Panel Session: Can Data Loss Prevention Get SaaSy?

Join us for an interactive discussion on how deception technology can provide early detection of a breach and significantly improve an organization's capabilities to quickly and accurately defeat attackers. We will cover:

- Faster detection of threats at a lower cost
- Collecting specific threat intelligence on if and how you are being targeted
- Reducing false positives and not missing alerts
- Detecting insider threats

Speaker bio - Steve Cobb, CISO at One Source
Steve Cobb is One Source’s Chief Information Security Officer (CISO) bringing more than 25 years of leadership consulting surrounding IT infrastructure, cybersecurity, incident response, and cyber threat intelligence. Since joining One Source in 1995, Steve has been responsible for providing strategic IT consulting, delivering an increased organization efficiency and security for our customers. Prior to One Source, he was a Senior Security Engineer with Verizon Managed Security and a Senior Escalation Engineer with Microsoft. Steve serves on several CISO boards and a frequent presenter at conferences such as InfoSecCon, ISSA, Cyber Defense Summit, and others.

Breach protection and detection is a central challenge for security experts who are tasked with protecting an enterprise. In addition, the endless effort to protect business assets does not lead to certainty.

It is difficult to prove that defensive efforts are effective and ready for real life attacks.

In this presentation, you will learn how the collaboration between a Threat Intelligence Team and a Red Team led to a revolutionary change in security posture and provides an effective method to evaluate and improve the prevention and detection of compromises.

In this session you will explore
- A method to identify gaps in breach protection and detection
- The challenges around endpoint protection and DLP
- Enhancing logging and monitoring by adding context
- Building a trusted environment

Opportunity is the cause of cyber crime, take away the opportunity and take away the crime.

Threat actors collaborate, conspire and acquire targets with impunity - just below the surface of what we see on the internet every day. Often referred to as the Deep Web or Dark Web, these virtual meeting places hide cybercriminals, insiders, terrorists and activists from plain view. How do you become proactive and get visibility into the forums and communication channels where 'bad actors' hatch their plans? This session will dispel the mystery of the dark web, discuss how the virtual underground operates and provide guidance on how organisations can gain visibility into these environments to help inform and manage their business risk. Join BCyber as they host a discussion with intelligence expert, Brett Williams, Flashpoints Lead Solutions Architect, where we will provide an:

- Understanding and dispelling the myths of the deep and dark web
- Overview on how cybercrime works and how illicit actors operate
- Update on key trends being seen in first half of 2020, for example, COVID threats, extortionist ransomware and more
- Example from real-life, covering content from virtual illicit communities, like forums, marketplaces, chat services etc
- Actions that you can do to gain external visibility for your organisation to better manage business risk

With the increase in mobile and smart devices, we've expanded the threat landscape not only against threats to steal information, but for threats that have real physical risks. For instance, recent research by Google Project Zero and Volexity showed sophisticated attacks against both Android and iPhone devices that were targeted at Uighur Muslims and Tibet. Victims of this malware are targeted for persecution by the government of the People's Republics of China.

This talk will cover not only these attacks in specific, but in how threats are emerging that use new technologies which are being used to create physical threats to its victims and what that means for enterprises, SMBs, and society at large.

Takeaways:

- Technical discussion on mobile surveillance techniques and malware.
- Cover real-world instances where such cyber attacks have led to physical harms.
- Discuss practical techniques to begin to mitigate such threats.

As the number and frequency of malware attacks continue to increase, we look at the threats, vulnerabilities and risks factors associated with malware attacks and how to keep your organizations secure.

