as well as the introduction of the actual field of the United States, Singapore, Israel, and Japan. Furthermore, we share our exploration of the opportunities for Taiwan's investment in the promotion of industrial security and the steps that can be considered. Therefore, under the consideration of talents, technology and international linking. We will share how to implement the construction of ICS testbed, the talent education and the risk assessment mechanism of ICS. To assist Taiwan's industry to reduce the risks encountered by ICS, III would together with cybersecurity industries enhancing the awareness of ICS security, and create opportunities for the development of industrial security.

With the rapid growth of the internet world, new types of attacks and their corresponding protections are constantly updated. How can companies respond quickly to various external threats in limited resources? How can they be in the shortest time? Build a complete and secure protection? WatchGuard provides a network-to-endpoint solution that enhances device login authentication and creates a fast and secure network environment.

The Internet of Things era makes the security threat more omnipotent. Software development can no longer be the same as before, after the development, then carry out vulnerability scanning, security testing, etc., to improve software security issues. At the same time, the rapidly changing environment of IOT has also allowed the software development methodology to evolve to DevOps. Regarding the development of DevOps, while considering the security issues, the industry's senior experts put forward the theory of security left-shift theory, suggesting that the sooner the DevOps program is added, the better. This agenda will share the basic concepts and practical experiences of software development security. And provide suggestions for the future buddy to go to the left. Finally, I also share some small means for the information system user to ensure the security.

In response to Information Security Law and Regulations, every information security incidents must be investigated. The investigation is composed of the scope of the incident’s effects and the damage assessment, furthermore, root cause analysis should be conducted.

Hacker’s attacks changes day after day, according to that, this session is going to share variety practical cases of the information security investigations, including how to use ‘eDetector’, the effective detecting and large-scaled evidence collection tool, to find out the suspect infected host and the vulnerability, and how it can be cooperated with ‘AXIOM’, the comprehensive forensic analysis platform, to recover the truth of the incident in order to avoid similar incidents from happening. Besides, we’ll introduce some APT malware which couldn’t be detected by anti-virus engines.

Software development is pressed for faster and faster release cycles with acceptable quality, budget and security. As movements like CI, CD and Devops aim to cut down on release cycles, it's security's job to help control the risk. The risk landscape is complex as modern development practices increasingly consume more and more third party code. Traditional methods do not cut it anymore - it's time for DevSecOps. This session gives an overview of how companies have implemented DevSecOps practices in their own delivery pipelines and how this can help increase developer awareness of risks affecting them. We'll walk an example CI/CD Pipeline and explore how security has been embedded as a part of it, how the movement is shaping up and how standards are starting to follow suite.

The National Cyber Security Policy Development Blueprint (National Information Security Development Program (2017-2020) will enhance national cyber security according to four key strategies: completion of basic national cyber security infrastructure, construction of a national cyber security defense system, promotion of a sustainable national cyber security industry and cultivation of cyber security talent. 

Simpler Sharing for Secure Collaboration:
Broaden the adoption of MOVEit across your end-users to extend its security, management control and traceability features to collaboration and ad hoc file sharing of sensitive data. Let users create their own secure shared folders for collaboration with anyone.
Users can extend MOVEit file transfer capabilities to anyone while administrators maintain full control over permissions and audit logs. A simple user interface is provided to manage permissions for any folder user. This gives MOVEit customers a simple, secure and cost-effective way to reduce the potential for unauthorized disclosure of sensitive data that is inherent in ‘shadow IT’ implementations of cloud-based file sharing systems, EFSS systems or email.

Flexible Deployment and Access Options:
A broad range of client options support mobile, web and Outlook access. A free MOVEit Client is also available for simple drag & drop desktop transfers from Windows or MacOS devices. MOVEit Transfer’s flexible architecture supports scalability or availability demands with a web farm implementation. Domain-based or username-based mutli-tenancy configurations are also supported. User access can be securely controlled via Multi-Factor authentication.  MOVEit Transfer also supports Secure Folder Sharing, making it simple for internal and external users to securely and easily collaborate while maintaining a complete audit trail.

