Despite advances in technology, protecting your organization is harder than ever. Decades of “point” security products have led to fragmented systems, an avalanche of data, and an unmanageable number of false positives. Rising threat sophistication and skills gaps have resulted in uncertainty around your organization’s incident response readiness. Budgets are out-of-sync with needs, so funding innovation requires new ideas and creativity. This session will explore both process and technology strategies you can implement to lower risk and reduce organizational friction. You’ll also come away with ways to find cost savings you can reallocate to the SecOps innovation that will keep your organization safe.

Although the concepts of artificial intelligence and machine learning are not new, they have recently garnered mainstream attention. As is normal in the technology space, the initial hype makes it sound like a panacea and cybersecurity vendors are scrambling to hitch their marketing messages to it. This session will help you differentiate fact from folly and arm you with specific questions you can ask vendors as you evaluate new solutions and navigate the landscape of all things cyber.

Although fundamentally intertwined, security teams and the rest of the business often struggle to communicate, especially when the topic is risk. Security teams measure this as technical risk, “how vulnerable are we?” The rest of the organization measures this as a business risk, “what will our losses be and how much will the recovery cost?” Join us to discuss how various scoring mechanisms can be implemented to bridge this gap to articulate risk in a way that all teams understand. 

Competent CISOs are in high demand.  How do you become appointed to the position of the CISO.   The skills that got  you to the CISO position will not keep you there for long. Successful CISOs know how to lead a security and risk management organization that is well regarded and proficient in a number of areas. Dealing with ever increasing and sophisticated attacks, oversight by the Board of Directors, balancing threats versus compliance requirements, thought leadership, enabling digital transformation strategies, and more. There is a way to not just survive but thrive.

Fact: A 2018 report researched by PwC interviewed 9,500 executives from 122 countries revealed that 54% do not have an incident response plan and 44% did not have an overall info security strategy. That indicates that the future of successful cyber attacks is inevitable. This panel discusses “Security Orchestration” which unites the security teams or “human element” with pre-existing automated tools and processes around security incidents. Effective alerts, automated incident response actions with solutions that integrate & communicate with each other can all assist in making sense of the breach and respond in an orchestrated fashion. A proper plan also includes a communication process incorporating the legal, law enforcement, insurance and public relations team. Today’s CISO needs to anticipate, and predict how the security challenges of the future may affect the business and be able to articulate that to the board along with eventually disseminating the breach to the media & public.

The transition from legacy data centers to hybrid environments brings an array of usability, visibility and protection challenges as users connect to applications and resources across network, cloud and SaaS domains. With accelerated demands to support a mobile workforce and consumerization of IT, “trust but verify” controls are crucial to mitigate malware, data privacy, breach and IoT threats. How can anytime, anywhere access be seamless while ensuring consistent policy and protection capabilities.  Whether your business is fully cloud invested or going on a per app and business case, this session will explore:

• How, why and impact of siloed, work-around secure access mechanisms
• Defining identity, device, security state and information relationships
• Key components of protected connections, appropriate access, and availability
• Considerations to gain intelligence, unify policies and orchestrate workflows
• A reference platform for on-premise and multi-cloud Secure Access

From insiders to sophisticated external attackers, the reality of cyber security today is that the threat is already inside. Legacy approaches to cyber security, which rely on knowledge of past attacks, are simply not sufficient to combat new, evolving attacks, and no human cyber analyst can watch so much or react quickly enough. A fundamentally new approach to cyber defense is needed to detect and respond to these threats that are already inside the network – before they turn into a full-blown crisis. 

Self-learning systems represent a fundamental step-change in automated cyber defense, are relied upon by organizations around the world, and can cover up to millions of devices. Based on machine learning and probabilistic mathematics, these new approaches to security can establish a highly accurate understanding of normal behavior by learning an organization’s ‘pattern of life,’. They can therefore spot abnormal activity as it emerges and even take precise, measured actions to automatically curb the threat. 

Discover why autonomous response and machine learning is the future of defense and how the ‘immune system’ approach to cyber security provides complete network visibility and the ability to prioritize threats in order to better allocate time and resources. 

In this session, learn: 

• How new machine learning and mathematics are automating advanced cyber defense 
• Why full network visibility allows you to detect and autonomously respond to threats 
• How smart prioritization and visualization of threats allows for better resource allocation and lower risk 
• Real-world examples of unknown threats detected by ‘immune system’ technology

Ransomware sales have increased by over 1,400% over the last two years. The impact of ransomware, destructive malware and related attacks is growing globally as the statistics illustrate. This panel addresses the question of whether your company should pay the cyber criminals with the fact that you may not retrieve your data regardless. Best practices including continually backing up your critical files to multiple locations including the cloud, the use of decryption tools when your assets are held for ransom, keeping your security software up to date and training the employees about the dangers of opening the wrong attachment or link. 

With 90% of organizations feeling vulnerable to insider attacks and a majority of organizations confirming insider attacks against their organizations in the past 12 months, insider threat proves to be even more virulent than malicious attacks by actors beyond your network walls. On your payroll in one way or another, these dissatisfied employees, corporate spies and the like, have the means to harm your business. These insiders also have the ability to cause harm without meaning to! This panel will enlighten you on what insider threat & corporate espionage put at risk in your business. You will learn how identify threats inside your business (malicious and accidental) and leave with strong takeaways that will allow you to fortify your company defenses.

Organizations process and store huge volumes of sensitive information that belong to their customers and employees – from financial information to medical records to personal identifiers, like social security numbers and birthdates. Inadequate controls in IAM processes and technology can lead to breach, involuntary exposure of this data, and non-compliance issues. But you cannot correct what you don’t know, so the first step in any IAM program is assessment.

IDMWORKS CEO & Chief Strategist, Todd Rossin, will address the most common questions around IAM Assessments & Roadmaps – Why Should We Assess? What Should We Assess? and When Should We Reassess?