How cybersecurity can better support digital transformation business goals?
In response to evolving cyber risks, how do does organization align information security strategy, cybersecurity architecture and processes with the business strategy and objectives?
Unified cybersecurity strategy and architecture are the key enablers of digital transformation and keep business thriving.
This agenda will cover:
- The last piece of the puzzle in your cybersecurity blueprints - balancing your business risks and resources.
- Evolving security threats and defense architecture
- How do world-class organizations commence on state-of-the-art security architecture ?

In 2019, more than 4 billion records were exposed due to data breaches. Poorly secured identities and passwords are still our weakest link, especially in the face of AI-based malware. In fact, 63% of all confirmed data breaches involved weak, default or stolen passwords. 
A key weapon for fighting back is implement a Zero Trust system. Like the name implies, Zero Trust systems do not automatically trust anything from within the perimeter, so even if bad actors do manage to get through corporate firewalls, they would still need additional authentication factors to reach each different or sensitive part of the network. It's incredibly powerful: Multifactor authentication for businesses can actually help reduce the risk of identity compromise by more than 99.9%. By using biometrics and identity-based certificates, organizations can increase safety and streamline the user experience, while industry partners can help scale while still ensuring personal privacy.

The threat landscape continues to evolve – and the speed and extent of that evolution is both accelerating and unpredictable. The future belongs to those who evolve their defense against these new threats - in this session, Sophos will share with you the latest insight on cybersecurity and the changing threat landscape. Learn how to leverage the power of managed threat response (MTR) services, Cloud Security Posture Management (CSPM) and security intelligence from SophosLabs to fight targeted, coordinated attacks aimed at your network. 

The greatest threat to enterprise security today is the user. Threat actors rely on a mix of psychological tactics that play upon users’ fears, curiosity and insecurities, getting them to think they are clicking on trusted links.  At the same time, most websites today are made up of hundreds or thousands of third-party components such as advertisements, plugins and content feeds, each one carrying the possibility of having malicious code hardwired onto a trusted site without the owner or user knowing.  You simply can’t trust anything on the web to be safe.  Limiting access to the internet is both counterproductive and stretches an already overburdened IT support team. Yet, you can’t just throw open the gates, and with hundreds or thousands of attacks per month, traditional detect and respond enterprise security strategies are at risk of being overwhelmed. There is no simple way for security professionals to differentiate safe content from malicious content, putting the organization at risk while inhibiting the productivity of users.  The only way to completely prevent today’s web-based threats is to employ a zero trust security strategy that treats all content the same. All it takes is one person to click on a web link in a phishing email delivering malware, ransomware, trying to steal credentials, or worse, and a company is hacked, their data breached, open to monetary fines and damages, and a reputation years being built is in tatters. With this perspective, is security that is “good enough” still good enough?  Menlo Security Isolation Platform provide a safe and secure platform for users’ web access. The solution prevent & segregates malicious threats away from users, creating a perfect web isolation strategy against adversaries.

Across the globe, organizations are being attacked by well-funded hacking groups who succeed in breaching traditional perimeter defenses. These attacks serve to remind us that we can no longer rely entirely on preventive security measures. The reality is that if a group is well-funded and determined enough, they are likely to identify an organization’s vulnerabilities and slip through the net of their perimeter defenses, often without us even noticing.

If you look back through history, successful battles often saw the strategic and effective use of terrain. For example, in 480 B.C. Persian forces invaded Greece. They deployed massive forces into the Gulf of Malia where they were required to negotiate the Pass of Thermopylae.  Just 300 warriors from Sparta were waiting for them and held them off for several days.  Many members of the Persian army died.

Fundamentally, if you do not know your terrain, you do not know what to defend and if you do not know what to defend, then there is no way for you to be able to institute protections for a robust defense.

So then, how can organizations strengthen their defense posture? We should start with the notion of terrain in cyber space and Terence Heah explains why.

Microsoft Threat Protection is built on industry-leading security and brings those solutions together to learn, adapt, and protect across the environment. Come to learn more about Microsoft Threat Protection solutions to correlate threat signals from across the organization, identifying, prioritizing, and responding to attacks before they can wreak havoc.

資安防禦需求白熱化，各領域資安解決方案數不勝數，近年來 Gartner 強調以「人、流程、科技」為軸心的資安防禦策略廣受推崇，較為常見的解決方案如 : 特權帳號管理 (PAM)、內部威脅管理 (Insider Threat)、使用者與實體設備行為分析 (UEBA)、事件情資分析回應 (SIEM) 等皆勢在必行，而礙於預算、人力及時間，如何釐清需求並權衡各類專案輕重及順序，資安管理人員抉擇甚要。

漢領國際具備上述相關資安解決方案之豐富導入經驗，深知資安規劃之難以取捨且須顧慮成效，此議程中歸納整理數百家客戶導入之心法，並以導引分析的方式協助資安人員客觀評量輕重，找出適切性，秉要執本，兼顧 CP 值與資安成效之最大化。

The year 2020 is the 3rd year that HENNGE has surveyed for information related to Cloud Security. In the survey that we have took in these three years, we have not only found the cloud usage in different fields and industries, but also got to known the difficulties and barriers that companies face when moving to the cloud. We wish to discuss on our old topic: Cloud and Productivity. As well as topics that companies often face encountering cloud adoption.
Lastly, we would like to share how HENNGE One can solve the problems encountered implementing cloud and discuss each module of HENNGE One briefly.
Whether your company is considering Office 365, G Suite or any other cloud services, please do take the time to join us if you are interested.