Benefits:
•    Simple and secure collaboration between internal and external end-users
•    Low administrative overhead with user self-service
•    Full logging and audit trail of all sharing activities
•    Superior security compared to consumer-grade EFSS and email
 

We all know FIFA world cup took the public by storm. As the global events go popular, cyber-attacks would also be active. Since attackers have much more attractive material that could be used to lure people into opening malicious file or sites. We monitored the cyber-attack activities related to 2018 FIFA World Cup via different sources and observed some special cases, from the phishing messages spreading all around to the crafted malware targeting specific people. Let’s look into how the cyber criminals use various ways to steal information and money through the popularity of the famous events. No matter you are an individual or an organization, understanding the cyber threats and taking the right precautions save a lot of trouble.

The OT environment has been facing actual cyber threats recently as the rise of Industrial IoT. Unfortunately, the OT people know much less Cybersecurity comparing to their IT colleagues, while IT people don’t have adequate knowledge about OT environment and operation either. Implementing Cybersecurity practically and pragmatically is a key to accelerate the Industrial World to real automation and data exchange in IIoT era.

Deploying firewall, antivirus, anti-spam appliances can avoid external attack to your IT environment. Thanks to the cutting-edge technologies, we can protect most of the attacks from external, such as DDoS. However, reports showed that recently internal attacks like rouge operations or stealing privilege access were increasing dramatically. Hackers access your environment via normal channels with privilege access usually difficult to be found. At the same time, in competitive atmosphere, enterprises need to prevent commercial spies to leak critical IP or information to competitors. 

Quest provides a series of solutions, in order to protect systems and data in various aspects, but not sacrifice user experience and business continuity. Let’s strength your infrastructure security with Quest.
 

Mobile devices are more and more popular in recent years, but app security is still ignored by many developers. The reason is that developers have insufficient awareness of security or their development time is too short to take care of security issues. They often back down because of exorbitant price and complicated usage even if they are interested to purchase app security product. In the end, they can only choose to publish apps with insufficient protection.

In this presentation, we will introduce the main functions and principles of many commercial mobile app security products on the Android platform. Then, we will demonstrate how to develop the functions of those security products and the Gradle Plugin, which can automatically integrate protection functions into the app while building an APK in Android Studio. Finally, we will introduce how to build a strong and easy-to-use mobile app security product.

Industrial control systems (ICS) are not only complex, they are also critical to the operation of industrial infrastructure. Ensuring network availability with Stormshield Network Security
To address these needs, the Stormshield Network Security range offers high-availability functionality to ensure continuity of service in the event of a failure. Our industrial firewall, the SNi40, also offers a failsafe mode which guarantees connectivity even in the event of equipment failure. Protecting industrial protocols with Stormshield Network Security
With our Stormshield Network Security products, we have the ability to protect and filter different types of industrial protocols (e.g.: Modbus, OPC, etc.) using a genuine DPI (deep packet inspection) approach, VPN IPSec and VPN SSL functionalities, and an advanced event and alarm management system. Our Stormshield Network Security range enables the configuration of a number of flow rules which authorise connections based on the time of day, the person involved (e.g. identification by captive portal) and DPI for analysing commands. In addition, our Stormshield Endpoint Security product can restrict communications solely to the tunnel used, thus preventing smurf attacks.

For this generation that so readily believes what they see, sound and images have become cornerstones of truth. This not only applies to documented history, but it actually forms our current perception of reality. 

However, can we trust our eyes and ears to perceive reality? With the rapid advancement of AI, Deepfake technology is no longer considered extraordinary. Machine learning can artificially mimic facial expressions, human movements and natural sounds to create realistic-looking fake videos that could wreak havoc on online media platforms. This has dangerous potential as a weapon of information warfare for governments, scammers and other malicious actors. This will take fake news and information warfare to a whole new level. 

I am a big fan of Air Crash Investigations.  In many of the cases presented in the show, the investigations reveal that human error is inevitable, no matter how advanced the airplane technology, how strict the regulations, or how abundant the experience of the crew.  Similarly, many businesses invest a lot of resources into cybersecurity infrastructure.  But, at the end of the day, humans are the weakest link in the security system. We all recognize the importance of airplane safety, so we expect pilots to hold a tremendous amount of experience and knowledge to ensure the safety of passengers.  So, why do we not expect the same from businesses? With every cutting-edge website with the latest cyber security software, is there also a sufficiently-experienced ‘pilot’ to command this system?

This lecture will discuss the "human element" from a business perspective along with various cyber security strategies employed by businesses.