Day 1, Sunday, August 12, 2018
11:40 am - 11:50 am Orientation
11:55 am - 12:25 pm Evolving IoT Trends: Predicting Behaviors and Reducing FearRavi Thatavarthy - Chief Information Security Officer iRobot
As the Internet of Things (IoT) continues to permeate all aspects of enterprise and personal existence, related security and privacy concerns continue to grow. The promise of smart technology automates predictable behaviors based on data patterns. Gartner predicts a typical home will have more than 500 smart devices by 2022, which opens the doors for the Internet of ransomware things. Explore the changing landscape of devices and the growing regulations and frameworks under consideration.
In this session:
•Understanding the threat landscape; identifying and protecting boundary-less environment
•Utilizing privacy to help build trust for IoT products
•Reducing the fear factor through education and responsible disclosure
Ravi ThatavarthyChief Information Security Officer
12:25 pm - 12:55 pm Sabotage and Disruption in the Changing Threat LandscapeSteve Arrington - CISO Genesco Inc.
The cyber landscape is vulnerable to a variety of physical and cyber threats. The drive among hackers for greater financial gain, damage and disruption will yield new forms of cyber crimes. Unlike traditional crime, which requires physical proximity, cyber crime can be launched from anywhere in the world that permits a link between cyber space and computers. The attack surface, which includes the ever-growing Internet of Things, that corporations need to protect continues to grow. Defenders must proactively reduce the attackers’ operational space while the number of devices needing protection continues to grow.
In this session, explore insights in:
•Improving intelligence sharing
•Increasing detection of adversaries with threat intelligence gateways and next-generation endpoint security
•Reducing the attack surface with micro-segmentation
•Deploying intelligent application controls
2:00 pm - 2:30 pm Reclaiming Control and Reducing Risk in Application Security
Knowing is half the battle when it comes to protecting applications and their sensitive data.
Application security testing tools scan your code to reveal the long lists of known vulnerabilities, but not all are remediated before the next release-even with mature secure software development practices. Enterprises resort to using theoretical levels of criticality — not actual risks-to prioritize which accumulated vulnerabilities to fix and in what order. Many vulnerabilities often undergo an exception process and make it into protocol.
This session will review real-life case studies about enterprises that are adopting a savvy, new approach to protecting sensitive data and mitigating threats real-time. Explore available game-changing tools that are placed at the front of the line—directly in the application’s operating environment—to immediately lower risk and act as a compensating control at runtime.
In the case studies, explore ways to improve forensics, see 98%+ of their known vulnerabilities mitigated instantly, reducing backlogs and expediting an otherwise cumbersome release process. Through a demonstration observe live production attacks and generation of real-time security event logs and reports. Security teams can then correlate pre-production vulnerability scan results with runtime attack logs to go back, remediate based on actual risk—not just hypothetical threats. The result? Improved forensics.
2:30 pm - 3:00 pm Autonomous Cyber Defense: AI and the Immune System ApproachDavid Masson - Country Manager Darktrace
From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. Legacy approaches to cyber security, which rely on knowledge of past attacks, are simply not sufficient to combat new, evolving attacks, and no human cyber analyst can watch so much or react quickly enough. A fundamentally new approach to cyber defense is needed to detect and respond to these threats that are already inside the network – before they turn into a full-blown crisis.
Self-learning systems represent a fundamental step-change in automated cyber defense, are relied upon by organizations around the world, and can cover up to millions of devices. Based on machine learning and probabilistic mathematics, these new approaches to security can establish a highly accurate understanding of normal behavior by learning an organization’s ‘pattern of life,’. They can therefore spot abnormal activity as it emerges and even take precise, measured actions to automatically curb the threat.
Discover why autonomous response and machine learning is the future of defense and how the ‘immune system’ approach to cyber security provides complete network visibility and the ability to prioritize threats in order to better allocate time and resources.
In this session, learn:
•How new machine learning and mathematics are automating advanced cyber defense
•Why full network visibility allows you to detect and autonomously respond to threats
•How smart prioritization and visualization of threats allows for better resource allocation and lower risk
•Real-world examples of unknown threats detected by ‘immune system’ technology
David MassonCountry Manager
3:05 pm - 3:35 pm Business Meetings
3:35 pm - 4:05 pm Business Meetings
4:05 pm - 4:35 pm Business Meetings
MasterClass4:40 pm - 5:25 pm Levers of Human Deception: The Science and Methodology Behind Social Engineering Erich Kron - Security Awareness Advocate KnowBe4
No matter how much security technology we purchase, we still face a fundamental security problem: people. This webinar will explore the different levers that social engineers and scam artists pull to make us more likely to do their bidding.
Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he provides fun and engaging examples of mental manipulation in everyday life: from the tactics used by car dealers, to sophisticated social engineering and online scams. Additionally, he'll look at how to ethically use the very same levers when educating our users.
· The Perception vs. Reality Dilemma
· Understanding the OODA (Observe, Orient, Decide, Act) Loop
· How social engineers and scam artists achieve their goals by subverting OODA Loop's different components
· How we can defend ourselves and our organizations
Erich KronSecurity Awareness Advocate
BrainWeave4:40 pm - 5:25 pm IAM + Network Security = Zero Trust: A New Model to Secure Access to Corporate Resources in Hybrid Environments Michael Dubinsky - Head of Product Luminate
The enterprise environment is becoming hybrid and distributed. As a result, the traditional network perimeter solutions such as VPNs, DMZs and NACs can no longer provide the security, flexibility and agility required for the modern business and adequately protect the organizations’ servers, applications and workloads.
To address these business needs, the security architecture must shift from the network level focus to the identity, device and applications level, and in fact – implement a Zero Trust Access model.
By leveraging the Zero Trust model, an organization can enforce an easy-to-manage access policy that is unified regardless of where the users, devices or resource are located.
With this shift, you can also govern the activities of standard or privileged accounts, across any resource with full audit trail of the user’s actions.
The discussion will include:
•What are the building blocks of a Zero Trust architecture? How can you combine identity-as-a-service and device management with network level security? What are the alternatives and the related pros and cons?
•How can a Zero Trust access model support the modern organization’s security, flexibility and agility requirements?
•Real world case studies of: operations team access (DevOps), third party access, M&A IT integration and cloud migration based on user, device and application context.
Michael DubinskyHead of Product
Ignite Session- 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!5:30 pm - 5:55 pm Securely Share Files Beyond Your Enterprise Borders with Full Governance and Control Craig Pfister - Senior Director, Sales Engineering Accellion
Craig PfisterSenior Director, Sales Engineering
Ignite Session- 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!5:30 pm - 5:55 pm Yikes! I have too Many Security Tools and not Enough Skilled Resources Miguel Carrero - Chief Revenue Officer Siemplify
Miguel CarreroChief Revenue Officer
CISO Roundtable Discussions- Engage in your choice of targeted discussions for open exchange among industry peers.5:55 pm - 6:30 pm A. IoT: Considerations for Security Frameworks Fred Hobbs - Global Cybersecurity Director Hyster-Yale Group, Inc
CISO Roundtable Discussions- Engage in your choice of targeted discussions for open exchange among industry peers.5:55 pm - 6:30 pm B. Scalable Security- Balancing People and Technology Christopher Leigh - Director and Chief of Information Security and Compliance Eversource Energy
Christopher LeighDirector and Chief of Information Security and Compliance