What are the Information Security Days?

i1 + 250 key decision makers and security specialists in one venue from Luxembourg and different other european countries
i2 An exclusive programme of seminars and presentations delivered by some of the world’s biggest names in technology.
i3 The opportunity to build strong relationships and partnerships with security decision makers.
i4 The chance to view the latest and greatest technological advances and security innovations in an exclusive exhibition.
i5 Networking opportunities including a prestigious dinner gathering key decision-makers on day one

 

Technology has always affected the physical world in the form of engineered systems to generate electricity and water, manufacturing facilities to build automobiles and run environmental systems in buildings, for example. However, changes in that technology now drive IT governance and strategy toward convergence in an accelerated fashion, blurring the line between the « digital » and the « physical ».

IoT accelerates this convergence in the financial, insurance, retail and consumer fields as well.Gartner says that by year-end 2017, more than 20% of enterprises will have digital risk services devoted to protecting business initiatives using devices and services in the Internet of Things.

Although cybersecurity has always been a concern for all technology, information and IT security have dominated the development and implementation of technology and solutions. Now the « digital explosion » requires that organizations consider cybersecurity as a superset of IT security to incorporate these new requirements.

IS Days is a two-day event gathering cybersecurity professionals for an exclusive programme of seminars and presentations given by recognised experts, live demos in the exhibition area and many networking opportunities.

For the first time this year’s edition will include a prestigious dinner gathering 200 IT decision-makers on March 15th.

SPEAKERS 2016

PROGRAMME

  • DAY 1 : 12 April 2016
  • 08:30 am
    Doors Opening
  • 09:00 am
    Plenary session

    Keynote 1 :

    « Top Security Trends and Takeaways »

    Felix Gaehtgens, Research Director in Systems, Security and Risk, Gartner

     

    Keynote 2 : 

    « Why we need a new approach to IT Security? »
    Erno Doorenspleet, Executive Security Advisor at IBM Security, will take you through the evolution of cybercrime and how it has now achieved a level of sophistication which is on par with that of modern corporations. In addition, using the latest IBM cybersecurity research available, he will highlight some of the most recent cybercrime trends. Finally, he will discuss how the increased sophistication of cybercrime requires a new approach to IT security and the role cognitive computing will have in bringing innovation to IT security.

     Erno Doorenspleet, Executive Security Advisor, IBM

  • 9:40 am
    Panel Discussion

    Round Table moderated by Telindus

    “A multisectorial approach for common security concerns”

    Introduction : Christian Heinel, Technical Manager, Northern Europe, Cisco Security

    Moderator : Cédric Mauny,  Department Manager, Security Audits and Governance Services, Telindus

    Guests:

    Didier Barzin, RSSI at Agence Nationale eSanté 

    Daniel Mathieu, IT Director, Ferrero International

    Paul Hoffmann, CEO, Luxmetering G.I.E

    Pascal Steichen, CEO, SECURITYMADEIN.LU

    Jean-Yves Mathieu, Head of Information Security, PICTET & Cie (Europe)

  • 10:20 am
    One minute to convince
  • 10:30 am
    Parallel Conferences

    Room A :

    « What is the best defense against sophisticated malware? »
    This session will take you through a multi-layered approach to Advanced Persistent Threats (APT). APTs are no longer just the domain of highly targeted attacks, focusing on an individual organisation. Sophisticated malware, with APT-like qualities, is increasingly used for wider attacks in order to gain access to any type of valuable data. As is true for security in general, there is no one silver bullet that will neutralise modern malware. Jean-Michel Lamby, Associate Partner IBM Security, highlights the required capabailities and the availalable solutions to combat APTs on multiple fronts.

    Jean-Michel Lamby, Security Associate Partner, IBM

     

    Room B:

    « How to deal with Shadow IT and risks of  Data Leakage? »
    Short description: More and more organizations wonder which cloud applications are being used within their organization and wether they are safe and reliable. More and more often employees start using (cloud) applications on their own, without involving the IT department. Because of this it becomes ever harder to stay in control of the applications being used, and of the data that are being stored and / or processed with them. Guarding the organization against the risks involved with Shadow IT starts with insight into the (cloud) applications that are being used. This insight allows rationalizing, control and security – in order to safely enable your organization to get access to the functionality that is needed!

