Achieving Cloud Visibility With Cloud-Native Network Detection & Response

Panel Discussion

The financial services industry is one of the most critical sectors in any market, and financial institutions (FIs) face myriad regulations. In the case of Singapore FIs, for example, the Banking Act oversees banking institutions, the Securities and Futures Act governs capital market intermediaries, and the Insurance Act regulates insurers. Additionally, there are numerous guidelines, frameworks, and best practices recommended for FIs designed to improve operations, enhance governance, and reduce risks, among other goals. For example, the Monetary Authority of Singapore issued the Technology and Risk Management (TRM) Guidelines to help FIs minimize technology usage risk. While challenging, it is imperative that conscientious FIs routinely review these available regulations, guidelines, frameworks, and best practices. These FIs should comply with mandatory regulations and carefully analyze which best practices and recommendations to adopt to reduce overall risk exposure and keep up with industry progress.

This presentation will showcase the optimum way to document & identify a use case and whether deployment in the blockchain makes sense or not. Also,it will be sharing some of the use cases which the CSA Blockchain Working group has worked on and published in a peer-reviewed document available for the wider global cybersecurity community to learn from when they are actually deploying blockchains in their enterprises.

One of the fundamental principles of any security program is a focus on reducing the “timeline to compromise” for security issues. Not only are attacks getting more and more sophisticated, but they are also starting to get more aggressive as all of us have been forced by the pandemic crisis into new modes of working. Responding well to these challenges requires the ability to focus your resources on your most challenging security problems. Manual processes just cannot keep up with these changing security needs, especially as your organization grows. Thus, using automation as much as possible can help you scale to better manage necessary change.

In this presentation, Mike Mellor, Head of Security for the Digital Experience Business at Adobe, will share his insights on these issues and talk about how Adobe is using automation throughout our security efforts to better focus our resources, be smarter about resource expansion as our business continues to grow, and better “foolproof” our processes. Mellor will provide details on automation techniques Adobe is using in application security, operational security, compliance, and enterprise security teams. These are techniques based upon industry best practices that you will be able to leverage for your own organization.

Serverless architecture aims at changing the economic model of cloud computing, with the hope of introducing efficiency and cost savings. Serverless computing means that there are no servers to manage services. Hence in a serverless world, one no longer has to work on an operating system level. With the complexity of this business model, it is imperative that industry best practices are established to provide companies with guidelines to achieve compliance and security, that developers can effortlessly work with and employers are able to evaluate developers' work, and perceive the serverless architectural model at the same time.

Significant acceleration in digital transformation implementation in the last four months , along with regulatory changes has created a need to change some of the data / cyber security strategies . In this session we will learn about what are the key steps that needs to be taken to course correct the short term and long term needs of the organization from a security point of view

Welcome Message & Opening Keynote

When a large organization adopts cloud computing, it goes through several learning curves. Especially when during this journey, a transformation towards a DevOps way of working is implemented. It goes through multiple growth stages. After two to three years, one reaches a stage with turf wars. A true story that reads like an Asterix and Obelix comic book, I will tell a story of an organization adopting both AWS and Azure cloud. While doing so they drastically change their IT strategy. As the years go by, more managers learn about cloud computing and consider themselves to be responsible for govern.

The CSA STAR allows for both an attestation under a SOC 2 audit or certification under ISO 27001. While most organizations self attest to the CSA Star, this presentation will discuss how to prepare for a successful audit under either SOC 2 or ISO 27001 to demonstrate compliance with the CSA STAR standard.

Thank you to our sponsors of the SECtember Experience: Adobe, ExtraHop, Qualys, OneTrust, Trendmicro, and Whistic.

In this panel, our experts will share lessons learned and best practices for securing cloud services. From proactive risk assessments within the procurement process to architectural considerations to secure systems management, our diverse panel will provide a holistic perspective on the strategic programs organizations should have in place to secure their cloud experience.

Thank you to our sponsors of the SECtember Experience: Adobe, ExtraHop, Qualys, OneTrust, Trendmicro, and Whistic.

Securing a good education for students has always been a top priority, but information security isn’t the first consideration to come to mind for most parents and educators. However, the move to eLearning and virtual lessons has increased the importance of cybersecurity -- with more and more students and teachers accessing school materials through a variety of devices and platforms in a variety of remote locations, the attack surface widens and the risk of breaches increases.

So what if someone gains access to your/student’s/child’s information? What happens if someone’s identity is breached? To handle these situations and prevent them from happening in the first place, we need to stop thinking of cybersecurity as a “nice-to-have,” and instead see it as a “need-to-have,” with all parties onboard -- parents, teachers, students, tutors, and other caretakers.

Luckily, there are many tools and resources available to help secure account access, prevent breaches, and which don’t take excessive resources to set up. For example, tools like password managers can help prevent insecure passwords or old password re-use.

