Titania Presenting At Security B-Sides MSP – Minnesota Chapter of Security B-Sides

Come And See Us At The Nerdery

Titania’s MD, Ian Whiting, and COO, Nicola Whiting are traveling to Minnesota this week to discuss compliance and security with infosec experts at Security B-Sides MSP, hosted at the Nerdery, Minnesota. 

'Workstation Configuration Hardening' talk 

As sponsors and supporters of the B-Sides series, we are contributing a 1h long presentation appropriately called “Workstation Configuration Hardening” featuring our compliance solution – Paws Studio. The talk will take place in the Crypto Party room, from 13.00 – 14.00. In this presentation, Ian Whiting will be discussing configuration management, how compliance fits in with organizational needs, the issue of compliance vs. security and the need for automated solutions, while finishing with an interactive demonstration of Paws Studio. To take part in the demo you only need to bring a device (laptop, tablet) and install Paws Studio on the machine. You also have the option to get an evaluation key to try it later at home, or check out other policies supported. 

You can also come and listen to Ian's talk on “Automating Compliance” which will take place in the Auditorium, from 12:15, followed by Josh Paul, from Dakota State University and Mike Lutgen, from Palo Alto Networks. 

BSides happened for all the ‘great talks that never got heard’

The “mother” organization for BSides MSP is Security BSides and it has since its beginnings spawned a multitude of chapters all over the world B’Sides started in 2009 when Mike Dahn (@MikD), Jack Daniel (@jack_daniel), Chris Nickerson (@isc4thepeople) decided to hold their own conferences ‘on the side’, as the CFP (Call For Papers) at BlackHat or DEF CON was oversubscribed. In its non-conformist style, the event defines itself through a negation: B-Sides is not the All-Conference-Rejects, while adamant that it is not a conference looking to discuss the current big thing. B-Sides is on the lookout for the people who are discussing the NEXT BIG THING. 

The event has a different structure to other established conferences in the industry. The Structured chapters follow a more “official” conference format and are usually run alongside other security conferences (Black Hat, RSA etc.). The other style, which is also what you can expect at the Minnesota chapter, is the Unconference format; it is meant to be relaxed, interactive and the general idea is to take part in the conversation, ask questions and “make it as good as you want it to be”.

What Else Is On?

BSides MSP schedule

There are plenty of exciting keynotes, presentations and competitions to choose from including a Crypto Party, a Capture The Flag competition as well as other initiatives.

The keynote program includes well-known names in the infosec and was determined by community vote:

Opening the keynote track is Lt. Col. William Hagestad II  (@RedDragon1949)  is a renowned expert in Chinese cyber warfare who will be giving an overview of the 'Chinese Use of Computers & Networks as a Strategic Weapon'.

Mike Saunders (@hardwaterhacker) talks about 'Problems with Parameters' - After networks and servers become more secure, the soft belly of the Internet consists of vulnerabilities in Web Applications.

Leonard Jacobs from Netsecuris (@Netsecuris) opens the conversation on 'Using Your Brain To Beat The Hackers' – automated threat monitoring and threat-detection software are not enough to determine whether a threat is real. The human brain is needed.

Dr. Jared DeMott (@JaredDeMott) talk on 'Appsec: Overview, Deep Dive & Trends' will look at the 3 pillars of Application Security: static, dynamic and manual analysis, popular bugs in code auditing, and file fuzzing and network fuzzing.

Paul Dokas (@pauldokas) presents on 'World Class Network Defense', or 'How I Learned To Ignore Vendors And Use Tools That Work' brings a non-commercial perspective on open source tools to create a defense system for the network.

The ending keynote is held by Rafal Los (@RafalLos) Director Solutions Research at Accuvant who makes a compelling case for 'Succeeding in Security by Measuring Your Failure'. When it comes to breaches, understanding what to measure is just as important as understanding how to measure effectively. Here, in the failures, we can find success.

We are proud to join forces with other industry names in sponsoring the Security B-Sides MSP: The Nerdery (@the_nerdery), ISC2 (@ISC2), Palo Alto Networks (@PaloAltoNtwks) DSU Dakota State (@DakotaState), Milton Security Group (@MiltonSecurity), Bromium(@bromium), Symantec (@SYMCPartners), Netsecuris (@Netsecuris), Global Velocity (@GlobalVelocity), Silent Circle (@SilentCircle), IT Risk Limited (@itriskltd). 

Come on over!

If you are in Minnesota on Saturday, 23^rd of August, visit us, talk to us, ask us questions and most important, don’t take our word for it! Try Paws Studio for yourself and tell us what you think. As with all BSides events entry is free, but registration is required. Wheaton’s Law applies. Also, do not socially engineer the staff. 

Titania Shortlisted for the Computing Security Awards 2014

Vote for us to win £100 in Amazon vouchers 

or $1000 worth of software

Thanks to your votes we are delighted to announce we have been made finalists in 5 categories of the 2014 edition of Computing Security Awards. The winners are decided by public vote and as a special thank you we are offering £100 in Amazon vouchers, or $1000 worth of Nipper Studio software. Here is what you need to do to qualify for the prize draw:

Go to Computing Security Awards fill in a few details (to ensure the vote is legitimate) and submit your choice before 30th of September, 2014. 

