What’s the single most important component of an effective cyber-security program? Here’s a hint: It has nothing to do with technology. John Grim, Managing Principal, Verizon Threat Research Advisory Center, will discuss the importance of stakeholder engagement in cyber-security. Drawing on his 9 years as a Verizon data breach investigative responder and a his previous 12-year career with the U.S. Army as an counterintelligence investigator, Grim will explore how better communication between security teams and the business lines, executives and customers they support can make for a more effective security program. Better still, effective stakeholder engagement can reduce security-practitioner burnout and contribute to their professional growth.

With enterprises more targeted by malicious attacks than ever before, IT needs to ensure they are using the right tools to keep their company's data secure. In this session, attendees will learn about the many differentiating features of Chromebooks around security, and what really helps Chromebooks stand out from the pack.

Today 86% of organizations are in the process of building or already have an existing system in place to prevent/defend against insider attacks; if this statistic proves anything it is that more and more business are coming to terms with the hostilities of our world. Expected or unexpected, an employee with access to company-wide systems, no matter their intentions is a great threat to any organization. An employee with malicious intentions is dangerous, but according to a recent IBM survey, 95% of all breaches involved someone making a mistake. The Insider Threat panel at the Cyber Security Summit will show you how your organization is at risk, as well as showing you innovative & necessary steps to take in order to prevent attacks and increasing your defense systems.

Nowhere do the awe-inspiring capabilities of modern computers enable greater harm than in the hands of today’s online threat actors, who range from nation states to nefarious corporations to organized cyber-criminals. Their increasingly sophisticated attacks strike at an increasingly breakneck pace, and the reality is that human incident responders cannot stop these machine speed threats: it’s simply an unfair fight. With legacy tools flagging thousands of false positives every day, the threats that these tools manage to detect are often lost within mountains of other alerts, while insider threats bypass such outward-looking defenses altogether. Neither companies nor governments can afford to rely on traditional approaches to cyber security — not at a time when fast-acting malware like the WannaCry ransomware attack are costing the world billions of dollars apiece.

As the first proven, enterprise-grade autonomous response technology available on the market, Darktrace Antigena uses self-learning cyber AI to give incident responders a chance to repel such attacks by fighting automated threats with machine-speed action. The technology is anchored in a constantly evolving understanding of a user or device’s typical ‘pattern of life’ in relation to its past and its wider network, an understanding that reduces security alerting by orders of magnitude compared to traditional approaches. Once it identifies a threat, Darktrace Antigena works by surgically intervening to confine a device to that ‘pattern of life,’ containing the suspicious behaviour until a security team can investigate without interrupting workflow. Such autonomous response technologies have finally turned the tide in the battle for online security, a battle which can only be won by confronting fast-moving cyber-attacks with self-learning cyber AI.

In this session, you’ll discover:

Where cyber-criminals have found weaknesses in legacy approaches to security

Why humans cannot stop threats 24/7, particularly when bombarded with false positives

How Darktrace Antigena enables incident responders to counter machine speed attacks

Ask any analyst, reporter, or financial observer, and they’ll tell you that the security market is ripe for consolidation. For years, security vendors have proliferated, buoyed by high valuations and ever-expanding enterprise security budgets. While this rush to innovate has resulted in better and more sophisticated threat defenses, it has also created a complex web of tools which already overworked, overwhelmed, and understaffed security teams must manage.

This tool sprawl is one reason that so many in and around the security industry believe that an era of consolidation is coming. According to ESG Research, 66 percent of businesses are actively working to consolidate their security portfolio. For many in the security industry, a security platform that essentially puts your “SOC-in-a-box” is an ideal solution to the tool sprawl problem.

But this approach is not without peril. If the security industry consolidates to the point that there are just a few platform solutions, this will not only stifle innovation, it will result in a monoculture – and monocultures are notoriously susceptible to disease. If every organization uses an identical or nearly identical set of security tools, breaking into one means breaking into them all. And once threat actors figure out how to break in once, they’ll have the keys to every organization. Just like the world banana population – itself a monoculture – is currently being wiped out by a fungus to which is has no natural resistance, a single cyber threat could take down a vast number of organizations.

In the case of cybersecurity, heterogeneity of defense systems is itself a defense, so security teams need to approach consolidation differently. In this session, attendees will learn:

• How a data-first approach to security architectures can illuminate natural consolidation points
• How collaboration with other parts of the IT organization can actually improve security posture and reduce tool sprawl.
• How this collaborative approach also creates opportunity to leverage other parts of the organization to improve security posture through smarter processes and practices.

If you are breached and your case goes to litigation, you will likely be asked to demonstrate “due care” and that your controls were “reasonable.” Many are surprised to learn that a breach by itself often does not constitute negligence. Judges will ask a set of questions to determine whether your controls were reasonable. These questions bear a close resemblance to information security risk assessments; they both try to balance the likelihood and impact of foreseeable threats against the burden of safeguards. This presentation will explain judicial balancing tests, how they relate to regulatory definitions of “reasonable” risk, and how to conduct risk assessments that prepare you to answer the tough questions before you need to be asked.

What Attendees Will Learn:

• How to define “reasonable” in a way that makes sense to business, judges, and regulators.
• How to design and run a risk assessment that is meaningful to technicians, business, and authorities.
• Learn from case studies involving regulatory oversight, law suits that happened, and law suits that never happened.

Organizations process and store huge volumes of sensitive information that belong to their customers and employees – from financial information to medical records to personal identifiers, like social security numbers and birthdates. Inadequate controls in IAM processes and technology can lead to breach, involuntary exposure of this data, and non-compliance issues.

But you cannot correct what you don't know, so the first step in any IAM program is assessment.

IDMWORKS CEO & Chief Strategist, Todd Rossin, will address the most common questions around IAM Assessments & Roadmaps - Why Should We Assess? What Should We Assess? and When Should We Reassess?

For many organizations they are looking at over half of their IT spending being related to cloud, whether infrastructure, services or other tools in the near future. As a CISO, this movement to the cloud can fill you with dread. Furthermore, one of the risks corporate boards understand best is third party risk, and now your entire network is in someone else’s hands. This transition is the subject of a lot of concern and a lot of mixed signals. It doesn’t have to be that way though, especially as moving to the cloud can be a security improvement, if managed appropriately. This panel will talk about the security issues CISO’s and IT leaders need to be aware of as they move further and further over to the cloud, what best practices and services they should consider or utilize, and how they can fully leverage the cloud resources to bring their organization to the next level of security.

At a time when security professionals fuel business enablement and enhance bottom-line value, CISOs have never had a more vital business role. But in order to get the board buy-in they need for their programs, they need to be trusted. In the age of the breach, this is easier said than done.

In this session, you’ll learn how to:

• Give senior leaders visibility into your network and process
• Build the board’s confidence in your security program

What are the tactics, techniques and procedures used by today’s most advanced hackers, and how are they changing? In this talk, the heads of Nettitude’s offensive and defensive security teams will discuss the most common practices of today’s best hackers, and how organizations can defend themselves against each of them, including live demonstrations.

A common phrase in information security is: “It is a matter of when you will be breached, not if.” As the headlines provide real-life examples from Marriot, to Equifax, to FedEx, this seems more true than ever before. But what should you do to prepare, respond and recover from it? What tools and tactics will make it easier to detect a breach (either as it happens or after the fact), what do you say to key stake holders about what is happening and how do you pivot from “How did this happen” to “How can we make sure it doesn’t happen again”. Few things in IT can be as high visibility and high stakes as a breach and this panel will equip the audience with what they need to know to better handle when a breach happens.