TOGETHER, WE

RESPOND

FASTER

CYBERSEC 2019

MAR. 19 – 21

Taipei International Convention Center
Taipei World Trade Center Hall 1, 2F

Mar. 19(Tue)
10:05 - 10:10
KEYNOTE
Opening Remark
  • 3月19日
  • 10:05
  • TICC 3F Plenary Hall

Keynote Speaker

President Tsai
   
11:50 - 13:15
Visit the Booth | Interaction

Technology Briefing

13:15 - 13:45
Identify the entry point for hackers
  • Mar. 19
  • 13:15
  • TICC 201 AF

Vulnerability – one of the major entry points of hacker. "Vulnerability Management" has been in place for a lot of organization for decades, but why there are still security breaches? Does the vulnerability management approach we are using today really effective?

From servers, end point to mobile workforce, security team now also need to manage modern type of assets, such as Cloud, containers and IoT, amount of vulnerabilities they need to manage is growing exponentially, how should we react to all of these?

Based on vulnerability data with third-party vulnerability, threat data and analyzes them together with the advanced data science algorithm developed by Tenable Research. The data science algorithm analyzes over 100,000 vulnerabilities using machine learning to anticipate the probability of a vulnerability being leveraged by threat actors and differentiate between real and theoretical risks. And we found that in 2017, public exploits were available for 7 % of all vulnerabilities, meaning that 93 % of all vulnerabilities posed only theoretical risk.

Through CyberSec 2019, we like to share our research results with you, together with various vulnerability management model, we hope that various organization can build an effective vulnerability management model and catch those most important 7 % vulnerabilities.

  • Vulnerability Assessment
  • Compliance
  • Threat Intelligence

Speaker

Disney Cheng (Disney Hok Fai Cheng)
Solution Architect – APAC, Tenable Inc.
The Enterprise Immune System: Using Machine Learning for Next-Generation Cyber Defense
  • Mar. 19
  • 13:15
  • TICC 3F Plenary Hall

From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. A fundamentally new approach to cyber defense is needed to detect and investigate these threats that are already inside the network - before they turn into a full-blown crisis. 

Based on unsupervised machine learning and probabilistic mathematics developed by specialists from the University of Cambridge, new ‘immune system’ technologies are capable of learning the ‘self’ of an organization. By analyzing every network, device, and user, and modeling them as they go about their day-to-day activity, the Enterprise Immune System can establish a highly accurate understanding of normal behavior. It can therefore spot abnormal activity as it emerges, and even take precise, measured actions to automatically curb the threat. 

Rules and signatures are not keeping pace with today’s rapidly evolving cyber attacks. The Enterprise Immune System represents a fundamental step-change in automated cyber defense,  is relied upon by organizations around the world, and can cover up to millions of devices.  

In this session, learn: 
•    How new machine learning and mathematics are automating advanced cyber defense 
•    Why 100% network visibility allows you to detect threats as they happen, or before they happen
•    How smart prioritization and visualization of threats allows for better resource allocation and lower risk 
•    Real-world examples of unknown threats detected by ‘immune system’ technology

  • Network Security
  • Threat Intelligence
  • Incident Response

Speaker

Michael Beck
Global Head of Threat Analysis, Darktrace
14:05 - 14:35
14:55 - 15:25
Cyber Threat Intelligence Sharing and Blocking
  • Mar. 19
  • 14:55
  • TICC 201 DE

Looking back at 2018, the ceaseless global information leaking incidents had happened to large internet service providers, international financial institutions, big airlines and government institutions, etc. These companies have one thing in common: the scale of their investment in information protection is larger than regular corporates and institutions and they are mostly already equipped with layered infosec devices such as next-generation firewall (NGFW), intrusion prevention system (IPS), web application firewall, antivirus wall, and Anti-APT. Yet unfortunately, tragedies of personal information leakage still happened. 

It is as if no matter how you strengthen your defense with high-end infosec devices, hackers are still able to intrude your place.  

