Artificial Intelligence & Machine Learning , DevSecOps , Endpoint Security
Visual Journal: Infosecurity Europe 2019London Conference Tackles Data Breaches, Machine Learning, Cybercrime and More
June means it's time for the annual Infosecurity Europe conference, and as in recent years, the 2019 edition of the conference earlier this month returned to London.
See Also: Attack Surface Management: Improve Your Attack Surface Visibility
Visitors flocked to West London to catch keynotes covering data breaches, darknets, new regulations and more, and exhibitors displaying wares ranging from data breach and insider threat prevention tools to threat intelligence feeds and penetration testing services, among many other areas. Beyond the cybersecurity guidance and briefing, tchotchkes were also dispensed aplenty.
Here are visual highlights from this year's conference.
Organizers estimated that more than 19,500 individuals attended this year's conference. Entry was free, provided you registered in advance.
Packed Exhibition Hall
Located on Hammersmith Road in London's West Kensington neighborhood, the Olympia exhibition center was built in 1886 and originally known as the National Agricultural Hall. For this year's Infosecurity Europe, more than 400 exhibitors set up shop in the Olympia for the three-day event.
Full Side Hall
As with last year, the conference has gotten so large that it expanded into a side hall attached to the main Olympia hall.
Keynotes, Workshops, Geek Street and More
Attendees had more than 240 sessions from which to choose, spanning keynotes, a Cyber Innovation Showcase, an "immersive zone" called Geek Street and more (see: 11 Hot Sessions: Infosecurity Europe 2019).
Live From the Keynote Stage
This year's conference featured dozens of keynotes, ranging from Maersk CTO and CIO Adam Banks talking NotPetya cleanup, to "Have I Been Pwned?" founder Troy Hunt on the nonstop rise of breaches, to cybercrime expert Jamie Bartlett on how darknet markets are evolving, to a panel of CISOs on dealing with the latest regulations, including the EU's General Data Protection Regulation (see 10 Highlights: Infosecurity Europe 2019 Keynotes).
The state of data breaches, as encapsulated by the #TalkTalk breach: a supposed "Russian Islamic cyber jihadi hacker" (police said) turned out to be a 17-year-old who ultimately caused £77 million pounds of damage.— Mathew J Schwartz (@euroinfosec) June 6, 2019
--Troy Hunt @troyhunt in a great keynote at #infosec19 pic.twitter.com/eMJsBOtXa3
Unlike last year, when some keynotes were held at an Olympia facility located next door to the main venue, this year's Infosecurity Europe managed to replicate the keynote stage of years past on the upper floor, albeit with better seating and layout.
At this year's Infosecurity Europe, my colleague Nick Holland and I conducted dozens of video interviews with leading information security experts.
"Why are data security breaches going up, when it seems like investment in IT and IT security is going up as well?"https://t.co/XJTZVs8mHR #infosec19— Mathew J Schwartz (@euroinfosec) June 13, 2019
-@TonyPepper of @EgressSoftware talks insider threat (intentional + unintentional) defenses
See ISMG's Infosecurity Europe Conference highlights to review all of our video interviews, including with Infosecurity Hall of Fame inductees Troy Hunt and Brian Honan, as well as experts from numerous firms, including Akamai, Avast, Contrast Security, Cymulate, Egress, Expanse, Kaspersky, MetaCompliance, Sophos, ZeroFOX and many more.
Cybersecurity: Hot Topics
Based on the sessions I attended and conversations we had with information security professionals at Infosecurity Europe, what's hot in 2019?
Start with authentication, identity management and privileged account management, as well as digital transformation and application security, including DevSecOps, among numerous other topics. From a threat standpoint, meanwhile, don't forget phishing attacks, business email compromise and other forms of social engineering, or data breaches, cybercrime and malicious insiders.
And when it comes to battling attacks and trying to keep track of it all, also don't forget the increasing use of machine learning to help. Just don't call it artificial intelligence.
Machine Learning Gets More Nuanced
Indeed, many of the security experts and vendors I spoke with at the conference had a clear message for the industry, as for example encapsulated here by John Matthews, CIO of ExtraHop: "Stop calling machine learning AI!"
Security experts have long been optimistic about the impact that ML can have. Retired RSA Chairman Art Coviello told me at last year's RSA conference in San Francisco that ML was fast proving a natural fit for improving endpoint security tools. But its application has continued to grow, as have the nuances underpinning discussions about the approach, which today are much less about ML for ML's sake, and much more about what it's supporting - typically, crunching larger and larger data sets to spot anomalies or unusual behavior so more automated controls can clamp down.
As Tony Pepper, CEO of Egress told me: "Too many businesses talk about machine learning like it's all things to all men, but in reality, machine learning isn't the thing that's really neat and sexy, actually - it's how you're using machine learning to solve real business problems."
Behind the scenes: Fabulous crew at @InfoSecurity 2019 making our video interviews happen - cheers @jproductionsvid :) #infosec19 pic.twitter.com/E30lGaX7Ms— Mathew J Schwartz (@euroinfosec) June 5, 2019
British Businesses Exposed
While at the conference, I also sat down with Tod Beardsley, director of research at Rapid7, which recently scanned the internet to identify the services and servers being exposed by Britain's biggest publicly traded firms (see: Cyberattack Risk: Scans Find Big Businesses Exposed).
"The bright spot ... is that corporate U.K. has done a pretty great job of getting rid of SMB and telnet," Beardsley told me in a podcast interview. That's good news, because it means big British businesses have dramatically reduced their attack surface in the wake of WannaCry.
But these organizations are still getting hacked. "We do see attack traffic emanating from the FTSE 250," he said, referring to the biggest firms that are publicly traded on London Stock Exchange.
With nearly 20,000 attendees, this year's Infosecurity Europe left plenty of opportunities not just for browsing the latest technology and services, keynotes and "tech talks," but also networking.
May the Booth Fun Be With You
This year's conference offered numerous opportunities to collect bounteous amounts of swag - glowing bouncy balls, light sabers, keychains and more. Also on offer: taking selfies with iconic "dark side" Star Wars characters, playing security-themed video games, getting your caricature drawn or just trouncing friends in a bout of air hockey.
Save the Date
As with years past, this year's conference flew by. Don't blink: The next Infosecurity Europe has already been scheduled to run from June 2 to 4, 2020. Catch you there?
Photographs by Mathew Schwartz