3. Misdirection
a form of deception in which the attention of an audience is focused
on one thing in order to distract its attention from another.
Wikipedia
Gartner predicts that by 2018, 10 percent of enterprises will use
deception tools and tactics, and actively participate in deception
operations against attackers.
Honeypot / Honeynet – 2005
“Never attempt to win by force what can be won by deception,”
Italian political philosopher Niccolo Machiavelli.
4. Agenda
12.00- 12.40 Registration, meet the exhibitors, tea/coffee
12.40-12.45 Take your seats
12.45-12.55 Welcome and logistics
12.55-13.10 SmartSTEMs
13.10-13.25 Pure Storage Demonstration
13.25-13.45 GDPR with Laura Irvine, BTO Solicitors LLP
13.45-14.00 ZoneFox Demonstration
14.00-14.30 Afternoon Break tea/coffee and donuts
14.30-14.45 Lenovo Demonstration
14.45-15.05 Anatomy of an Attack: Ransomware
15.05-15.20 Trend Micro Demonstration
15.20-15.50 Top Threats and how to manage them
15.50-16.05 Arcserve Demonstration
16.05-16.35 Customer Panel
16.35-17.00 Q&A / Close
9. Title TextSmartSTEMs is the glue between Tertiary Education, Industry and
Schools. We exist to provide equity of opportunity to young people
into STEM (Science Technology Engineering and Mathematics) with
particular focus on the gender and skills gap.
HUB OUTREACH
10. Title TextSome Numbers
• Less than 2 out of 10 ICT employees are female Nesta
• Skills gap in Scotland is 7000 people ScotlandIS
• 15% Female apprenticeships IT & Telecomms SDS
• 9% Female apprenticeships ICT SDS
• 10% Female apprenticeships Information Security SDS
19. Title Text Emma Cairns
SmartSTEMs Scholar
“To me, SmartSTEMs means provision for the future: it’s
what is necessary to create a talent pipeline that will keep
on giving for decades to come.”
21. Title Text
• Your CSR initiative
• Apprenticeship / Talent Pipeline
• Succession Planning
• Access to schools
• Access to HE/FE Establishments
• R&D support
• Expanding your network
SmartSTEMs Can Support YOU
22. Title Text
• PR/Media Awareness generally
• Volunteering
• Using your network
• Sources of other future funding for expansion
Can you support SmartSTEMs?
32. The Hermione Grainger of GDPR
Quote: Laura is
the hot
favourite
speaker and
font of all
things GDPR.
Laura actually
likes GDPR. !!!!
33. GDPR Magic?
Final version published on 4 May 2016 and will be enforced from 25
May 2018.
Direct effect throughout the EU.
Brexit will have no impact initially and will be unlikely to have an impact
in the near future.
Will replace the Data Protection Act 1998.
Data Protection Bill published today.
Other legal changes to watch out for: Police Directive; National
Infrastructures Directive, ePrivacy Regulation.
34. GDPR Basics for Organisations
Legal Processing – it is not all about consent
Fair and Transparent Processing – it is all about providing the data
subject with information in relation to what you are doing with their
personal data
Data Subject Rights – new and enhanced rights
Data Protection Officer – a requirement for certain organisations
Accountability – responsible for complying with GDPR principles and
demonstrating compliance with GDPR principles
Controllers and Processors – due diligence, contractual terms
35. GDPR and Security – Sixth Principle
Personal data shall be: processed in a manner that
ensures appropriate security of the personal data,
including protection against unauthorised or unlawful
processing and against accidental loss, destruction or
damage, using appropriate technical or organisational
measures
‘integrity and confidentiality’
36. Article 32 – Security of Processing
Taking into account the state of the art, the costs of
implementation and the nature, scope, context and
purposes of processing as well as the risk of varying
likelihood and severity for the rights and freedoms of
natural persons, the controller and the processor shall
implement appropriate technical and organisational
measures to ensure a level of security appropriate to
the risk.