Passive surveillance mechanism, which serves like front ramparts, is not sufficient to ward off intrusions from hackers. So experts have proposed a new idea: to block threats before they’re still in development. And the key for this lies in “Threat Intelligence Blocking”, which utilizes accurate information of global threats. It’s like being protected by many satellites and ground radars. Through building a densely woven information reporting network, when a missile (infosec threat) is present, it will be detected and terminated way before it reaches your domain. This not only lessens the burden of domestic inspection, but also greatly improves protection.  

In this presentation, the NETSCOUT Arbor security expert will 
-    give you a detail analysis about the underlying security problems you are now facing 
-    introduce the best solution which can block both inbound and outbound malicious traffic
-    show you how the unique intelligence can help to detect advanced threats

  • DDoS
  • Hackers & Threats
  • Advanced Threat Protection

Speaker

Tony Teo
SE Director, APAC, NETSCOUT Arbor
16:15 - 16:45
17:05 - 17:35

Cyber Leadership Forum

 

IoT & Hardware Security Forum

CyberSec 101

HealthCare Security Forum

14:55 - 15:25
HealthCare Security Forum
The Policy Challenge in HealthCare Cybersecurity (15:10-15:25)
  • 3月19日
  • 15:10
  • TWTC 1 Conference Room No.3

The modern medical system has developed into one of the social systems that are highly dependent on the information industry. The possible hazards of medical cybersecurity are mainly in the service process, patient safety and sensitive personal information. The security incidents may be from intentional behavior, design flaw or mistake. No matter the  diversity scale of medical organizations they may all face the mentioned sources of incidents and hazards, which enhance the increasingly important of medical cybersecurity. The current policy: one is attached to the hospital accreditation system as one of the items should be cared; another is to establish on national critical infrastructure as one of the core system to establish information sharing, response processing and security operation mechanisms with national resources. With the increase of the threat of cybersecurity and the external factors such as the allocation of government resources, how to strengthen the character of medical cybersecurity become an important element. In terms of common medical knowledge, a healthy body must keep well-being among physical, mental and social relationships. There should be genetic, nutrition, education and environmental factors. So how to overcome these internal and external factors? It is the challenge of the current medical cybersecurity policy.

  • Governance
  • Policy Management

Speaker

I-Ming Parng
Director General, Department of Information Management, Ministry of Health and Welfare
16:15 - 16:45
HealthCare Security Forum
Practice and Evaluation for the Cybersecurity of Taiwan HealthCare System in Cloud - The Case Study in Cloud Query System of National Health Insurance (15:50-16:10)
  • 3月19日
  • 15:50
  • TWTC 1 Conference Room No.3

The National Health Insurance Administration (under Ministry of Health and Welfare) provides the "Batch Download" operation function. After the patient makes an appointment and before the visit, the hospital collects the patient information and the consent form and uploads it. The batch can be downloaded and the patient's medical record combined with the in-hospital drug management. To comply with the Personal Data Protection Law and the information security regulations, the National Health Insurance Administration has formed the NHI-PharmaCloud System batch download guideline. 

Previous study found that the information system development capabilities of hospitals at different levels are not quite the same. The practice of downloading data in the cloud is different. 
To understand and implement the patient information security management operation of the special medical service organization, this study conducts in-depth discussion on the collection and processing of batch download data in each institute, application and management details, compare the similarities and differences between the institutes, and then proposes some principles of information security and personal data protection, and finally summarize a set of feasible SOP processes.

  • Policy Management
  • Privacy
  • Security Awareness

Speaker

Her Kun Chang
Professor, Chang Gung University
Mar. 20(Wed)
12:00 - 13:10
Visit the Booth | Interaction
13:10 - 13:40
Cyber Insurance - what do you need to know?
  • Mar. 20
  • 13:10
  • TICC 102

Successful business model throughout Asia focus on evolving technologies, such as cloud computing, social media and big data analytics to increase sales, maximize efficiency and reduce expenses. Meanwhile, the array of threats to cyber security continues to grow and evolve. The legal exposure, reputational harm and business interruptions that may wreak havoc on an organization’s bottom line. In the U.S., cyber insurance is a hot topic and almost 90% of high tech companies already adopted cyber insurance. Quantifying and transferring the financial loss of cyber impact is essential to enterprises; therefore, most consider cyber insurance is a part of internal cyber security governance.

