Tampa 2021

Our digital environments and workforces are more dynamic than ever. To navigate the risks and challenges that digital innovation brings, organizations must rethink their approach to security.  Static, legacy approaches have become redundant against sophisticated, fast-moving threats, and attackers that continue to evolve their techniques. Organizations are increasingly turning to new technologies like AI to achieve much-needed adaptability and resilience; protecting workforces and data from attack by detecting, investigating and responding to cyber-threats in real time — wherever they strike.

Using public clouds for enterprise datacenters is now mainstream; the advantages are significant and the gained agility undisputable. However, the number of services and options being offered is daunting. And, with these choices come consequences; one misconfiguration can put your entire organization at risk…or worse.

Another reality you will face as you scale is the challenge of using a ‘one-size-fits-all’ interface. Imagine scrolling through lists of assets when the numbers are in the hundreds or even thousands. Just imagine trying to find a misconfigured or exposed S3 bucket when you have thousands; it’s finding a needle in a stack of needles.

And, if you’re like most enterprises, you have a resource gap and don’t have the experienced, trained security professionals maintaining your cloud environment(s). This gap exacerbates risks. The cloud environments available today are extremely comprehensive and powerful, but in unskilled hands, one fat-finger can have dire consequences. And, as you implement ephemeral cloud-native services like Lambda functions and other cloud-native platform components, new challenges will arise when conducting threat-detection and attribution.

In this session you’ll see your future and what to expect managing your public cloud-based datacenter. You’ll learn why Gartner says, “Through 2023, at least 99% of cloud security failures will be the customer’s fault.” We will highlight the top challenges you will face and show you what you should prepare for before you scale. We will also detail recommended best practices for securing and maintaining compliance in your public cloud data center.

Every organization gets compromised – it’s how you fast you detect and respond to an incident that counts. This is especially important when you look at trends like the overnight move to remote work, the rise in encrypted traffic and acceleration of cloud adoption, as well as the proliferation of enterprise IoT that have expanded the attack surface and complicated the job of security professionals. We’ll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or an incident from becoming a full-scale data breach.

Secure access service edge has quickly emerged as a hot topic in cybersecurity, but what exactly does it mean and why should organizations care? As cloud migration, BYOD adoption, and remote work have skyrocketed in prevalence, it has become increasingly apparent that organizations need to think differently about security. While legacy tools like firewalls are no longer equipped to handle the modern IT ecosystem, SASE platforms like Bitglass are built for this exact moment.

In this presentation, you will learn:

The core components of a SASE platform like Bitglass.
The functionality you need to secure cloud, web, and remote access use cases.
Architectural considerations you should keep in mind when comparing SASE vendors. 

Insider Threat has become increasingly problematic to businesses as the frequency and cost of these threats have risen over the last several years. In a global study conducted by Ponemon Institute in September of 2019, there was a 31% increase in overall cost of Insider Threat and a 47% increase in the total number of Insider Incidents from 2018.

Today, Insider Threat poses an even greater risk to businesses in the wake of the COVID-19 pandemic. Forrester Research, Inc. reported that in 2020, a quarter of all security breaches were caused by an insider and estimates that in 2021, Insider Threats will account for 33% of security breaches.

This panel will discuss the various factors that contribute to this increase in Insider breaches, how remote work has impacted the malicious & non-malicious Insider Threats facing businesses, and the implications this has on enterprises today. Our lineup of Industry Experts will offer their insight & provide best-practices on how businesses and their IT Security Teams should address these risks and adapt in order to defend against Insider Threats.

Financially motivated data breaches are similar to and different from espionage motives data breaches. Dave Grady and John Grim will compare financially-motivated and espionage-motivated data breaches. Specifically Dave and John will cover the:

• Aspects of Financial Motive Breaches
• Aspects of Espionage Motive Breaches
• Comparison between motives and the countermeasures required

With the Passwordless Decade well underway, more and more organizations are asking the question: Why is now the right time to move beyond passwords?

George Avetisov, CEO of HYPR, will discuss the rise of organizations moving to the cloud, how the perimeter fades and the attack surface gets larger. Modern tools such as SNIPR and Modlishka make it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. 

How did we get here, and will mainstream adoption of passwordless security have an impact? We will explore how the rise of virtual desktop infrastructure and a remote workforce has affected workstation login and review how the evolution of authentication has impacted organizations’ identity and access management systems.