    Jeroen van Zelst, General Manager, Lantech

     

    Room C :

    « Les nouvelles menaces viennent de l’intérieur »
    Presque toutes les grandes violations de sécurité commencent par un utilisateur malveillant, ou un attaquant externe utilisant les informations d’identification d’un employé. 2015 a été une année remarquable pour les menaces internes. On estime qu’en moyenne, les organisations ont subi 3,8 attaques l’année dernière, et 45% des entreprises ne peuvent pas dire si elles ont subi une violation de données. Afin de lutter contre la menace interne, les organisations doivent orienter leur surveillance sur les données elles-mêmes plutôt que sur le périmètre. Les organisations doivent faire face à la nouvelle réalité qui n’est plus de savoir si elles vont subir une violation, mais plutôt à quel moment cette inévitable violation va arriver. Les attaquants sont déjà à l’intérieur : soit ce sont de réels employés ou fournisseurs, ou il peut s’agir d’un attaquant externe utilisant l’identification légitime d’un utilisateur. Leur présence sur un réseau ne serait pas forcément suspicieux pour le service informatique, mais leur activité paraîtrait probablement anormale. Pourtant, le comportement des utilisateurs sur de nombreux systèmes internes est rarement surveillé ou analysé. Participez à cette session pour apprendre :
        – Quelles sont les différentes étapes d’un incident de menace interne
        – Qu’est-ce que l’analyse du comportement de l’utilisateur (UBA) et pourquoi votre entreprise devrait envisager de l’utiliser
        – Quels indicateurs et ensembles de données relatifs au comportement de l’utilisateur, de base imperceptible, sont à surveiller pour prévenir une sérieuse menace en cours
        – Comment être conforme et en sécurité, et éliminer les vulnérabilités que vous ne soupçonniez pas
        – Les meilleures pratiques pour réduire l’exposition potentielle

    Antoine Louveau, Sales Representative SMB-Mid Market BeLux & Switzerland, Varonis Systems

  • 11:15 am
    Coffee Break on the exhibition area
  • 11:45 am
    Parallel Conferences

    Room A:

    « Anticiper le règlement européen sur les données personnelles : le Délégué à la Protection des Données (DPO) »
    Le règlement européen sur les données personnelles devrait être adopté d’ici le printemps 2016. Une période transitoire de deux ans est prévue pour laisser le temps aux organismes de se préparer, et cela ne sera pas de trop.
    En effet, les implications de ce texte seront très importantes, et il importe  dès lors de les anticiper.
    Nous traiterons notamment des sujets suivants:
    Dans quels cas le DPO sera-t-il obligatoire ?
    En quoi le statut du DPO diffèrera-t-il de la situation actuelle ?
    Quelle seront les missions du DPO ?
    Quelle sera l’étendue de la responsabilité du DPO ?
    Le poste de DPO peut-il se transformer en métier exercé à plein temps ou comme prestataire ?

    Frédéric Connes, Directeur juridique & Senior Manager, HSC

     

    Room B:

    « Sandblast Agent : The Evolution of Zero-Day protection »

    Johan De Donder , Senior Security Engineer, Check Point Software

     

     

    Room C:

    « Extend Zero Trust to Your Endpoint »

    Tim De Boeck, Senior Systems Engineer Belux, Palo Alto Networks

  • 12:30 pm
    Networking Lunch on the exhibition area
  • 02:15 pm
    Plenary Session

    Keynote :

    « Threat intelligence – the cornerstone of cybersecurity? »
    Over the last years, many companies have experienced an explosion in cyber events (+ 38% of cyberattacks in 2015 according to the Global State of Information Security Survey 2016 published by PwC). These events have ranged from external attacks, malware, phishing, and malicious viruses or worms to advanced persistent threats to companies. The market has shown that traditional solutions are insufficient. To complement protection of systems, « cyber threat intelligence » capabilities and solutions are now recommended. With a broad spectrum and ongoing analysis of the organisation’s environment, companies can capture weak signals and anticipate threats. The use of next-generation safety features, that automate preventive measures and do not rely only on static defences, are the best defence against the current advanced cyber threats: how companies can protect and secure themselves using this proven methodology? How they can model and, finally, extend this approach in other areas to open real opportunities?