To provide cyber total solutions, Aon align with Stroz Friedberg and Gotham Digital Science help your organization seek and shield cyber security risk and recover from the cyber incident. 12 significant cyber claims out of global top 20 cyber incidents response experience, Aon’s professionals assist to reduce risk and help you negotiate cyber coverage in what is a complex and developing area of insurance. In APAC, Aon client portfolio also cover hotels, aviation, financial institutions and high-tech companies, and have experience to assist client to handle cyber claims. Aon as market pioneer, we will share:

1.Cyber insurance global market trend.
2.Why international enterprise buy cyber insurance?
3.What should you do while facing a cyber incident? Claim practice sharing.
4.How to customize risk management plan by using Aon Cyber Solutions. 

  • Cyber Insurance
  • Risk Management
  • Cyber Resilience
  • Cyber Criminal

Speaker

Ling Yu
Director, Financial Services & Professions Group, Aon Taiwan Ltd

Technology Briefing

14:00 - 14:30
Isolation: It's Not Always a Bad Thing
  • Mar. 20
  • 14:00
  • TICC 201 DE

The internet offers a lot of benefits: You can buy almost anything on Amazon and reconnect with old friends and family members through social media.
But, as we all know, the web provides significant security challenges. The threat of phishing, ransomware and other malicious attacks from uncategorized URLs, websites and email is ever-present. 
In order to mitigate these risks, threat isolation strategies have become an innovative way to help agencies fight the efforts of bad actors. These technologies can help agencies keep systems secure, protecting devices, networks and the growing number of web-connected technologies, which have dramatically expanded the traditional boundary.
As background, threat isolation executes web sessions away from endpoints, sending only safe rendering information to users’ browsers thereby preventing any website delivered zero-day malware from reaching devices. It is an emerging technology nowadays, we will discuss how these technologies have evolved and, more importantly, how they can be brought into today’s security environment.
The session will share:
•    The benefits of an isolation strategy and its role in an integrated cyber defense platform
•    How to give privileged users extra protection from web-based threats
•    How threat isolation reduces the inherent risk of messaging and web applications to give IT administrators greater control
 

  • Web Security
  • Network Security
  • Phishing

Speaker

Dragon Chang
Principal System Engineer, Symantec Taiwan

Speaker

Albert Tsao
Principal System Engineer, Symantec Taiwan
14:50 - 15:20
16:10 - 16:40
After the WannaCry crisis, how can the network security strategies remain the same?
  • Mar. 20
  • 16:10
  • TICC 201 BC

In the past two years, many well-known multi-national companies and important organizations have been hit hard by WannaCry. Undoubtedly, the victim units are already equipped with considerable information security defense forces. This makes us wonder whether the current security defense strategies need to be reviewed. 

Tracing to its source, the two points should be the key: 

1.Inability to protect end points from malware infection. 

The malware can reach a PC through a TLS/SSL file download link, which is an encrypted phishing URL. Alternatively, it can be an internal attack that takes place when an infected device connects to intranet or through USB injection.

2.Inability to detect the spreading of malware:

Spreading behavior, usually called lateral movement, cannot be detected by the security devices. It is because the place where spreading occurs is just the dark side of the network which is not monitored.

For the challenges above, should we have to modify our network security strategies?

Zenya has the solution to implement a practical strategy. To provide pervasive visibility to enlighten the dark zones by using PacketX so that help security devices to detect malware spreading. Moreover, we need to protect the network without checking content which is usually encrypted while decryption cannot work all the time. Thus, Zenya suggests to use PacketX and Silicom to build the most efficient zero-downtime perimeter defense that can block the millions of threaten IPs/domains provided by ISACs or intelligence vendors.
 

