Last month, the iconic Olympia London opened its doors to over 5,000 delegates, for the 2022 International Cyber Security Expo.
With an esteemed Advisory Council, chaired by Professor Ciaran Martin CB (former CEO of the NCSC), the event combines world-class education with practical business solutions, as well as leading products and innovations.
Not ones to miss such an opportune event, our cyber security team headed down to scope out some key insights.
Here’s what they came back with…
Software Bill of Materials (SBOM) as a strategy 101
Recently emerging as a key building block in software security and supply chain risk management, a SBOM is a complete inventory of a codebase – including open source components, their license and version information, and any known vulnerabilities.
Having an SBOM is one of the most effective ways to identify impacted systems, as well as help organisations secure their infrastructure to minimise cyber security risks.
Attack tree analysis: identifying and ranking cyberattack paths
Conceptual diagrams showing how a system or target can be compromised, attack trees are an excellent tool in the world of cyber security.
Utilising telemetry data and estimates to reduce the risk of an attack, David Wiseman of Isograph Software ran through an example of a threat imposed on an automotive infotainment system – and what an insightful demo it was!
Application security – present and future
A panel of cyber powerhouses delved deeper into application security automation testing.
Specifically, the discussion focused on API security, cloud native application security, and supply chain risks – highlighting how our growing reliance upon such services have exposed users to a variety of new security risks, and exploring how to protect them from constantly-evolving threats.
Hunting the actors behind the threat
Clustering is the process of dividing entire data into groups, based on the patterns in the data – allowing experts to observe activity and identify any anomalies that could indicate a threat. Very Jason Bourne!
Zero Trust for applications and protecting yourself from zero-day vulnerabilities
Zero Trust is a hot topic for network security. Yet, many are yet to grasp its impact or understand successful implementation.
Delving into the various endpoint evasion techniques that are undetectable by most Endpoint Detection and Response (EDR) and antivirus solutions, offered some great insight into the need for such architecture in an increasingly connected world.
An insight into penetration testing
With a whistle-stop demo of penetration testing in action, attendees were encouraged to think like a hacker, and detect vulnerabilities in a sample software system.
But why is this so important?
Want to continue the conversation? Get in touch.