Events

We are delighted to be Silver sponsors at 2023’s SinCon event. Our CTF challenge will kick off on 4^th January at 10:00am SGT, you have to be registered to take part. Find your ticket here.  Or pop along to our stand to chat to the team and pick up some swag.

SinCon brings top cybersecurity leaders and experts from both the East and West together to share and discuss deep technical topics and insights, to build and advance the region’s cyber security capabilities and capacity.

Find out more https://www.infosec-city.com/about

This course, delivered by Sven Schleier, teaches you how to analyze Android and iOS apps for security vulnerabilities by going through the different phases of testing, including dynamic testing, static analysis and reverse engineering. Sven will share his experience and many small tips and tricks to attack mobile apps that he has collected throughout his career and bug-hunting adventures.

WithSecure will be attending the much anticipated CRN MSP Transform event in London. Our experts will discuss the concept of outcome-based security and what this means in practice with out partners and customers.

We’d love to meet with you at this event. Should you wish to book a meeting with us, please provide us with your details here.

MSP Transform is FREE to attend for professionals from MSPs and IT reseller organisations. We look forward to seeing you there!

Join us for a live fireside chat with Mikko Hypponen, Chief Research Officer at WithSecure, as we discuss his predictions for the future of the internet and its transformative potential

This is Dreamforce’s 20^th anniversary, and we couldn’t miss the party. WithSecure is exhibiting for the first time and we’re proud to be a groundbreaker sponsor of the event. Join us at booth 827 as we conduct hourly presentations on upcoming cyber threats and how to secure the Salesforce Cloud.

WithSecure is proud to exhibit at the Midsize Enterprise Summit, the only event solely dedicated to midmarket IT executives who are leading their organizations through tremendous changes in this "new normal".

Are you ready to be the Ship’s Captain and sailing through the realm of Kubernetes? Kubernetes, also known as K8s is an open-source tool that is widely used by organisations for automating deployment, scaling, and management of containerized applications.

This course will guide you through an exciting journey of getting to know the fundamentals of K8s. Participants who have no prior knowledge in K8s or containerization technology are most welcome as we will be teaching you some of the basic and core concepts of a K8s cluster such as pod deployment, cluster networking and Role-Based Access Control (RBAC). Besides, the security element of each concept will also be presented during the workshop.

These concepts serve as a good starting point for someone who is new to this domain and would want to go deeper into this area. We will also navigate you through various hands-on sessions, that allows you to use tools we normally use when dealing with K8s. You will also be able to learn to identify security misconfiguration that could happen within a K8s cluster and follow the best practices to secure a K8s environment.

By the end of this workshop, you will have a better understanding of what K8s is, how K8s operates and the core components that are supporting K8s. You will also learn how to use CLI tools, such as kubectl to interact with a k8s cluster. Last but not least, you will also learn some of the basic security concepts that are critical in securing a K8s cluster.

WithSecure is exhibiting at MSP Summit where our channel team will be ready to network with current and new channel partners. This event will be filled with peer group discussions, roundtable sessions, and workshops on critical channel topics including Channel M&A, changing business models, strategic marketing for leaders, and leadership secrets from winning MSP businesses.

Register with code WITHSECURE to save $100 on your conference pass, or receive a free expo-only pass.

Digital supply chain threats are high on the security agenda in 2022 and based on Salesforce research “third-party security management” is a top concern for IT-leaders this year.

The next major cyber attack is imminent, but what will it look like and where could it come from? Join our webinar to discover what we have learned from previous attacks such as Log4j, the ways in which we can prevent future attacks from happening, and how WithSecure Intelligence its playing its part in creating a safer supply chain.

Protecting - and being protected by - your customers and suppliers is of paramount importance. Lately, supply chain cyber attacks have made headlines. This webinar will look at practical, concrete actions you can take to defend your organization - as well as your supply chain partners - from cyber compromise.

