Most organizations understand that “it is not a matter of if a cyber incident will occur but when.” Therefore, leading organizations work to balance cyber security along with cyber resilience so the impact to systems from an incident is minimized. Effective cyber security monitors the threat landscape to identify which threats pose the most significant risk and utilize controls to minimize the likelihood of occurrence. Optimal cyber resilience complements the cyber security practice with controls that minimize the impact to the organization’s systems when a security incident occurs. This session will provide examples of how organizations are working to achieve optimal cyber security and resilience within an evolving threat landscape.

Global ransomware attacks like WannaCry already move too quickly for humans to keep up, and even more advanced attacks are on the horizon. Cyber security is quickly becoming an arms race — machines fighting machines on the battleground of corporate networks. Algorithms against algorithms.

Artificial intelligence-based cyber defense can not only detect threats as they emerge but also autonomously respond to attacks in real time. As the shortage of trained cyber analysts worsens, the future of security seems to be automatic. But are humans ready to accept the actions machines would take to neutralize threats?

Darktrace recently ran tests across enterprises of all sizes in a variety of industries and has subsequently deployed AI-based autonomous response in over one hundred organizations. In this presentation explore lessons learned and hear about several use-cases in which autonomous response technology augmented human security teams.”

In this session learn about:

• AI approaches and algorithms for detecting and responding to threats
• How human teams adopt (or resist) automated defenses
• The concepts of ‘human confirmation’ mode and ‘active defense’
• Success stories across Smart Cities, genomics organizations, and industrial control systems

Today 86% of organizations are in the process of building or already have an existing system in place to prevent/defend against insider attacks; if this statistic proves anything it is that more and more business are coming to terms with the hostilities of our world. Expected or unexpected, an employee with access to company-wide systems, no matter their intentions is a great threat to any organization. An employee with malicious intentions is dangerous, but according to a recent IBM survey, 95% of all breaches involved someone making a mistake. The Insider Threat panel at the Cyber Security Summit will show you how your organization is at risk, as well as showing you innovative & necessary steps to take in order to prevent attacks and increasing your defense systems.

Data is a blessing and a curse. Get the right data, in the right amount, at the right time, and you are in the driver’s seat. The wrong data, too little data, too much data, or the wrong timing, and you are in the hot seat. The explosion of data and its byproduct, network traffic, create structural problems for the SOC.

In this session, attendees will learn how taking a different approach to data – one that emphasizes speed, fidelity, and the elimination of data silos – can enable more successful threat hunting and incident response. Topics covered include the impact of TLS 1.3 and encryption on data and its ripple effect on security operations, as well as best practices for threat hunting. The session will also delve into how network traffic analysis can serve as the foundation of more effective security practices, data-driven decisions, and a mature, proactive SOC.

Any means access to enterprise apps and resources is the new normal, as is news on advanced threats and massive data breaches. While perimeter controls are not going away, the mantra of Zero Trust dictates a verify before trust approach to safeguard access. As companies continue to migrate to the cloud, organizations are considering per-application access using a software defined perimeter (SDP) architecture. SDP offers simple and secure endpoint to application authentication with stateful access compliance. While the death of firewalls and VPNs has been grossly exaggerated, how, when and where should organizations take advantage of this extended mode of secure access?

This session will explore:

• Hybrid IT trends ushering new Secure Access challenges
• Key tenets of Zero Trust applied to Secure Access
• SDP capabilities, use cases and considerations
• Reference architecture for dual-mode VPN and SDP

Organizations process and store huge volumes of sensitive information that belong to their customers and employees – from financial information to medical records to personal identifiers, like social security numbers and birthdates. Inadequate controls in IAM processes and technology can lead to breach, involuntary exposure of this data, and non-compliance issues. But you cannot correct what you don’t know, so the first step in any IAM program is assessment.

IDMWORKS CEO & Chief Strategist, Todd Rossin, will address the most common questions around IAM Assessments & Roadmaps – Why Should We Assess? What Should We Assess? and When Should We Reassess?

For many organizations they are looking at over half of their IT spending being related to cloud, whether infrastructure, services or other tools in the near future. As a CISO, this movement to the cloud can fill you with dread. Furthermore, one of the risks corporate boards understand best is third party risk, and now your entire network is in someone else’s hands. This transition is the subject of a lot of concern and a lot of mixed signals. It doesn’t have to be that way though, especially as moving to the cloud can be a security improvement, if managed appropriately. This panel will talk about the security issues CISO’s and IT leaders need to be aware of as they move further and further over to the cloud, what best practices and services they should consider or utilize, and how they can fully leverage the cloud resources to bring their organization to the next level of security.

Adversaries have had the upper hand for too long. CrowdStrike is systematically turning the tables on them, creating a platform that allows you to beat them at their own game. Find out why 2019 is the year we take cyberspace back.

Learn more about:

• Emerging Threat Trends
• Speed Is Everything: The 1-10-60 Rule
• Cybersecurity’s New Dimension
• The Road Ahead

A common phrase in information security is: “It is a matter of when you will be breached, not if.” As the headlines provide real-life examples from Marriot, to Equifax, to FedEx, this seems more true than ever before. But what should you do to prepare, respond and recover from it? What tools and tactics will make it easier to detect a breach (either as it happens or after the fact), what do you say to key stake holders about what is happening and how do you pivot from “How did this happen” to “How can we make sure it doesn’t happen again”. Few things in IT can be as high visibility and high stakes as a breach and this panel will equip the audience with what they need to know to better handle when a breach happens.