Tuesday, December 11, 2018
8:00 am - 8:30 am Networking Breakfast
8:30 am - 9:15 am Case Study: Automating Security Controls Using Models and Security OrchestrationKurt Lieber - VP, CISO, IT Infrastructure Aetna
Many organizations have adopted machine learning and data analytics to help them identify security anomalies. However, mere identification isn’t good enough in a world where Petya and other modern attacks can take down 15,000 servers in a single organization in under two minutes. To combat these new types of malware, organizations need to be looking at Model-Driven Security Orchestration, where the security responses to emerging threats and attacks are automated and driven at machine speed. In this presentation, Aetna will provide an overview of our security orchestration program, including what worked, what didn’t and lessons learned.
Kurt LieberVP, CISO, IT Infrastructure
Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!9:20 am - 9:50 am Privileged Access Management Automation - Securing Server-less Workloads
Ignite Session: 2 Quick Fire Presentations in 20 Minutes. Talk about getting to the crux of the matter, fast!9:20 am - 9:50 am GDPR Leadership Business Analytics for the Information Security Function
9:55 am - 10:25 am Business Meetings
10:25 am - 10:55 am Business Meetings
10:55 am - 11:10 am Networking Break
BrainWeave11:10 am - 11:55 am IAM + Network Security = Zero Trust: A New Model to Secure Access to Corporate Resources in Hybrid Environments
The enterprise environment is becoming hybrid and distributed. As a result, the traditional network perimeter solutions such as VPNs, DMZs and NACs can no longer provide the security, flexibility and agility required for the modern business and adequately protect the organizations’ servers, applications and workloads.
To address these business needs, the security architecture must shift from the network level focus to the identity, device and applications level, and in fact – implement a Zero Trust Access model.
By leveraging the Zero Trust model, an organization can enforce an easy-to-manage access policy that is unified regardless of where the users, devices or resource are located.
With this shift, you can also govern the activities of standard or privileged accounts, across any resource with full audit trail of the user’s actions.
The discussion will include:
•What are the building blocks of a Zero Trust architecture? How can you combine identity-as-a-service and device management with network level security? What are the alternatives and the related pros and cons?
•How can a Zero Trust access model support the modern organization’s security, flexibility and agility requirements?
•Real world case studies of: operations team access (DevOps), third party access, M&A IT integration and cloud migration based on user, device and application context.
Master Class11:10 am - 11:55 am Digital Trust in the Age of Insecurity
Digital Trust is not about authentication. It’s a promise between a financial institution and its customers. It’s largely upon the CISO and their team to uphold that promise, but is a traditional SOC and GRC team enabled for that mission? Most are not. This is a discussion about fraud, security operations, and audit focused on two central use cases common in the financial sector designed to reinforce the importance of keeping your eye on the promise of Digital Trust, not just everyday security operations.
12:00 pm - 12:45 pm Analyzing the Endpoint Security LandscapeLes Correia - Director, Global Information Risk & Security The Estée Lauder Company
Digital technology is a seamless aspect of daily life, giving the impression that the security of these transformative technologies is up to date within the enterprise risk management plans. However, given the evolving-nature of these emerging technologies, including Artificial Intelligence (AI), Machine Learning (ML), and Internet of Things (IoT), the digital risks we all face are only going to increase as more and more devices share data around the world. The endpoint security landscape has changed dramatically with increased cyber threats that regularly circumvent traditional risk management measures. There are many vendors in this space that tout unique angles and protection of your networks that can seem confusing with potentially overlapping solutions. This case study will discuss the drivers, selection criteria and evaluation of these solutions.
Les CorreiaDirector, Global Information Risk & Security
The Estée Lauder Company
12:45 pm - 1:45 pm Networking Lunch
Roundtable Discussions- Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.1:45 pm - 2:50 pm Benchmarking Cybersecurity Maturity - Vendor Risk Management Insights
Roundtable Discussions- Engage in two 30-minute targeted discussions enabling open exchange amongst industry peers.1:45 pm - 2:50 pm Implementing Global Multi-Factor Authentication with Single Sign-On
BrainWeave2:55 pm - 3:40 pm Leveraging Deception to Stop Attacks
Deception seeks to protect critical corporate assets. The technology of deception combats advanced threats by uncovering the weakest link of the attack—the human element. In this session, explore how deception strategies can lessen the risk of fraud, help overtasked security teams, and provide a more proactive approach. Deception deceives and disrupts attacks proactively and does not require known attack paths. The discussion will include case studies of actual deployments.
In this session:
•Protecting legacy and proprietary applications and systems
•Managing risk during M&A and other business changes
•Automating incident response and shortening recovery
Master Class2:55 pm - 3:40 pm Can Cybersecurity be Easy? Nir Gaist - Founder & CTO Nyotron
Back in 2005, Marcus Ranum wrote in his “The Six Dumbest Ideas in Computer Security” article that, “sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness”. So why are we still focused on chasing “badness”? This approach might have been sufficient in the 1990s and arming ourselves with just an antivirus and a firewall gave us a sense of security, but this is definitely no longer the case.
•Understand the definition of Negative Security and Positive Security models, with examples, advantages and disadvantages
•Describe the attack kill chain and intentions behind most attacks
•See demos of advanced attacks that bypass the majority of existing security controls
•Learn how to correctly implement defense-in-depth best practices
Speaker: Nir Gaist, Founder & CTO, Nyotron
Nir GaistFounder & CTO
3:40 pm - 3:55 pm Networking Break
3:55 pm - 4:25 pm Business Meetings
4:25 pm - 4:55 pm Business Meetings
4:55 pm - 5:25 pm Business Meetings
5:30 pm - 6:00 pm Preparing for a Quantum WorldJoshua Fritsch - VP Technology & (CISO role) AccuWeather
This forward-looking session explores the potential effects that advances in quantum computing and quantum cryptography may have on confidentiality, integrity, and expectations of privacy. From potential challenges such as rendering some or all current encryption algorithms obsolete via sheer processing power, to the vision of a re-imagined Quantum Internet that could possibly guarantee confidentiality, the information discussed is intended to provoke long-term, strategic thinking with regard to the security landscape we may face in five or 10 years. Whether the advent of quantum-based computing and cryptography turns out to be beneficial or harmful (or both), expectations must be reset and realigned to plan for such a paradigm shift.
Joshua FritschVP Technology & (CISO role)