    Vincent Villers, Partner, Cyber Security Leader, PwC Luxembourg 

     

  • 02:50 pm
    One minute to convince
  • 3:00 pm
    Parallel Conferences

    Room A:

    « Barbarians within the gates! Understanding and mitigating targeted attacks! »
    When an attacker has found his way inside your network, how can you stop him getting to your most valuable information? Because targeted attacks take advantage of a specific organization’s weaknesses, finding attack patterns that fit a broad range of cases is very difficult. But there is one pattern that can be found in almost all targeted attacks: the exploitation of privileged accounts. So, what if you had a way to secure the one thing attackers need for a successful attack?

    Michael Ravelingien, Sales Engineer, Cyberark

     

    Room B:

    « Gouvernance et protection des données critiques de l’entreprise : Cap vers la protection maximale »
    Les entreprises sont de plus en plus exposées aux cyber-risques et les récents accidents de sécurité et violations de conformité de 2015 prouvent que les mécanismes de sécurité traditionnels ne suffisent plus à parer les attaques externes ou les tentatives de fraude interne. Brainwave Identity GRC propose une approche de gouvernance des accès aux données basée sur les risques ‘risk based framework’ afin de protéger le capital ‘information’ de l’entreprise.

    Cyril Gollain, CEO, Brainwave 

    Pascal Moncapjuzan, Head of Information Security & Business Continuity, Nomura Bank Luxembourg 

     

    Room C :

    « Threat Detection – Y-a-t-il une solution idéale ? »
    Les attaques informatiques sont de plus en plus complexes de par la combinaison des différents moyens traditionnels. Estimer l’ampleur de ces menaces représente un vrai défi pour les entreprises.

    Murat Aksu, Security Engineer, Telindus

  • 04:00 pm
    Coffee Break on the exhibition area
  • 04:30 pm
    Parallel Conferences

    Room A :

    « Where’s the Security in SDN? »
    Virtualisation is penetrating all aspects of our physical networks and service models. But how do we keep it secure when there are no clear boundaries anymore and services can be deployed or moved to another location with a single click? Fortinet will present its Secure Fabric integration with VMware NSX and Cisco ACI.

    Robby Cauwerts, Systems Engineer, Fortinet

     

    Room B :

    « The current state of encryption – results of Sophos’ global research on the use of & need for encryption »

    Vincent Vanbiervliet, Product Manager Data Protection, Sophos

     

    Room C :

    « La réputation des utilisateurs, nouvelle frontière de la sécurité dans un monde ouvert »
    L’évaluation de la réputation des utilisateurs s’appuie sur l’analyse comportementale afin d’évaluer l’intention des utilisateurs et prendre des décisions adaptées au niveau de confiance qui découle de cette évaluation. Avec ces nouvelles capacités, les pare feux applicatifs de DenyAll vous aident à mettre en place une politique de sécurité ajustée, qui facilite les interactions numériques sans mettre en danger vos données et celles de vos clients.

    Gilles d’Arpa, VP Sales, DenyAll

  • 05:30 pm
    Parallel Conferences

    Room A :

    « Visibility, Control … Security »

    Dirk Aertgeerts, Territory Sales Manager Benelux, Arbor Networks

     

    Room B :

    « Securing your Software Defined Data Center »

    Frédéric Dohen, Luxembourg Territory Manager, Trend Micro

    Gilles Chekroun, Senior NSX Specialist, Vmware

     

    Room C :

    « La gestion de la cyber-sécurité par le pilotage des cyber-risques »

    Philippe Dann, Head of Risk & Business Advisory, EBRC

  • 06:30 pm
    Networking Dinner on the exhibition area
  • DAY 2 : 13 April 2016
  • 08:30 am
    Doors Opening
  • 09:00 am
    Plenary Session

    Keynote 1:

    « Boost your cybercriminal activity with cryptocurrencies.
    Are cryptocurrencies only supporting cybercriminals? »

    Alexandre Dulaunoy, Incident Management – Security Researcher, CIRCL

     

    Keynote 2:

    « Advanced Threat Protection
    For All of the Network, All of the Time »
    Learn how Fortinet by focusing in a unique way to security, performance and the global network concept, provides a better and more secured answer to the new advanced threats at a lower TCO.