Join this keynote panel with security experts as they discuss malware trends, strategies and tools for better security in 2020:

• The most prevalent threats in 2020
• Identifying the latest malware delivery tools and techniques
• Developing a modern defence strategy and empowering your users
• Malware strategy best practices

Speakers:
Joseph Carson, Chief Security Scientist, Thycotic (Moderator)
Pedro Uria, Director of PandaLabs, Panda Security
Jack Mannino, CEO, nVisium
Stan Lowe, Global Chief Information Security Officer, Zscaler
John Aarsen, SE - Benelux and Nordics, SonicWall

Enterprise tech has transformed over the past decade, bringing improvements not only in elasticity & efficiency but especially security. Ten years ago, vulnerabilities were the easiest path into systems, but operating systems and software have become more secure through better practices, consistent updates, & leading-edge security solutions. As tech evolved, so have the exploits, which now leverage human error more than ever; capitalizing on misconfigurations or leveraging tactics like social engineering - as a primary path to compromise.

In this presentation, Luke will chronicle the evolution of malicious attacks over the last ten years and demonstrate how the security industry has responded through the implementation solutions that address the ever-changing nature of data breaches.

The presentation will address:

· Lessons learned from ten years of exploitation evolution
· Why modern threats are effective even though there are more security tools on the market than ever before
· Changes companies can make now to build stronger defenses

Luke began his cybersecurity career in the US Navy, where he trained to conduct offensive security operations for the Department of Defense. He participated in daily computer network exploitation missions in support of national intelligence requirements and in support of protection against foreign nation-state sponsored hackers. After separating from the United States Navy, he joined the start-up company, IronNet Cybersecurity. Luke conducted penetration tests and vulnerability assessments, while also providing product development support and threat hunting capabilities. Following his time at IronNet, Luke worked as a Director in security consulting at Ankura Consulting Group, where he specialized in red teaming, penetration testing, intelligence gathering, threat hunting, digital forensics, and technical writing. Luke has a M.S. degree from Eastern Michigan University and is CISSP, OSCP, and CEH certified.

Every time there is a major crisis I feel like the cybercriminals should cut us a break and yet every time it seems like they double down. You may recall over the years when a major natural disaster, health crisis or social issue dominate the news there are a flood of crisis related phishing campaigns using the topic as a pre-text for launching an attack.

Using popular topics and references is a key way that attackers can increase the probability of getting someone to click on their phishing lure to launch something like a ransomware attack. In this talk will cover some of the ways we can prepare for the next calamity.

• Phishing detection and defense practices
• Techniques for ransomware prevention
• Training your employees to be resistant to Social Engineering techniques

Join us for a discussion on how to prepare both your people and security infrastructure for the next wave of attacks. The cybercriminals are phishing – let’s talk about how to stop your employees from clicking on the bait.

Bios:
· Tony Lauro is Director of Technology & Security Strategy for Akamai Technologies. Over the past seven years Tony has worked with Akamai’s top global clients to provide application security guidance, architectural analysis, web application and adversarial resiliency expertise.
· Steve Winterfeld is our Advisory CISO. Before joining Akamai, he served as CISO for Nordstrom bank and Director of Incident Response and Threat Intelligence at Charles Schwab. Steve focuses on ensuring our partners are successful in defending their customers and determining where we should be focusing our capabilities.

As an information security professional your knowledge of ransomware as well as the tactics & techniques to detect & respond effectively are critical to your organization. Data breaches threaten organizational financials and reputations. Strengthen your security through the use of actionable intelligence. Attendees will hear about:

- What is Ransomware?
- Leveraging Architecture Components to Detect & Respond to Ransomware
- Ransomware Scenarios & Solutions
- Tips to Protect Your Organization

An increased awareness about privacy issues among individuals. In many countries, databases containing personal, medical or financial information about individuals are classified as sensitive and the corresponding laws specify who can collect and process sensitive information about a person. The financial services industry has rich sources of confidential financial datasets which are vital for gaining significant insights.

However, the use of this data requires navigating a minefield of private client information as well as sharing data between independent financial institutions, to create a statistically significant dataset. A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion.

We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including k-anonymity and differential privacy. We will discuss multi-party computation where the data donors want to securely aggregate data without revealing their private inputs. We will also review industry standards, implementations, key management and case studies for hybrid cloud (Amazon AWS, MS Azure and Google Cloud) and on-premises.