The categories are as follow:

Network Security Solution of the Year: Titania – Nipper Studio

SME Security Solution of the Year: Titania – Nipper Studio

Enterprise Security Solution of the Year: Titania – Nipper Studio

Security Company of the Year: Titania

Personal Contribution to IT Security Award: Ian Whiting – Titania

To be entered in the prize draw please forward your confirmation e-mail to alina.stancu@titania.com and specify ‘Nipper’ or ‘Amazon’ in the subject title, if you have a preference for the prize. Winners will be announced at the beginning of October. Please feel free to vote for us in as many categories as you like! More than one vote per company is allowed, if you want to share this with your colleagues and friends.

If you are not familiar with the industry, here’s a quick refresh on our products: Nipper Studio is a network security software for auditing firewalls, switches and routers, while Paws Studio is a compliance auditing and vulnerability assessment tool for servers, workstations and laptops.

Please click here to vote for Titania in Computing Security Awards.

A big thank you for your support from the entire team at Titania.

Cybersecurity: What the U.S. Can Teach Europe

Article originally published in FCW magazine.


By Edwin Bentley (Senior Software Developer, Titania) 

About the Author

Edwin joined Titania in 2011 and has since become a key member of development team, having primary involvement in advancement of both the Nipper Studio and Paws Studio software. He has a keen interest in Information Security and the role that the industry will play in the future advancement of technologies.


Having attended two reputable information security conferences this year, one on each side of the Atlantic, a few observations emerged on the differences and similarities of opinion on cybersecurity issues in the U.S. and Europe.

Although similar questions were raised at both conferences, the response manner was notably different. Europe took a reactive stance by signaling problems and bringing them to the attention of government agencies and legislators. The U.S., however, had a top-down approach, with industry searching for viable solutions in response to already adopted government directives.

The first event was Infosecurity Europe. The 2014 edition was hosted in London and attended by more than 11,000 information security professionals. With a 20-year tradition, the event is considered a reference point for the cybersecurity industry to find out about the latest trends and tools and keep up-to-date with European laws and compliance policies.

This year, the discussion focused on big data, the accelerated increase in organized cybercrime, the need to stay ahead of threats and an honest admission from Europol that cybercrime is best mitigated or disrupted because law enforcement lacks the resources to prosecute all crime. Staying ahead of threats was high on the agenda. Finally, there were comments on security issues in the cloud, which just like the bring-your-own-device trend, needs to be accommodated in its own right from a protection point of view.

Similar points were made at FOSE. (Editor's note: FOSE is owned and produced by FCW's parent company, 1105 Media.) As an industry event, FOSE is recognized as an official source for voicing the latest concerns in government IT. Among the issues discussed at the conference, cybercrime and cyber terrorism figured high on the agenda for defense and policy.

Continuous Diagnostics and Mitigation

In terms of security tools and trends, automation and continuous monitoring were held in high regard at the U.S. conference. The conversation on the FOSE floor focused on the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) program. It comes on the heels of the National Institute of Standards and Technology's Cybersecurity Framework and is part of achieving the last step of that directive: monitoring security on an ongoing basis with the use of automation tools.

Released as a best-practice guidance document, the framework was embraced by the federal sector. After the latest high-profile breaches in the retail industry, a wide range of other companies have started to look at the framework as a template for assessing security practices.

In order to understand why CDM is seen as the best solution by IT professionals, below are a few well-debated problems it answers:

• Top of the agenda for information security experts is how best to integrate security with business processes. Reducing user disruption and enabling business innovation will be more easily addressed with the introduction of automated security.
• Although CDM does not guarantee that its users will stay ahead of threats, it does offer a near-real-time state of security with risk-based assessments reported and analyzed at network speed to ensure ongoing awareness and protection.
• A challenge for chief information security officers and CIOs everywhere is the compliance versus security conundrum. CDM implies moving away from layer upon layer of compliance in favor of perpetual alertness and security.
• The other issue in compliance is log aggregation and reporting. Continuous monitoring would produce automated event logs that can be filed for audits or analyzed for patterns in forensic investigations.

Continuous monitoring does not promise to answer every cybersecurity problem, but it offers a practical way forward. The voluntary adoption within the U.S. business community reflects that its advantages have been recognized.

Cyber directives in Europe and U.K.

Source: fcw.com

Meanwhile, that shift in security perception has yet to happen in Europe. The latest European Union cyber directive -- Network and Information Security (NIS) -- has been taken with a pinch of salt by the industry, and some organizations fear that the stick of compliance will come down hard on their budgets while doing very little for the state of their security.

In a similar way to the NIST framework, the U.K. government released a Cyber Essentials Scheme as a best-practice guide for organizations. Operating in a less intrusive manner with smaller, more practical steps, the scheme has been received with cautious but definite approval by the business spectrum.

Although a promising start, neither the Cyber Essentials Scheme nor the NIS directive alone is sufficient to bring forward the visionary changes the industry needs. The European efforts are moving in the right direction, but compared to the older, more experienced industry in the U.S., they need further development. The Cyber Essentials Scheme might be too small, while NIS could be seen as too complicated and faces an uncertain fate amid changes to the European Parliament.

If the cybersecurity industry is to address the issues raised at Infosecurity Europe 2014 such as staying ahead of threats, mitigating cyber crime, transforming security into a business enabler and dissipating the predicament of compliance versus security, then Europe needs to continue to move in the right direction and could be inspired by the top-down approach to security in the U.S.