Training: How to Find Vulnerabilities in Android Apps – Developer Edition, delivered by Sven Schleier

Vulnerabilities can be manifold and everywhere, in your repo, in your APK or when using the app. This workshop will guide you on how to start embedding methodologies and open-source security tools into your SDLC to catch the "low-hanging fruit" early and have continuous security scans in your pipeline.

BlueTeam Con: SaaSy detection: purple teaming Software-as-a-Service platforms, presented by Nick Jones and Chris Philipov 

This talk presents an approach to developing attack detection capability across cloud-based Software as a Service (SaaS) solutions. This approach is drawn from real world experience across a wide variety of enterprise environments and focuses on the use of purple team methodologies to identify and execute likely attack paths, evaluate telemetry and build effective detections.

Historically cloud security research has focused on cloud infrastructure providers, but the use of SaaS solutions has increased dramatically, and become deeply ingrained in how organizations operate day-to-day. Microsoft 365, GitHub, and Slack are good examples of SaaS solutions used by the majority of organizations today. The fast-paced development of these new technologies has seen a divergent approach to security within the solutions themselves. Perhaps more notably, organizations' rapid adoption of these technologies has seen engineering efforts far outpace security development and understanding.

Over the past 18 months the presenters have been helping organizations understand what attacks against SaaS look like and building an approach for building and validating detection through emulation of these threats. The dynamic nature of SaaS solutions and the cloud environments they inhabit mean that building an effective long-term framework for keeping up with these changes is more important than the individual detections themselves.

Attendees will leave the talk with a clearer understanding of:

• What real-world SaaS attacks look like
• How SaaS detection differs from more conventional detection
• How to approach designing, implementing and evaluating their SaaS detection capability

Breaking boundaries, securing perimeters: A pragmatic approach to Attack Surface Management, presented by Katie Inns 

Security teams can often become overwhelmed by large lists of vulnerabilities that affect their systems; it is hard to know which to prioritize first when it comes to remediation. This can lead to ineffective vulnerability management processes that focus on addressing issues from a top-down approach and do not reflect real-world exploitation or the risk to the organization. This becomes more problematic when organizations don’t fully understand their attack surface and their systems that may be at risk.

This talk will discuss how organizations can adopt a more pragmatic approach to attack surface management by understanding the assets at risk, how to prioritize remediation, and how to adapt based on emerging threats.

Find out more about the event here.

Nick Jones and Mohit Gupta present ‘Dismantling the Beast: Formally Proving Access at Scale in AWS’. 

WithSecure’s Nick Jones and Mohit Gupta will be presenting their talk ‘Dismantling the Beast: Formally proving access at scale in AWS’ at this year’s fwd:cloudsec. Tickets for the event are now sold out, but recordings of the talk will be uploaded to YouTube after the event. 

At fwd:cloudsec you can expect discussions about all the major cloud platforms, both attack and defense research, the limitations of security features, the pros and cons of different security strategies, and much more.

Courageous business leaders, trailblazers, and makers came together not only to co-secure but to co-create and co-innovate.

The purpose of this event was to provide:

• Technical and business-related insights
• Practical ‘how-to-tips’
• Guidance from cyber-security experts
• The opportunity to network with peers and discuss the latest industry trends with our consultants

Watch the recording to learn more about managing your security from the cloud using WithSecure™ Elements:

• A single portal in the cloud for improved visibility
• Enabled capabilities as required
• Cutting-edge defense without the updates
• Expert help at hand
• Pay as you use services
• Less focus on maintenance - more focus on security
• Benefits from cloud-based automation and scalability

In this webinar, we discussed:

• Common cloud challenges from a detection and response perspective, and how to successfully tackle them
• How to identify, investigate and mitigate common intrusion types
• Effective prevention and detection tips that can be tailored specifically to your organization’s cloud security needs
• Solutions for optimizing cloud visibility for enhanced security and beyond
• How WithSecure’s Incident Response team conducts detection and response work in the cloud for effective results
• Evolving techniques for you and your organization to maintain resilience as you adopt new ways of working.

The new era of co-security is here. During this unique online event, you’ll get new insights and all the latest news about the world-class service you’ve come to expect from WithSecure™.