Presented by: Simon Crosby, CTO & Co-Founder, Bromium Inc.
Mobility, the consumerization of devices and networks, adoption of cloud based services, and ready access to the web lead inexorably toward a stark reality: IT is out of control. As a result, sophisticated attackers penetrate enterprise infrastructure with alarming ease. Security budgets are growing, but protection seems elusive, and locking down users makes them less productive and frustrated, leading to “shadow IT”.
Something is profoundly wrong. Even enterprises that use the most sophisticated security products cannot prevent compromises. Security vendors offer a seemingly endless succession of fancily named technologies that aspire to greater protection, but they gloss over a fatal flaw, namely the undeniable fact that the “detect to protect” paradigm has passed its sell-by date.
Luckily there is a silver lining to this cloud: Thanks to the relentless progress of Moore’s Law, every PC/Mac and mobile device already has CPU features that can enable it to protect itself by design, on untrusted networks and in the hands of unreliable users.
Micro-virtualization – an evolution of CPU-based hardware virtualization - is a new approach that uses hardware to enforce protection, without relying on detection. Each browser tab, document, attachment or file from detachable storage is automatically hardware isolated on the CPU, with no change to the user workflow. The PC automatically defeats each attack, staying gold. It automatically self-remediates by discarding the contents of each hardware-isolated task, and can safely run unpatched 3rd party applications – such as legacy Java.
In addition, the hardware-backed protection of micro-virtualization permits the device to automatically track the execution of malware, eliminating false alarms and delivering false-alarm free, real-time forensic insights – the needle instead of the haystack.
This talk will present a brief tour through the use of virtualization technologies to simplify management and delivery of secure end-user computing. It will cover in depth the concept of micro-virtualization, highlighting key differences from traditional VM based approaches. It will use live demos of attacks to show how introspection transforms forensics and eliminates remediation.
Over 70% of cypher attacks are unique to your organization. Ultimately, the end point has to defend itself. Micro-virtualization hardware isolates every application task using cpu features for virtualization. It provides much better protection than conventional anti-virus software, HIPS, EMET, Rootlet detection and SMEP.
Presented by: Dr. Michael Parent, Simon Fraser University
For many companies, information technologies (IT) remain their single-largest capital investment – often exceeding investments in property, plant and equipment – combined! As a result, IT tends to span the organization, cross functions, and fundamentally affect the way the enterprise operates. But you already know this…
One of the main challenges facing today’s CIO is Board and Director engagement. How can you ensure your projects and priorities receive enough attention from the Board, and in turn, how can the Board have comfort with its oversight of IT-related issues. After all, most IT investment decisions that go to the Board for approval have an enterprise-wide impact, and concomitant risk. How do you ensure your Directors appreciate this risk-benefit trade-off?
After all, no one likes surprises…especially bad ones.
This interactive session will focus on the role of the Board with respect to IT-led business transformation decisions; the role and responsibilities of Directors as they pertain to making such decisions; to protecting them once they have been implemented; and to how CIOs can successfully create and manage constructive relationships with their Boards.
Specifically, we will seek to answer three key questions:
How can tomorrow’s CIO build and sustain a successful, constructive relationship with the Board and Lead Director(s)?
What do Directors, in turn, expect from CIOs.
What should you, the CIOs expect from your Boards?
Constructive understanding of how information technologies should be overseen; the questions Directors and CIOs should ask of each other; the answers they should expect to receive; and how the CIO can educate the Board on an ongoing basis with respect to IT-led enterprise risks and opportunities.
Michael Parent, Professor, Management and Director, Governance and Security at SFU, urged CIOs to be explicit, incisive and consistent in communicating all elements of “LTSCDA” to their boards on each and every IT initiative. LTSCDA is Long-Term Sustainable Competitively Differentiated Advantage. Tying IT investments to business value and risk is critical.