DC Metro 2021

For 14 years, Verizon’s annual Data Breach Investigations Report (DBIR) has set the standard for deconstructing and explaining precisely how cybercriminals attack, and the 2021 DBIR is now available – featuring a detailed breakdown of tens of thousands of security incidents and thousands of breaches worldwide. This webinar will look at the key findings from the 2021 DBIR and examine the critical security controls needed to fight the most common and pervasive types of cyberattacks in nearly 20 industries. Learn how to use the DBIR data to influence and optimize your security program.

Security practitioners understand the need to implement new controls that help their organizations’ defend against the rising number of attacks and Fifth Generation threats like the SolarWinds Orion supply chain hack. But slowed economic growth and the push to secure systems from sophisticated new threats challenges many companies.

These global market conditions underscore the importance of employing a consolidation strategy with a unified security architecture at its center that protects cloud, networks, endpoints, and mobile devices.

Join Grant Asplund, Chief Security Evangelist for Check Point Software Technologies, as he shares the building blocks for putting in place a consolidation strategy that:

• Increases security efficiency with a unified security architecture
• Improves your organization’s overall threat prevention profile
• Eliminates complexity caused by managing disparate systems
• Reduces total cost of ownership

Among rapidly evolving technological advancements, the emergence of AI-enhanced malware is making cyber-attacks exponentially more dangerous, and harder to identify. As AI-driven attacks evolve, they will be almost indistinguishable from genuine activity, and conducted at an unprecedented speed and scale. In the face of offensive AI, only defensive AI can fight back, detecting even the most subtle indicators of attack in real time, and respond with surgical actions to neutralize threats – wherever they strike.

In this session, discover:

• How cyber-criminals are leveraging AI tools to create sophisticated cyber weapons
• What an AI-powered spoofing threat may look like, and why humans will not be able to spot them
• Why defensive AI technologies are uniquely positioned to fight back

The SolarWinds SUNBURST attack was a rude awakening for many security teams, and it won’t be the last time Security leaders face tough questions about how an adversary evaded defenses and stayed hidden. With threats persisting inside the network for months, security teams need a new plan. In this session, CISO Jeff Costlow discusses strategies, including revising existing mental models and incident response processes, to build resilience in the fight against advanced threats.

In 2020, there was an unprecedented growth in ransomware attacks and this trend shows no signs of slowing down. Rather, these attacks are evolving and becoming more harmful as cyber criminals become more organized and effective. It is predicted that in 2021, businesses will fall victim to a ransomware attack every 11 seconds with an estimated cost of over $20 billion – 57 times more than in 2015, making ransomware the fastest growing type of cybercrime.

As a result, companies are transitioning from the traditional “trust but verify” method and implementing a Zero Trust model, requiring all users to be authenticated and continually authorized in order to be granted access and maintain access to company data and applications. By leveraging various technologies & techniques such as multifactor authentication, IAM, least privilege access, and microsegmentation, the Zero Trust model reduces the risk of a ransomware attack and minimizes the potential damage from a breach.

This panel will highlight where enterprises are most vulnerable to becoming a victim of ransomware and how utilizing a Zero Trust model minimizes this risk. Industry experts will discuss best practices to avoid a ransomware attack including adapting the Zero Trust model, what to do if your company is being held for ransom, ways to mitigate the damage caused by an attack, and how to recover afterwards.

With the Passwordless Decade well underway, more and more organizations are asking the question: Why is now the right time to move beyond passwords?

George Avetisov, CEO of HYPR, will discuss the rise of organizations moving to the cloud, how the perimeter fades and the attack surface gets larger. Modern tools such as SNIPR and Modlishka make it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. 

How did we get here, and will mainstream adoption of passwordless security have an impact? We will explore how the rise of virtual desktop infrastructure and a remote workforce has affected workstation login and review how the evolution of authentication has impacted organizations’ identity and access management systems.

In this session, you’ll learn:

Secure access service edge has quickly emerged as a hot topic in cybersecurity, but what exactly does it mean and why should organizations care? As cloud migration, BYOD adoption, and remote work have skyrocketed in prevalence, it has become increasingly apparent that organizations need to think differently about security. While legacy tools like firewalls are no longer equipped to handle the modern IT ecosystem, SASE platforms like Bitglass are built for this exact moment. In this presentation, you will learn:

• The core components of a SASE platform like Bitglass.
• The functionality you need to secure cloud, web, and remote access use cases.
• Architectural considerations you should keep in mind when comparing SASE vendors. 

Secured Access Service Edge, or SASE, is no longer a buzzword tossed around by cybersecurity pundits but is a robust, cloud-based service model to enable secure anywhere, anytime access from any device.

In the Are you SASE Ready? 5 Steps for Building Your SASE Roadmap webcast, you will learn how to build a roadmap to move to SASE and the benefits such a move will offer.

The session will cover how SASE will provide your organization with a path to reducing network and security cost and complexity while increasing security and connectivity to give your users a better experience, regardless of location.

In this session, Paul Martini, CEO, CTO & Co-founder at iboss, will discuss:

An understanding of the main drivers that lead organizations to migrate to SASE cloud;
5 steps to help you understand how to future-proof your network security investments;
What to consider when choosing a SASE platform.