In this session, you’ll learn:

The number of hackers and the number of organizations getting hacked has exploded over the last few years.  Organizations around the globe have experienced an exponential number of attacks against their networks, employees, vendors and intellectual property.  Join us as we explore the Dark Web to show how easy it is to become a hacker and how it is going to affect you in the future.  With Hackers ability to hide behind a variety of pseudo anonymous crypto currencies, combined with the ease of obtaining hacking resources, you will see what makes the life of cybercrime extremely attractive.  As the ransomware threat continues to grow by shutting down businesses, municipalities and healthcare, we will provide you with the roadmap to understand digital criminals and minimize the impact on your organization.

Building a defensible compliance program can be a bit of an art form. Sure, there are frameworks that supply structure to guide you, but — especially when multiple frameworks, policies, or regulations compound each other — the complexity of the various controls and supports can get unruly fast. This presentation will go through the basics of why compliance is necessary, how compliance and risk go hand-in-hand, and the five key steps to build a truly defensible compliance program.

Cyberattacks have quadrupled since the beginning of the pandemic. Lots of endpoints are currently on their own when it comes to being managed and protected. What will happen when these machines come back to the office, or are they coming back at all? This presentation will address the different scenarios that companies may encounter and how to resolve them by automating their endpoint management.

In 2020, there was an unprecedented growth in ransomware attacks and this trend shows no signs of slowing down. Rather, these attacks are evolving and becoming more harmful as cyber criminals become more organized and effective. It is predicted that in 2021, businesses will fall victim to a ransomware attack every 11 seconds with an estimated cost of over $20 billion – 57 times more than in 2015, making ransomware the fastest growing type of cybercrime.

As a result, companies are transitioning from the traditional “trust but verify” method and implementing a Zero Trust model, requiring all users to be authenticated and continually authorized in order to be granted access and maintain access to company data and applications. By leveraging various technologies & techniques such as multifactor authentication, IAM, least privilege access, and microsegmentation, the Zero Trust model reduces the risk of a ransomware attack and minimizes the potential damage from a breach.

This panel will highlight where enterprises are most vulnerable to becoming a victim of ransomware and how utilizing a Zero Trust model minimizes this risk. Industry experts will discuss best practices to avoid a ransomware attack including adapting the Zero Trust model, what to do if your company is being held for ransom, ways to mitigate the damage caused by an attack, and how to recover afterwards.

ThreatLocker CEO, Danny Jenkins will discuss recent attacks, how they could have been avoided, and protecting your business in an ever-evolving threat landscape.

It is important to recognize that, overall, the industry has an effectiveness problem. The escalation in threat activity and the talents shortage in the industry has created a situation where, despite lots of products and cybersecurity spend, we aren’t getting better protection. To put a finer point on it, there are over 3,000 vendors selling products in the industry. The total spend last year was $120B+ and even with all of that there we almost 4,000 breaches — a 96% increase over the previous year.​ The key takeaway from these breaches is that they are NOT product failures.​ They are operational failures. ​To prevent these kinds of breaches from happening again in the future, we believe, the industry needs to adopt a new approach – an operational approach – to cybersecurity. ​

Over the past few years, the number of organizations that have adopted cloud-based systems has grown exponentially, largely due to the COVID-19 pandemic. In turn, cloud security has become a critical issue for IT security executives and their teams. McAffee reported an increase of 630% in attacks by external actors targeting cloud services between January and April of 2020. This uptick in cloud security breaches is projected to persist even after the pandemic as many companies continue to utilize the cloud and leverage its benefits.

While migrating to the cloud offers numerous advantages, it also poses certain threats and challenges. In a recent report by Oracle & KPMG, over 90% of IT Professionals felt their organization had a cloud security readiness gap. A significant concern for many who are adapting to a cloud-based workforce is misconfigurations and gaps in cloud security programs. Additionally, cloud-based infrastructure requires adopting new security policies and processes. Many companies believe their existing security teams lack the necessary skillsets and knowledge that the cloud environment requires, especially as organizations turn to multi-cloud, hybrid cloud, and distributed cloud models.

This panel will highlight the areas where cloud systems can leave enterprises vulnerable, ways to minimize common misconfiguration errors, and other best practices to mitigate threats when migrating to the cloud. Our lineup of Industry Experts will provide their expertise on developing a robust cloud security strategy that addresses these issues and insight on how to stay secure in the future of cloud security.

Prior to defending an organization against a determined attacker, their techniques must be understood. This presentation provides an adversarial viewpoint to inform network defense leaders how the attackers see their organizations and are able to be successful with their objectives, even when well defended. The presenter will draw upon over 17 years of personal experience as a Red Team operator and leader to illustrate how your organizations are viewed, through the eyes of an adversary.