Detroit

Across the globe organizations need to be on the cutting edge of innovation to remain competitive in today’s faced paced, highly dynamic markets. The race to be on top doesn’t come without risk. Adversaries continuously strive to outpace our security efforts and successful cyber attacks  happen in a blink of an eye. Traditional security approaches often leave organizations scrambling to protect their systems and data.  This session with provide insight for today’s leaders on how organizations can be proactive in the cyber fight.

What are the top factors that move businesses from the bottom 10% to the top 10% of SASE deployments? In this session, Advisory CISO Wolfgang Goerlich will look at the latest data from Cisco’s Security Outcomes Report to analyze current trends in SASE strategy. From access management to data protection to how to manage it all, Wolfgang will discuss where to focus first in your strategies and how to build strong relationships that position your SASE pivot a success!

Legacy SOAR (Security Orchestration, Automation and Response) technology promised to revolutionize the practice of security operations. Unfortunately, the first generation of these platforms have gained a reputation for rigid playbooks that require extensive development resources, poor case management features, and limited use cases. That’s why Swimlane developed a more modern and extensible approach to security automation.

Use of the cloud is continuously growing, not surprisingly so due to its perceived lower costs, greater agility, and ability to increase computing power with increased demand & continuously deploy new applications and software features.

Despite the appeal of cloud, there are many security risks and vulnerabilities and managing these risks has proven to be a big challenge as cyber criminals shift their tactics to cloud data and systems in responses to this increased use of the cloud. According to a CRA Business Intelligence’s September 2022 Cloud Security Survey, misconfigurations, lack of oversight, and little visibility across the organization are among their chief concerns regarding cloud deployments.

If organizations are going to successfully adopt/transition to the cloud, they must ensure security is part of their program. An effective cloud security program includes various process and technology capabilities to effectively keep up with the current threat landscape and vulnerabilities.

For far too long, the role of the security analyst, charged with investigating, validating and responding to attacks amidst the noise of alerts from multiple tools, has been a frustratingly fragmented and inefficient one. The hours spent on manual triage, threat hunting and research across many tools and data sources, not only extends the time taken per incident, but also distracts valuable resources away from higher risk attacks. Data shows that despite deploying more great tools and getting more alerts, we are not getting much better at this, if at all, over the past several years. The industry needs to focus on the analyst experience. How can these tools and data sources be better connected? How can AI and machine learning best be employed to unburden teams of the error prone repetitive tasks while providing rapid and valuable insights into the specifics of an attack, and even provide focused recommended actions? This can and does, dramatically improve the overall analyst experience and efficacy, helping to prevent burn out while simultaneously sharpening response capabilities. Join us to discuss what we have learned and how we and other members of a growing, open community are building and delivering in this space.

Today, every company (and CISO) is confronting questions about how AI will apply to them and their industries. Whether it means a significant pivot in their operating models, or an opportunity to scale and broaden their offerings, all organizations must assess their readiness to deploy AI responsibly without perpetuating harm to their stakeholders and the world at large. In this talk, Cindi Carter will share thought-provoking, actionable advice on this topic for all audiences.

In the face of skyrocketing cyber risk, detecting and responding to attacks is no longer enough. Organizations must take proactive steps to prevent threats before they happen, and to recover if compromised. In this session, Darktrace unveil an ambitious new approach to security, with core engines powering AI technologies to prevent, detect, respond, and ultimately heal from attacks across all areas of their digital environment. Together, these engines combine to strengthen organizations’ security posture in a virtuous AI feedback ‘loop,’ which provides powerful end-to-end, bespoke, and self-learning solutions unique to each organization.

Despite having distinct differences, data privacy and compliance are deeply intertwined with cyber security. As focus on data privacy and compliance increases, business leaders can expect to see vast changes related to how consumer data is managed, shared, and secured. Policy & laws on data privacy and compliance continue to expand and become increasingly stringent, so it is important for companies and their respective business leaders to consider these areas as they develop & evaluate their cyber security strategies. For instance, last year the SEC proposed amendments to its rules on cyber security, risk management, strategy, governance, and incident disclosure by public companies.

At a more granular level, there are various initiatives to protect specific consumer data and ensure enterprises are compliant in doing so – particularly health data and children’s personal information. The American Data Privacy and Protection Act (ADPPA) if passed could greatly impact health data beyond the scope of HIPAA by establishing a national framework to protect & preserve the privacy of consumer data collected by entities not covered by HIPAA. In an American Medical Association survey, about 75% of surveyed patients expressed concern and confusion related to the privacy of their health data and how it is handled. The ADPPA could help clear up some of this confusion by establishing clear expectations. Another critical area is the collection of personal information of children. The Children’s Online Privacy Protection Act (COPPA) helps put parents in control of how their children’s data is handled and ensures that all entities in possession of this data sustain its confidentiality, security, and integrity.