Schools implementing eLearning should incorporate tools like this early in the rollout process, and it can seem like a daunting challenge, but it doesn’t have to be -- with the right guidance and resources, security can be a seamless and lightweight part of an institution’s distance learning plan. As both security professionals and parents of children in distance learning, Duo’s Leya Leydiker and Amanda Rogerson are invested in getting you started. Join them on September 17 for a discussion on prioritizing security for student eLearning, handling breaches, and the best ways and places to teach and maintain security hygiene for parents, students, and educators alike.

In this session, Sumedh will discuss XDR a term that’s been trending in the security industry of late. Is this just a buzz word, or is there something real behind its rapid rise in popularity? He will discuss the current interpretations of the term, the background of why this is trending and possible reasons for the interest. He will discuss the pain points an XDR solution may address and which types of companies and departments will benefit from its implementation.

Risk Appetite and the Alignment of Cybersecurity with Business Agility. Are You Hungry?

Most organizations would like you to believe they are agile. In 2020, they get to prove it. Everything has changed. Historical trend and proforma comparisons suddenly mean nothing. Sales drivers and market dynamics are now being influenced at a hyper-local level. Meanwhile, a workforce that used to pile into conference rooms to review data together now have to find a quiet place at home and find other ways to be heard. Join me as we discuss how a business value-driven cybersecurity organization keeps up with a rapidly evolving business.

Thank you to our sponsors of the SECtember Experience: Adobe, ExtraHop, Qualys, OneTrust, Trendmicro, and Whistic.

As organization adopt new technologies and utilize the cloud for business innovation and growth, security teams are challenged with ensuring that those initiatives and missions are successful. To do that they are faced with creating an effective security program from a fragmented patchwork of solutions and data sources that really don’t interoperate very well without a great deal of development work.

Join us to hear how a number of leading vendors are coming together with the intent of creating an open source platform to allow security solutions to communicate over a standard fabric during the entire threat management life cycle, from threat hunting, analytics and detection through to incident response and orchestration.

In this session, Mike will go through the Cloud Security Maturity Model, developed in partnership between Securosis and IANS, to provide perspective on your cloud security journey. The session will describe the 12 categories across 3 domains, as well as laying out success criteria to improve maturity (and there improve cloud security posture). Anchored by a number of stories of success (and failure) in cloud security, attendees will leave with a clear view of what lies ahead for them.

Thank you to our sponsors of the SECtember Experience: Adobe, ExtraHop, Qualys, OneTrust, Trendmicro, and Whistic.

Security has become of paramount importance in recent times, especially due to the advent of cloud computing and virtualization. With so many devices in the mix, users have the choice of working from anywhere they want. The rapid increase in global IP traffic has challenged network service providers to scale and improve infrastructure to meet this new demand. We explore the merits and performance of Software Defined Perimeters to withstand DDoS attacks in multiple network implementations, including hybrid cloud applications, network function virtualization and software defined networks.

Thank you to our sponsors of the SECtember Experience: Adobe, ExtraHop, Qualys, OneTrust, Trendmicro, and Whistic.

All participants who attend this session in its entirety will receive one free exam token for CSA’s new online, self-paced SDP course, available on the Knowledge Center at the end of September. Check your email following this session for more details on the training and information on how to redeem your complimentary exam.

Interested in more information on CSA’s trainings? Visit www.cloudsecurityalliance.org/education

With the sudden shift of the global workforce from in-office to remote, IT teams quickly transformed their operations to accommodate the new realities of business — including large-scale adoption of work-from-home technologies, heightened activity on customer-facing networks, and greater use of online services. While these examples of agility allowed business to continue, they also greatly increased the risk of misconfigurations and cyberthreats. Now, it's looking like they could be here to say for a while. On top of that, bad actors have wasted no time trying to exploit new vulnerabilities. In the past several weeks, we've seen ransomware attacks affect several major organizations. These attacks come on the tail of a surge of attacks across the board brought on during the pandemic, as hackers scanned and took advantage of new workloads, and vulnerable VPN connections and misconfigurations left the gates to the network open.

When attacks like these make headlines, panicked board members have one question for CISOs: how can we be sure that won’t happen to us? Drawing from nearly 25 years of experience in the security industry, Jeff Costlow, CISO at ExtraHop, will share his top strategies for CISOs to lead board-level conversations about risk management amidst the stark new realities of IT.

Best Practices for Security Awareness Training

It’s everyone’s responsibility within an organization, from the CEO down, to remain aware of threats used to attack the business and personal information. So, if employees are expected to be “the last line of defense,”, organizations need to invest in them as such. The good news is that planned spend for security awareness training has increased in the last three years. However, employees remain unenthusiastic about security, and understandably distracted by the news cycle.

Join Mimecast’s Josh Douglas and Bryn Donovan to discover:
- The 3 best ways to engage end users
- Best practices to roll out the first year of your program
- How to identify and make allies of your riskiest end users

Panel Discussion