    Filip Savat,Country Manager Belgium & Luxemburg, Fortinet  

     

    Keynote 3:

    « Your organization WILL suffer a data breach and the EU is waiting for it. »
    On December 17th 2015, the EU institutions came to an historical agreement to reform the 1995 EU Data Protection Regulations. It took 20 years to come to this new set of rules. In the meantime, this new set of rules has resulted in a global launch of research into the state of IT security within all industries. And each time the main conclusion is the same: organizations aren’t ready for it. Data is not protected properly amongst the majority of organizations. Which means a lot of businesses are going to suffer the (painful) consequences once the new legislation goes into effect (beginning of 2018). Anthony Merry will show you what the new regulations actually mean and what you can do today to prevent data breaches and prevent million euro fines in the future.

    Michael Heering, Marketing Manager Benelux, Sophos

     

  • 10:00 am
    Panel Discussion
  • 10:25 am
    One minute to convince
  • 10:30 am
    Parallel Conferences

    Room A:

    « Network Security Orchestration ,  addressing today’s connectivity challenge »

    Frederic Lallement, Presale Network Security Engineer, Extreme Networks

     

    Room B:

    « Identity & Access Governance: Take up the challenge of employee life cycle. »
    It’s important for all employees to get all the access they need to perform their job. At the same time many security issues involve Identity and Access vulnerabilities, because of inappropriate access granted on the IS. As a security executive, you may be wondering how to make a quick-win action to deter a breach. You may also wonder how to reduce the costs associated with proving and achieving compliance within the business and with local regulations. And one of the main concern is probably regarding identity lifecycle involving excessive privileges due to job moves.

    Arnaud Fléchard, Chief Technology Officer, Kleverware

     

    Room C :

    « Get updated on the new FortiOS 5.4″
    With the latest release of its flagship OS Fortinet is once again advancing what professionals can expect from a NexGen Firewall, with deeper integration into the Fortinet Ecosystem to deliver unparallelled security, visibility and flexibility.

    Yves Lemage, Systems Engineer, Fortinet

  • 11:15 am
    Coffee Break on the exhibition area
  • 11:45 am
    Parallel Conferences

    Room A : 

    « The current state of encryption – results of Sophos’ global research on the use of & need for encryption »

    Vincent Vanbiervliet, Product Manager Data Protection, Sophos

     

    Room B :

    « Software Defined Security – hype or reality »

    Sebastien Bourgasser, CTO, Dartalis 

     

    Room C :

    TBC

  • 12:30 pm
    Networking Lunch on the exhibition area
  • 02:00 pm
    Live Demos

    Demo Area 1:

    « Experience IBM Security´s QRadar, the market-leading Security Intelligence platform »
    The IBM® QRadar® Security Intelligence Platform provides a unified solution which integrates security information and event management (SIEM), log management, anomaly detection, incident forensics and configuration and vulnerability management. QRadar provides near real-time visibility for threat detection and prioritization, delivering surveillance throughout the entire IT infrastructure.
    Near real-time correlation and behavioral anomaly detection to identify high-risk threats.
    High-priority incident detection among billions of data points.
    Full visibility into network, application and user activity.
    Automated regulatory compliance with collection, correlation and reporting capabilities

    Nico De Smidt, CTE, QRadar

     

    Demo Area 2 :

    « Déjouer Cryptolocker avec DatAlert de Varonis »
    Des infections Cryptolocker sévissent depuis un an, cryptant des fichiers sur des partages réseaux pour ensuite obtenir une rançon.
    Grâce aux notifications en temps réel de DatAlert sur les changements de configuration et les événements d’accès, les clients de Varonis ont non seulement pu détecter Cryptolocker et réagir, mais aussi réparer les fichiers cryptés.
    Participez à cette session pour apprendre :
      – La configuration de DatAlert pour être averti
      – Des modifications apportées aux fichiers de configuration
      – Des événements d’accès générés par des utilisateurs/groupes particuliers
      – Des changements intervenus en dehors d’une fenêtre de modification
      – Le moyen de détecter Cryptolocker en action et d’identifier les fichiers qui ont été cryptés
      – L’utilisation de PowerShell pour arrêter Cryptolocker en temps réel
      – Les moyens de réparer les fichiers qui ont été cryptés par Cryptolocker