Carbon Black 是以雲端科技執行次世代端點安全的領導供應商。Carbon Black 為桌上型電腦及伺服器提供應用控制、裝置控制和進階威脅檢測。Carbon Black 開創了多個端點安全領域，包括應用程式控管、端點偵測與回應（EDR）
SANS 協會的說: 68% 的事件回應者正在或考慮使用 Carbon Black。
基於雲的反病毒解決方案。以 Cb Response 為基礎提供的雲端威脅智慧型和檔案分析服務。服務包括軟體和域名信譽，進階威脅指數，攻擊分類服務等，據報導，Carbon Black Collective Defense Cloud 是世界上最大的雜湊及檔案信譽庫

With the prevalence of network connectivity and cloud services, enterprises are facing unprecedented security challenges and the attack surface is growing. Entry points that can be exploited from data centers, distributed infrastructure, remote access employees, cloud infrastructure & services and application & APIs. As the professionals of information security in the enterprises, are you able to answer these questions? Do you know how good your security posture is? Have you implemented enough control points? Do you have the visibility and proactive services to combat bad actors?

As a world-leading global technology services provider, NTT Ltd. could help you get well prepared to respond to above questions and create a digital business that is secure by design. With our skills and expertise, we provide integrated cybersecurity services and threat intelligence to help you defend, predict, detect and respond to cyber threats, while supporting business innovation and risk management to build an agile and predictive security ecosystem.

OSecure Cloud Security Service is cloud service brand by Openfind. It provides additional Email security services for corporate, especially good for Office 365/G Suite. OSecure offers advanced prevention with precision filtering technology, upgraded mail protection to ensure the security of corporate communications. Also it offers adjustable filtering settings and comprehensive review of corporate security requirements and with high-speed interception and report generation for optimal management efficiency.

Transitioning to the cloud means losing visibility and control over computing assets. Cloud-hosted workloads are managed remotely, making it difficult for security teams to supervise access to sensitive cloud resources. As a result, many organizations are unable to prevent cloud misconfigurations, identify cyberattacks as they are happening and respond in time. Radware’s Cloud Workload Protection service detects excessive permissions to your workloads, hardens security configurations before data exposure occurs, and detects data theft using advanced machine-learning algorithms. It is an agentless, cloud-native solution for comprehensive protection of AWS assets, to protect both the overall security posture of cloud environments, as well as protect individual cloud workloads against cloud-native attack vectors.

因應移動裝置、雲端服務、IoT 等網路應用服務環境及類型與日俱增，駭客的攻擊手段及渠道層出不窮且日趨多元，資安防禦儼然成為沒有正解的多選題，如何規劃適合當下、兼顧未來的安全策略？
台灣大哥大資安戰警服務協助提供全新資安營運視角，以最佳適應性為目標客戶建立基於服務且不影響用戶體驗的安全解決方案，打造符合營運策略及業務目標的堅實後盾，開創最佳應用服務及網路環境！

Digital transformation is driving customers to re-think their IAM approach. One of the biggest challenges is how to manage change, particularly with increasing skills shortages.The organization have to mitigate risk, secure data, meet uptime requirements and satisfy compliance by giving users access to data and applications they need.
This session describes how to successfully implement an identity management system and discusses the following three points
1. User account lifecycle management
2. Auditing the authority of the account
3. Compliance (setting of SOD rules)

With over 90% of breaches starting with email, 
phishing continues to be the most common way cyber criminals target people, 
by tricking them to click on unsafe attachments/links or wire money. 
Now with businesses adopting cloud applications, such as Office 365, 
even more new risks continue to emerge (account takeover, data loss). 
No matter how well you manage your IT infrastructure, 
you cannot patch your way out of social engineering attacks and human error.

Join this session to learn why a people-centered security approach is the answer and how you can answer:

• Who presents the greatest cybersecurity risk to your organization? Are your business partners or customers putting you at risk of breach?
• Who are the most attacked people in your organization? How are they being attacked?
• What is their security posture? Are their accounts still trustworthy?

For most of the application risk control it relies on static defense, however it can only defend attackes that is already known in the market and in a passive way. The risk control system can improve this  and be able to protect immediately by relevant personnel. Keep your business and users safe in the shortest possible time.

Closed network is frequently used inside high sensitive units to protect their risky system, which seems like a secure architecture. But recent security breaches had proven it's not a guarantee. The closed network is one of the defense mechanisms accompany with other measures, and should not be the only solution. However, information security does not only depend on raising budget and controls but also needs considering the availability and maintenance cost. We need to bear in mind that People, Procedures, and Products should be considerate at the same time.
In this topic, I would like to share my operational experience on how to build a closed network with resilience and shorten the response time to events.