We often don’t realize the full impact of cyber crime, which then relapses us into repeating the same mistakes. Even large companies do not completely understand how their data and services are being abused. I want to take you on a journey of observing credit card fraud and abuse from stealing a credit card to trafficking of stolen goods. Learning about these vectors of abuse will help you and your organization to mitigate a number of common attacks and abuses.

With email security breaches constantly making headlines, it is crucial for organisations to be ahead of the curve. Join this interactive panel of industry experts as they discuss the latest trends in email security and how to prevent becoming the next international headline.

Join this Q&A panel to learn more about:

- Emerging trends in email attacks
- How to stay on top of the latest threats
- Best solutions to protect your organization

Moderator: Michael Thoma, Principal Consultant at the Crypsis Group
Panelists: Arif Hameed, Senior Director, Client Security at Equifax
Lior Kohavi, Chief Strategy Officer and EVP for Advanced Solutions, Cyren
Chris Wallace, Chief Information Security Officer

To defend against phishing, your organization needs to understand the key trends and top threats. Cofense’s Intelligence Team spends every day analyzing phishing threats including credential theft, ransomware campaigns, and more. Learn about the top threats that define today’s phishing landscape and how to defend your organization against them.

- See what tactics are successfully evading secure email gateways and reaching enterprise end users.
- Learn what is trending when it comes to malware delivered via phishing, including ransomware.
- Receive tips for ensuring your phishing defense strategy is proactive and well-coordinated.

Join us for an interactive discussion on innovative methods used to deliver ransomware and new tactics attackers are using to gain a foothold and deliver their payloads. We will cover:

- New strategies and tactics cybercriminals are using
- Steps of a ransomware attack - what you may be missing
- Ransomware in 2020 and into the future - what you need to know now

Speaker bio - Steve Cobb, CISO at One Source
Steve Cobb is One Source’s Chief Information Security Officer (CISO) bringing more than 25 years of leadership consulting surrounding IT infrastructure, cybersecurity, incident response, and cyber threat intelligence. Since joining One Source in 1995, Steve has been responsible for providing strategic IT consulting, delivering an increased organization efficiency and security for our customers. Prior to One Source, he was a Senior Security Engineer with Verizon Managed Security and a Senior Escalation Engineer with Microsoft. Steve serves on several CISO boards and a frequent presenter at conferences such as InfoSecCon, ISSA, Cyber Defense Summit, and others.

As in-house security becomes increasingly complex and costly, organizations are in need of a reliable and safe security provider. Join industry experts as they discuss the latest trends in SEaaS, including:

-Why your organisation needs to move towards SEaaS
-The different models of security as a service
- SEaaS solutions and strategies


Stephanie Olsen, Customer Trust Manager, Product & Application Security, Netflix & WiCyS Silicon Valley Affiliate President
Sailaja Kotra-Turner, CISO
John Frazier, Chief Operating Officer, Synoptek
Jeremiah Dewey, VP Managed Services, Rapid7

Are you interested in learning how YOU can build securely on AWS? Join us for the AWS Security Jam learning series - a hands-on, team-oriented, gamified learning experience which will enable you to leverage a wide range of AWS security services. If you get excited about securing workloads in the cloud, come and challenge your skills while learning new techniques. AWS will host three Security Jam sessions (beginners, intermediate, and advanced), so join us for all three or pick the session most relevant to you. We will have a number of AWS experts virtually available to discuss ideas, provide guidance, and help your team get through any challenges.

Choosing which cybersecurity projects to implement is more challenging than ever. Cyber risk changes daily and budgets are changing too as the COVID-19 pandemic continues to unfold. Register to see why leading companies are using a data-driven approach to make better decisions about which projects to prioritize, and learn how modeling risk helps optimize cyber spend.

Join us to learn:
+ What’s changed in how companies look at risk remediation and ROI pre- and post-COVID
+ Why the prioritization of cyber spend is more important than ever
+ How to take a data-driven approach and what data you need to get started
+ Why modeling is important and how you can do this easily (demo)