that, he was a senior software architect at Phonaris, where he designed the architecture and led the development of the Phonaris agents for the iPhone and Android platforms. Luttwak is an alumnus of the Israeli Defense Force’s 8200 unit. An inconvenient Zeus: The rise of SaaS targeted malware Vulnerabilities within SaaS applications have increasingly become the end user’s responsibility. As it gains popularity, as it has over the last few years, it is increasingly a part of our everyday work life. However, using SaaS applications – although excellent at increasing productivity – leaves a large attack surface. So, what's the risk? It’s hard to imagine how SaaS vendors can deliver a bank level of security, and harder still to imagine their customers accepting it. The more compelling piece here is the implied weakness in the shared responsibility model. There is only so much that a SaaS vendor can do, even if their controls are upgraded, their customer's security posture is the keydetermining factor in warding off this attack. Which leads to the heart of the matter, most customers look to SaaS as a way to offload responsibility, but they also need to remember their own systems can be the target. We are proposing a session where Adallom will showcase new vectors of a cyber-attack found in the wild specifically targeting enterprise SaaS applications. Joseph Malinka is the Director of Systems Engineering at Bromium. He joined Bromium in June of 2012 when the company was still in stealth mode, and played a crucial role in establishing Bromium’s early customer base and subsequent record growth. Prior to Bromium, Joe was at EMC for 11 years of which the last three years were with RSA, the Security Division of EMC. He has provided engineering, consultative, and architectural expertise in many different security domains, working extensively with medium to large enterprises in the New York City metro area in the financial, legal, and healthcare verticals. He is aCertified Information Systems Security Professional (CISSP) and received a B.S. in Applied Physics from Brigham Young University. “One ring to rule them all” – Using CPU Features to Enable Any Device to Protect Itself By Design Our society has never had more valuable information available online, and the consequences and cost of successful compromises have never been more stark. Can we fix this? Yes. We can enable any end point to protect itself by design using existing features of the CPU, and perhaps more importantly, we can deliver hardware-backed protection to existing (legacy) applications and operating systems: CPU features on commodity server, PC and mobile devices offer all that is needed to turn the tide. This talk will describe a radically new approach to system security – micro-virtualization – that makes use of CPU features for virtualization to hardware-isolate tasks within a running (any) OS, relying on CPU mechanisms to protect the system from any malware. The coretechnology is the open source Xen hypervisor, whose community continues to lead innovation in virtualization and isolation. This talk is also a call-to-arms of the research and security ecosystems to use micro-virtualization to advance security research, attack analysis and to further extend the use cases for micro-virtualization. Derek Manky formulates security strategy based on years of threat and industry knowledge, with a goal to make a positive impact towards the global war on cyber crime. Manky has presented research and strategy world-wide at many security conferences, including meetings with leading political figures who help define the future of cyber security. He works globally within the security industry and Computer Emergency Response (CERT) to connect the dots, providing mitigation advice and threat forecasts based on correlated data and personal knowledge. This strategy can be integrated into new, advanced technology to fight cyber attacks. He has been recognized as athought leader in the industry. Manky designed a vulnerability disclosure framework, which has been reliably used for years to responsibly fix security issues before criminals discover and attack them. Manky also sits on a computing program committee with a premier technology institution in Canada, advising on next generation security requirements. He continues to dedicate his career to security, research and education. Beyond BYOD – Hacking the Internet of Things Everyone knows the deal, the doom and gloom. There are threats on the internet, and plenty of them in many shapes and form – worms that have persisted for years, basic Trojans that still perform, and of course advanced persistent threats (APTs). If securing Windows based systems still proves challenging today, what will tomorrow bring? Are Linux and Mac systems really that much more secure? And what about Android vs. iOS vs. Windows Mobile with BYOD? Attacks against home routers, home automation systems, surveillance cameras,services, healthcare, mining, energy, engineering and construction, legal services, and technology companies. For more information visit and follow @esentire. Silver Sponsors Palo Alto Networks, Inc. has pioneered the next generation of network security with our innovative platform that allows you to secure your network and safely enable an increasingly complex and rapidly growing number of applications. At the core of this platform is our next-generation firewall, which delivers visibility and control over applications, users, and