Maintaining strong data privacy and compliance practices is imperative in preventing sensitive personal data from becoming compromised. This information is extremely valuable to cyber criminals, who seek to utilize compromised data to steal others’ identities or resell such PII.

This panel will look at the latest data privacy policies and implications for what this means for business leaders in the future. Our lineup of experts will lend their insights and offer best practices relating to privacy, compliance, and identity protection.

As security practitioners, we’re always trying to find ways to get ahead of attackers and mitigate threats before they wreak havoc in our environments. But, traditional defense-in-depth strategies rely more on reactive controls to build walls that we hope will stop attacks from being successful. However, time and again, we see news headlines proving how often and how easily these reactive approaches are defeated.

Today’s attack surface requires a different approach, focusing on preventative risk mitigation strategies that give more visibility, more context and a better mechanism to tie technical risk to business context. While reactive controls are still necessary, the more we can identify areas of risk before the attackers do and close the gaps in our defenses, the fewer attacks will take place and the more effective those reactive controls will be.

Preventative security strategies are driven by making better decisions about how, when and where to mitigate risks. In this talk, we’ll review techniques to implement within your security program that will give a better understanding of the technical and business risk across your attack surface, how to identify the areas to focus on first and ways to drive a more meaningful approach to mitigating risks before cyberattacks exploit your weaknesses.

Enterprises have ransomware prevention basics covered – from data backups, EDR, and user training, to phishing detection, and threat intel. But there’s a significant blind spot lurking: lack of visibility into malware compromises (especially when the infected devices are unmanaged or under-managed) and the resulting passwords, web session cookies that have been siphoned.

Without immediate knowledge of this data that criminals are using to target the enterprise for ransomware and other costly cyberattacks, SOC teams have become accustomed to a machine-centric malware infection response. The result is exposed employee, contractor, and partner identities, exploitable until the affected users, applications, and devices are properly remediated. It’s been a challenge for most organizations – until now.

Join this session to learn about a new, more complete and effective approach to preventing ransomware called Post-Infection Remediation. We’ll cover how:

-Today’s digital environment increases the risk of malware while decreasing security teams’ visibility into a growing attack surface
-Bad actors are shifting their tactics to access organizations via session hijacking with malware-exfiltrated cookies
-Organizations are addressing infostealer malware infections and the gaps that exist with machine-centric remediation
-The seven steps of Post-Infection Remediation can empower your SOC to neutralize the risk of ransomware and other critical threats

“Pay Up, or Else”. The number of organizations who have been faced with this scenario has been steadily increasing over the past several years as ransomware attacks continue to rise — both in numbers and the size of payouts.

The clear and present danger of a ransomware attack looms large among cyber executives and business leaders as the number of vulnerabilities increases daily. According to a 2022 CRA Business Intelligence survey, nearly one in four respondents reported that their organization experienced one or more ransomware attacks in the past 12 months, and almost one out of three of these organizations said the attacker succeeded in gaining access to their systems, encrypting files, and demanding a ransom

According to this survey, many believe that the worst is yet to come and that they are at a significantly higher risk of a cyberattack than ever before – it’s not a matter of “if,” but “when.”

Preparing for the inevitable and defending against the threat of a ransomware attack requires constant evaluation and assessment, and then making the necessary adjustments.

On this panel, our lineup of industry experts will discuss the key security measures enterprises must take, going beyond backup and recovery and anti-malware/anti-virus solutions to include endpoint security, vulnerability management, Active Directory monitoring, credential protection, DNS security tools, SIEM, DLP and encryption, and cloud security software.

• Understanding the principles of Zero Trust.
• Exploring the capabilities and benefits of IAM Identity Fabric in enabling Zero Trust architecture and strengthening security measures.
• Maturing each principle with IAM: mature We will discuss how IAM Identity Fabric can be effectively leveraged to implement each principle of Zero Trust, including continuous authentication, least privilege access, and granular visibility and control.
• Benefits of implementing Zero Trust with IAM Identity Fabric

The migration to Zero Trust is well on its way, but many organizations are still wary about making the move. Join industry veteran and Banyan Security’s Principal Security Engineer, Anthony Alves, to learn how Banyan’s device-centric approach is helping solve modern problems like broken MFA and modern threats such as generative AI tools including ChatGPT. Anthony will highlight four key considerations to selecting a solution that will be easy for administrators to deploy while also being easier for end users.