As organizations continue to grow, especially through acquisition, the adoption of tools to automate processes to augment workers has become increasingly popular. In an effort to increase the operational efficiency that tools such as Robotic Process Automation provide, the security element is oftentimes forgotten. Join One Identity’s Larry Chinski to discuss threats that digital coworkers pose in an organizations, and how to mitigate them.

Over the past few years, the number of organizations that have adopted cloud-based systems has grown exponentially, largely due to the COVID-19 pandemic. In turn, cloud security has become a critical issue for IT security executives and their teams. McAffee reported an increase of 630% in attacks by external actors targeting cloud services between January and April of 2020. This uptick in cloud security breaches is projected to persist even after the pandemic as many companies continue to utilize the cloud and leverage its benefits.

While migrating to the cloud offers numerous advantages, it also poses certain threats and challenges. In a recent report by Oracle & KPMG, over 90% of IT Professionals felt their organization had a cloud security readiness gap. A significant concern for many who are adapting to a cloud-based workforce is misconfigurations and gaps in cloud security programs. Additionally, cloud-based infrastructure requires adopting new security policies and processes. Many companies believe their existing security teams lack the necessary skillsets and knowledge that the cloud environment requires, especially as organizations turn to multi-cloud, hybrid cloud, and distributed cloud models.

This panel will highlight the areas where cloud systems can leave enterprises vulnerable, ways to minimize common misconfiguration errors, and other best practices to mitigate threats when migrating to the cloud. Our lineup of Industry Experts will provide their expertise on developing a robust cloud security strategy that addresses these issues and insight on how to stay secure in the future of cloud security.

Users can be induced to click on malicious content through fear, curiosity or trust. The malware they invite onto their devices routinely evades detection by even the most sophisticated security products, making breaches inevitable. It is time for a different approach to endpoint security, applying the sound engineering principles of least privilege and strong isolation enabled by modern CPUs – protection that doesn’t rely on detection.

It is important to recognize that, overall, the industry has an effectiveness problem. The escalation in threat activity and the talents shortage in the industry has created a situation where, despite lots of products and cybersecurity spend, we aren’t getting better protection. To put a finer point on it, there are over 3,000 vendors selling products in the industry. The total spend last year was $120B+ and even with all of that there we almost 4,000 breaches — a 96% increase over the previous year.​ The key takeaway from these breaches is that they are NOT product failures.​ They are operational failures. ​To prevent these kinds of breaches from happening again in the future, we believe, the industry needs to adopt a new approach – an operational approach – to cybersecurity. ​

When you hear “ransom attack” you probably think of ransomware – the malware that can encrypt or block files or entire systems until you pay the attacker to restore access. But there’s been a massive surge in a virulent new type of ransom attack. And the defenses you’ve established to fight ransomware won’t help defeat this new threat, because it doesn’t require malware. Instead, the extortionists simply threaten to shut down your network with a massive Distributed Denial of Service (DDoS) attack at a specified day and time – unless you pay. 

Attend this session to learn:

• Why these new attacks are so dangerous
• How a typical attack unfolds
• What to do if you’re threatened
• How to prepare to fight one off successfully

In this two-part session, cyber veteran Ben Denkers, EVP at Redspin will discuss the new Cybersecurity Maturity Model Certification (CMMC) as the emerging gold standard for security and how this framework validates the effectiveness of your risk management program, ensuring you have an approach that responds every day. In part two, CMMC expert, Tony Buenger a CMMC Provisional Assessor at Redspin, will share high-level lessons learned from Redspin’s CMMC assessment. Redspin was the first organization to pass the CMMC Level 3 assessment and is now an Authorized CMMC Third-Party Assessment Organization (C3PAO).

With the dramatic increase in distributed workforces and the growing adoption of cloud applications, companies face unprecedented levels of IP, data, and identity sprawl beyond the enterprise firewall. Every endpoint is an entry into your business, cybercriminals have more ways to break in than ever before, and human error on the inside is a constant risk. Historically, endpoint security has been a zero-sum game—with the odds inevitably stacked against IT. But rather than protect devices, what if you could just control the security of them?
In this presentation, see how Chrome OS and Chrome Browser are secure by design—embedding security into every workflow to provide proactive protection for users, devices, applications, and data, wherever work happens. This is cloud-first security control in the hands of the modern businesses that will thrive moving forward.

Often we hear about ransomware targeted at organisations who are specifically targeted by gangs to make a profit, pipelines or organisations at the top of the supply chain. However, ransomware is a threat that all businesses face, even SMEs, and often these organisations struggle the most in protecting, responding and recovering from ransomware incidents. This is a true story from my first week at my first job after finishing my degree, and how we got hit by ransomware and the difficult decisions some of the most junior members of staff had to make. While we had backups, how do you make the case to shut down the entire business for a day while they are running over just paying the ransom? Overall, it’s the story of how our security culture failed and how we could have prevented the attack in the first place by following some simple pieces of advice and how other SMEs can do the same.

Prior to defending an organization against a determined attacker, their techniques must be understood. This presentation provides an adversarial viewpoint to inform network defense leaders how the attackers see their organizations and are able to be successful with their objectives, even when well defended. The presenter will draw upon over 17 years of personal experience as a Red Team operator and leader to illustrate how your organizations are viewed, through the eyes of an adversary.