content within the firewall using a highly optimized hardware and software architecture. Veeam® is Modern Data Protection™. We believe today’s IT requirements have changed and that “3C” legacy backup problems—high costs, increased complexity and missing capabilities—are no longer acceptable for any organization. Veeam provides powerful, easy-to-use and affordable solutions that are Built for Virtualization™ and the Cloud—a perfect fit for the modern datacenter. Varonis mission is to help enterprises realize value from their human-generated data. Varonis increases productivity, sustainably reduces risk, and lowers cost in the enterprise. Our products automate time-consuming data management and protection tasks and extract valuable insights from your human-generated data. The Varonis Data Governance suite helps organizations manage and protect their unstructured and semi structured data—the documents, spreadsheets, presentations, media files and other business data in file servers, NAS devices, SharePoint and Exchange. These critical data assets are massive and growing rapidly. At Cisco (NASDAQ: CSCO) customers come first and an integral part of our DNA is creating long-lasting customer partnerships and working with them to identify their needs and provide solutions that support their success. Cisco has shaped the future of the Internet by creating unprecedented value and opportunity for our customers, employees, investors and ecosystempartners and has become the worldwide leader in networking - transforming how people connect, communicate and collaborate. HP's enterprise security software and solutions provide a proactive approach to security that integrates information logging and correlation, application analysis and network-level defense. With Gartner Magic Quadrant leaders in Security Information and Event Management (SIEM), Next-generation Intrusion Prevention and Managed application security testing available on demand, HP has the solutions to take your security posture into the next generation. Bronze Sponsors Educational Sponsors Experience the industry’s most realistic penetration testing, training and certifications. Taught by the core developers of Kali Linux, our information security training will immerse you into the deep-end of real world penetration testing. We know penetration testing. Between Offensive Security Training, Kali Linux and the Exploit-Database, you can trust that we have the expertise,knowledge and experience to provide you with high end penetration testing services. Offensive Security funds and develops several prominent information security niches, such as Kali Linux, the Exploit-Database, Google Hacking Database and Metasploit Framework Unleashed (MSFU) free training. The Hacker Academy provides a unique learning experience, teaching infosec from the hacker’s perspective. You might have heard the phrase, “it takes one to know one mentality”. Our philosophy is to arm our members with the knowledge necessary to practice, implement, and deploy what they have learned immediately and effectively. All training modules are available 24/7 and are perfect for any skill level. Pentester Academy plans to revolutionize online infosec training by providing comprehensive, highly technical, hands-on courses at the most affordable price! Our dream of making infosec training affordable for everyone can only come true with your support! Additional Sponsors Lunch Sponsor Day 1Lunch Sponsor Day 2 Social Mixer Sponsor Palo Alto Networks, Inc. has pioneered the next generation of network security with our innovative platform that allows you to secure your network and safely enable an increasingly complex and rapidly growing number of applications. At the core of this platform is our next-generation firewall, which delivers visibility and control over applications, users, and content within the firewall using a highly optimized hardware and software architecture. Swag Bag Sponsor Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Community Sponsors The High Technology Crime Investigation Association (HTCIA) was formed to provide education and collaboration toour global members for the prevention and investigation of high tech crimes. As such, we are an organization that aspires to help all those in the high technology field by providing extensive information, education, collective partnerships, mutual member benefits, astute board leadership and professional management. The High Technology Crime Investigation Association is composed of 8 regions within the United States and 6 international regions, including Canada. The Atlantic Chapter is one of five chapters in the Canadian region. Internationally there are 38 chapters overall. The Halifax Area Security Klatch (HASK), provides a forum for experts to encourage discussion and share expertise in understanding the latest trends and security threats facing computer networks, systems and data. Our membership includes Information Security practitioners, managers, network administrators, students, and anyone who is interesting in learning more about securing information. We meet at the HalifaxClub in Halifax, Nova Scotia. Typically, we meet the last Monday of the month except for March, June, July, August, and December; unless otherwise notified. The Halifax Hack Labs is a way to engage the local information security community to apply skills learned from other events such as the Halifax Area Security Klatch and the Atlantic Security Conference.