    Antoine Louveau, Sales Representative SMB-Mid Market BeLux & Switzerland, Varonis Systems

     

    Demo Area 3 :

    « Project Kepler – Sophos Next Generation Data Protection »
    Sophos has been working on setting the new standard for encryption. With current EU data protection legislation on its’ way and encryption being recognized as the most appropriate measure for data protection, it comes to security vendors to come up with a way to make encryption more and easily accessible for organizations of all sizes. The challenge: making encryption easy to use without your users even noticing it’s there. The solution: Encryption by default, encryption all data, all the time, everywhere it goes. The product: Sophos SafeGuard Enterprise 8.

    Vincent Vanbiervliet, Product Manager Data Protection, Sophos

  • 02:30 pm
    Live Demos

    Demo Area 1 :

    « Identity & Access Governance: Take up the challenge of employee life cycle. »
    It’s important for all employees to get all the access they need to perform their job. At the same time many security issues involve Identity and Access vulnerabilities, because of inappropriate access granted on the IS. As a security executive, you may be wondering how to make a quick-win action to deter a breach. You may also wonder how to reduce the costs associated with proving and achieving compliance within the business and with local regulations. And one of the main concern is probably regarding identity lifecycle involving excessive privileges due to job moves.

    Arnaud Fléchard, Chief Technology Officer, Kleverware

     

    Demo Area 2 :

    « Gouvernance et protection des données critiques de l’entreprise : Cap vers la protection maximale »
    Les entreprises sont de plus en plus exposées aux cyber-risques et les récents accidents de sécurité et violations de conformité de 2015 prouvent que les mécanismes de sécurité traditionnels ne suffisent plus à parer les attaques externes ou les tentatives de fraude interne. Brainwave Identity GRC propose une approche de gouvernance des accès aux données basée sur les risques ‘risk based framework’ afin de protéger le capital ‘information’ de l’entreprise.

    Cyril Gollain, CEO, Brainwave 

     

    Demo Area 3 :

    « Fortinet Ecosystem Demo »
    Learn during this live demo how Fortinets zero-day protection Ecosystem works and how it can arm you against advanced attacks.

    Peter Vanhemelryck, Systems Engineer, Fortinet

  • 03:00 pm
    Live Demos

    Demo Area 1:

    « Barbarians within the gates! Understanding and mitigating targeted attacks! »
    When an attacker has found his way inside your network, how can you stop him getting to your most valuable information? Because targeted attacks take advantage of a specific organization’s weaknesses, finding attack patterns that fit a broad range of cases is very difficult. But there is one pattern that can be found in almost all targeted attacks: the exploitation of privileged accounts. So, what if you had a way to secure the one thing attackers need for a successful attack?

    Michael Ravelingien, Sales Engineer, Cyberark

     

    Demo Area 2:

    « Sandblast Agent : The Evolution of Zero-Day protection »

    Johan De Donder , Senior Security Engineer, Check Point Software

     

    Demo Area 3 :

    « Dont’t feed the sharks with your data »

    Valentin Artaud, Sales Executive, DenyAll

    Xavier Quoniam, Marketing Manager, DenyAll

  • 03:30 pm
    Live demos

    Demo Area 1: 

    « Advanced Endpoint Protection Demonstration »

    Tim De Boeck, Senior Systems Engineer Belux, Palo Alto Networks

     

    Demo Area 2 :

    Alexey Kholmov, Systems Engineer, EMEA, Arbor Networks

     

    Demo Area 3 :

    Murat AKSU, Security Engineer , Telindus

  • 04:00 pm
    Live demos

    Demo Area 1 :

    « Life as Red Team in ISPs »
    Practical cases as Red Team member handling everyday incidents on ISP networks.

    POST Luxembourg

     

    Demo Area 2 :

    « TrendMicro and VMware NSX integration »

    Gilles Chekroun, SDDC, NSX team EMEA,VMware

SPONSORS