  • Network Security
  • Threat Intelligence
  • Network Visibility

Speaker

Bryan Huang
Co-Funder, Zenya Technology Co., Ltd.

Speaker

Tony Wang
CTO, PacketX Technology

Master in Session

14:00 - 14:30

Threat & Intelligence Forum

17:00 - 17:30

AI Security Forum

17:00 - 17:30

GDPR Forum

17:00 - 17:30
Mar. 21(Thu)

Technology Briefing

11:00 - 11:30
Visit the Booth | Interaction
11:30 - 12:00
13:10 - 13:40
14:00 - 14:30
14:50 - 15:20
16:10 - 16:40
Using Secure File Transfer To Protect Creative Assets
  • Mar. 21
  • 16:10
  • TICC 201 DE

Simpler Sharing for Secure Collaboration:
Broaden the adoption of MOVEit across your end-users to extend its security, management control and traceability features to collaboration and ad hoc file sharing of sensitive data. Let users create their own secure shared folders for collaboration with anyone.
Users can extend MOVEit file transfer capabilities to anyone while administrators maintain full control over permissions and audit logs. A simple user interface is provided to manage permissions for any folder user. This gives MOVEit customers a simple, secure and cost-effective way to reduce the potential for unauthorized disclosure of sensitive data that is inherent in ‘shadow IT’ implementations of cloud-based file sharing systems, EFSS systems or email.

Flexible Deployment and Access Options:
A broad range of client options support mobile, web and Outlook access. A free MOVEit Client is also available for simple drag & drop desktop transfers from Windows or MacOS devices. MOVEit Transfer’s flexible architecture supports scalability or availability demands with a web farm implementation. Domain-based or username-based mutli-tenancy configurations are also supported. User access can be securely controlled via Multi-Factor authentication.  MOVEit Transfer also supports Secure Folder Sharing, making it simple for internal and external users to securely and easily collaborate while maintaining a complete audit trail.

Benefits:
•    Simple and secure collaboration between internal and external end-users
•    Low administrative overhead with user self-service
•    Full logging and audit trail of all sharing activities
•    Superior security compared to consumer-grade EFSS and email
 

  • Data Security
  • Governance Risk Compliance

Speaker

Ethan Lin
Ipswitch’s Greater China Region (GCR) Technical Director, Ipswitch
17:00 - 17:30

FinSec Forum

Cyber Leadership Forum

Threat & Intelligence Forum

14:00 - 14:30
Threat & Intelligence Forum
Design Considerations for Secure Data Workflows
  • 3月21日
  • 14:00
  • TICC 3F Plenary Hall

In critical infrastructure industries, like nuclear and electric power where security is absolutely critical, it is important to develop a secure data workflow for isolated networks. This presentation will classify commonalities with setting up an optimized secure data workflow and explain how to best select policy and technical framework elements to achieve maximum security and productivity.
In this talk we will address recent cybersecurity breaches, the changing technological landscape of Advanced Threat Prevention, Reputation Analysis, Content Disarm and Reconstruction (CDR), and Data Loss Protection (DLP) as they relate to an abstract framework for understanding secure data workflows. Care will be spent to address policy concerns such as Access Controls, Logging and Auditing, Outbreak Prevention, and Encryption at Rest.   
Finally, we will expand our understanding of secure data workflows in terms of the most common communications architectures used to protect critical data:  Networked (Bi-Directional), Air-Gapped, and Networked using a Data Diode (One-Way). We will then look at how specific industries like nuclear and electric power, water, manufacturing, and defense apply aspects of secure data workflows within the greater context of our theoretical framework. 

  • Critical Infrastructure Protection
  • ICS/SCADA
  • Industrial Security

Speaker

Benny Czarny
Founder & CEO, OPSWAT

Industrial Security Forum

17:00 - 17:30

Software Security Forum

17:00 - 17:30