37. Artcile 32 Specifically Encourages ‘as
appropriate’:
pseudonymisation and encryption of personal data;
the ability to ensure the ongoing confidentiality, integrity, availability
and resilience of processing systems and services;
the ability to restore the availability and access to personal data in a
timely manner in the event of a physical or technical incident;
a process for regularly testing, assessing and evaluating the
effectiveness of technical and organisational measures for ensuring
the security of the processing
38. Personal Data Breaches, Reporting and Fines
‘personal data breach’ means a breach of security leading to the
accidental or unlawful destruction, loss, alteration, unauthorised
disclosure of, or access to, personal data transmitted, stored or
otherwise processed;
Must be reported unless it is unlikely to result in a risk to the rights and
freedoms of individuals.
Fines of up to € 20 million or 4% global turnover
39. As Albus Dumbledore says: BTO Can Help
Contact details:
Laura Irvine
T: 0131 222 2940
E: lji@bto.co.uk
www.bto.co.uk/gdpr
43. Who are we?
ZoneFox is an award winning market leader in User Behaviour
Analytics, providing critical insights around data-flow that you need
to secure against the Insider Threat.
44. Analyze. Detect. Protect.
Let’s start with basics
● What does compliance look like?
● What is an ‘insider threat’?
● What are they threatening and how does this relate to GDPR?
● How can you tell what is important?
● How can you tell who is important?
● But what about the really clever insider?
69. Trend Micro - The company
What we do How we do it Who we are
EVA CHEN , CEO and Founder
Founded: 1988
Offices: 37
Employees: 6000+
Revenues: $1.2Bn
Cash Assets: $1.65Bn
Headquarters: Tokyo
Recognised leader in endpoint,
server, virtualisation and cloud
security
Protecting the exchange of
digital information for
Businesses and Consumers
Innovative security solutions
1,200 threat experts in 12 TrendLabs
locations around the globe,
1,492 R&D Engineers
$400M USD and 500 Engineers
invested in last 4 years to develop
cloud-related solutions
Global Threat Intelligence with
Smart Protection Network
155million+ endpoints protected500,000+ commercial customers protected
70. Copyright 2017 Trend Micro Inc.70
LAN Server
Security
1995 2000 2005 201520101990
LAN Server
Security
Leading
Consumer
Anti-Virus
MSN Hotmail
Protection
Gateway
Security
Integrated
Virtualization
Security
Cloud
Computing
Security
Advanced
Threat
Detection
Network
DefenseSmart
Protection
Network
28 Years of Innovation
71. Copyright 2017 Trend Micro Inc.71
Innovative and Timely Response to
Evolving Threat Landscape
Anti-
malware
Personal Firewall
Anti-
spyware
High-Fidelity
Machine Learning
Sandbox
Analysis
Application
Control
Exploit
Prevention
Census
Check
Data Encryption
Data Loss
Prevention
Behavioral
Analysis
File
Reputation
Web
Reputation
Host-based
IPS
28 years of
innovation
Investigation &
Forensics (EDR)
Variant
Protection
Whitelisting
Check
72. Copyright 2017 Trend Micro Inc.72
Connected Threat Defense: Better, Faster Protection
Gain centralized visibility
across the system, and
analyze and assess
impact of threats
Enable rapid response
through shared threat
intelligence and delivery
of real-time security
updates
Detect advanced malware,
behavior and
communications invisible
to standard defenses
Assess potential
vulnerabilities and
proactively protect
endpoints, servers and
applications
PROTECT
DETECT
RESPOND
85. Copyright 2017 Trend Micro Inc.85
The MARKET LEADER in
server security for the 7th
straight year!
Symantec
Intel
Other
30%
CERTIFIED for key environments
AND for security
EAL 2
Source: IDC, Securing the Server Compute Evolution: Hybrid Cloud
Has Transformed the Datacenter, January 2017 #US41867116
86. Copyright 2017 Trend Micro Inc.86
Market Leadership Position
The market leader
in server security
for the 7th straight year
Highest and Furthest to the Right in
the Leader’s Quadrant in the Gartner
Magic Quadrant for Endpoint
Protection Platforms, Jan 2017
#1 in protection and performance
• Source: IDC, Securing the Server Compute Evolution: Hybrid Cloud Has
Transformed the Datacenter, January 2017 #US41867116
• NSS Labs Breach Detection Test Results (2014-2016);
NSS NGIPS Test Results, 2016
• http://www.trendmicro.com/us/business/cyber-security/gartner-idps-report/
• https://resources.trendmicro.com/Gartner-Magic-Quadrant-
Endpoints.html
• av-test.org (Jan 2014 to Dec 2016)
Recommended Breach Detection System
for 3 straight years, and
Recommended Next-generation IPS
Leader in Gartner Magic Quadrant for
Intrusion Detection and Prevention
Systems, January 2017
90. THE TOP THREATS
…& HOW TO MANAGE THEM!
Stuart Macdonald - MANAGING DIRECTOR
stuart.macdonald@seric.co.uk @stuart_seric
SEPTEMBER 14TH 2017 – WILD CABARET
111. 1. Simple Managed Services
2. Straightforward Solutions
3. Flexible Support
4. Professional Services
Seric’s Response
112. Managed Services
• Phishing Service
• Internal Vulnerability Scanning
• Web Application Testing
• Web Compliance Testing
• Mobile Application Testing
The Managed Services
113. Solutions (some examples)
• All Flash Arrays
• End Point Security
• Backup and Restoration
• Insider Threat Detection
• Server and Storage
• SIEM Solutions
• Et al.
Straightforward Solutions
114. Flexible Support Offerings (some examples)
• Product Specific
• Project Specific
• Wraparound Cover / Enablement
• Holiday Cover
Flexible Support
116. Professional Services – Consultancy
• Business Continuity Planning
• Cyber Strategy
• Cloud Strategy
• Compliance Planning
• Cyber Education
Professional Services (cont’d)
117. • “I need some Essentials thing for a tender I’m doing”
• “I want a Pen Test”
• “I don’t know where to start”
• “I know loosely what I want to do”
• “The board have got no idea”
• “I’ve now got one guy on the board breathing down my neck”
• “We’ve simply not got the resources or funding”
Most Frequent Requests/Comments
118. • Do things with multiple positive outcomes
• CE+ an easy win
• Educate and manage the business internally
• Map out a strategy
• Incremental Asks
• Speak to the board in a language they understand
• Risk Management
• Framework of measurement
• Evidence your decision making
• Local and or Similar Examples
• Mini-Audit to highlight gaps
• #SericCanHelp
Successful Strategies - One thing begets another
126. Arcserve UDP Solution Suite
“
“Arcserve delivers an
unprecedented
end-to-end suite of
powerful yet
elegantly simple
availability
solutions for the
midmarket.
Email archive & compliance
Enterprise Power – Small Team Simplicity
131. Award Winning!
133
“Arcserve is the closest to feature-complete that
you’re likely to see in the backup space.”
“Arcserve UDP was the only system able to recover data over
a SAN. It also offered the support for a heterogeneous
environment.”
“The Arcserve system is helping to maximise the availability of
the MK Data Hub, safeguarding the reputation – and ultimately
the success – of the MK:Smart initiative.”
PC PRO review of Arcserve UDP Appliance
“Arcserve UDP has impressed us before, and now you get it in a
purpose-built backup appliance.”…”The setup process is swift: It took
only 21 minutes to add the appliance to our domain”…”The powerful
hardware made it’s presence felt: the 260GB on our domain
controller was secured at an average of 79MB/sec.”
STORAGE MAGAZINE 2016 & 2017:
Data Protection Product of the Year
Arcserve - Unified Data Protection (UDP) v6
Disaster Recovery Product of 2016
IT Pro review of Arcserve UDP Appliance
http://arcserve.com/about/awards/
132.
133. What Next?
More Information - http://arcserve.com/uk/
– Data Sheets
– White Papers
– Case Studies
Try UDP v6.5 Free - http://arcserve.com/uk/free-backup-software-trial/
Appliance Loan or Try and Buy for testing
UDP Appliance Setup Demo
https://www.youtube.com/watch?v=6O-ocbxqhjw
Arcserve Cloud Walk-Through
https://www.youtube.com/watch?v=DvCqHUykJAc
135