As enterprises grow increasingly reliant on technology for every aspect of operations, CISOs have found themselves in a completely new operations center: the boardroom. In this session ExtraHop will share strategies for discussing security and technology priorities at the board level.

1. Put Risk in Perspective: Headline-grabbing breaches can draw a lot of attention from business stakeholders and board members, but staying focused on the likely scenarios offers the best protection.
2. Lead with Resilience: Breaches are inevitable. How you recover is what counts.
3. Know the Gaps: Understand the gaps in your program and come with a plan to fill them.
4. Focus on Business Risk/Reward: Map core security priorities to business objectives.
5. Roadmap to “Yes”: Prioritizing business performance without sacrificing security.

APIs. They’ve been around for years in one form or another, bringing the benefits of ease of use, efficiency and flexibility to the development community. In recent years, API usage has seen exponential growth, driven by mobile device ubiquity and the move towards modular applications where APIs have become the foundational elements of the application business logic.

The same benefits that APIs bring to the developer community are now leveraged by bad actors to execute automated attacks against your public facing applications. Bad actors are using exposed APIs for account takeovers, fake account creation, automated shopping and content scraping attacks. The ubiquity and stateless nature of APIs makes protecting them from automated attacks increasingly difficult.

This session will delve into the topic of API security. What are the different approaches to protecting APIs from a range of security risks and how should security and development teams approach a consistent protection philosophy.

The collective efforts of attackers have fundamentally changed the cyberdefense game. Today, adversaries are sophisticated, creative and tenacious -- launching attacks at unprecedented rates and volumes. Blue Hexagon Chief Strategist Danelle Au will dive into the threat landscape including new attack vectors and how they are delivered. She will present a new approach to detect network threats using deep learning. Deep learning neural networks can learn and intelligently make decisions on malware, even zero days seen for the first time. In this session, hear about why advances are possible today and how organizations worldwide are harnessing deep learning address the modern threat landscape.

Today 86% of organizations are in the process of building or already have an existing system in place to prevent/defend against insider attacks; if this statistic proves anything it is that more and more business are coming to terms with the hostilities of our world. Expected or unexpected, an employee with access to company-wide systems, no matter their intentions is a great threat to any organization. An employee with malicious intentions is dangerous, but according to a recent IBM survey, 95% of all breaches involved someone making a mistake. The Insider Threat panel at the Cyber Security Summit will show you how your organization is at risk, as well as showing you innovative & necessary steps to take in order to prevent attacks and increasing your defense systems.

Organizations process and store huge volumes of sensitive information that belong to their customers and employees – from financial information to medical records to personal identifiers, like social security numbers and birthdates. Inadequate controls in IAM processes and technology can lead to breach, involuntary exposure of this data, and non-compliance issues.

But you cannot correct what you don't know, so the first step in any IAM program is assessment.

IDMWORKS CEO & Chief Strategist, Todd Rossin, will address the most common questions around IAM Assessments & Roadmaps - Why Should We Assess? What Should We Assess? and When Should We Reassess?

Any means access to enterprise apps and resources is the new normal, as is news on advanced threats and massive data breaches. While perimeter controls are not going away, the mantra of Zero Trust dictates a verify before trust approach to safeguard access. As companies continue to migrate to the cloud, organizations are considering per-application access using a software defined perimeter (SDP) architecture. SDP offers simple and secure endpoint to application authentication with stateful access compliance. While the death of firewalls and VPNs has been grossly exaggerated, how, when and where should organizations take advantage of this extended mode of secure access?

This session will explore:

- Hybrid IT trends ushering new Secure Access challenges

- Key tenets of Zero Trust applied to Secure Access

- SDP capabilities, use cases and considerations

- Reference architecture for dual-mode VPN and SDP:

On October 10, 2019, the California Attorney General published proposed regulations for implementing the California Consumer Privacy Act of 2018. While the 24 pages of regulations have provided clarity in several areas, this is very much a work in progress. Just some of the information security areas addressed include verifying consumer requests, transmitting consumer data securely, and use of self-service portals. In this interactive presentation, a data protection industry veteran will offer perspective on the regulations and what they mean for your information security program. Takeaways include:

• Insight into a host of new concepts introduced by the proposed regulations
• Resolving conflicts between the Act and the regulations
• Best practices in light of the January 1, 2020 enforcement date

Machine learning is a big step forward in combatting cyberattacks but is still no silver bullet. Many traditional cybersecurity solutions available today are causing huge operational challenges as they are not adequately fighting against today’s complex and sophisticated threats. Detection and response-based solutions are no longer sufficient as damage can already be done while waiting for the execution of an attack. Executives and security leaders need to start adopting a preventative approach to cybersecurity, which is made possible through Deep Learning.

Fortunately, AI technologies are advancing, and deep learning is proven to be the most effective cybersecurity solution, resulting in unmatched prevention rates with proven lowest false positive rates. As you evaluate new technologies for your organization, understand the differences and benefits of AI/ML/DL.

This session will cover:

• Introduction to Deep Learning – Differences between AI/ML/DL
• Applying deep learning as a preventative approach to cybersecurity
• Live demonstration of deep learning threat prevention

For many organizations they are looking at over half of their IT spending being related to cloud, whether infrastructure, services or other tools in the near future. As a CISO, this movement to the cloud can fill you with dread. Furthermore, one of the risks corporate boards understand best is third party risk, and now your entire network is in someone else’s hands. This transition is the subject of a lot of concern and a lot of mixed signals. It doesn’t have to be that way though, especially as moving to the cloud can be a security improvement, if managed appropriately. This panel will talk about the security issues CISO’s and IT leaders need to be aware of as they move further and further over to the cloud, what best practices and services they should consider or utilize, and how they can fully leverage the cloud resources to bring their organization to the next level of security.

The digital enterprise is constantly expanding, with new IoT, cloud, and operational technologies all challenging traditional notions of cyber security. Safeguarding these evolving environments against machine-speed attacks has never been more difficult.

Yet the digital battleground now features its most formidable defender in Cyber AI — a self-learning technology that distinguishes friend from foe in order to thwart threats autonomously. With the Cyber AI Platform protecting your entire infrastructure in real time, it doesn’t matter whether the attack originates on a connected device, an industrial system, or in the cloud. Wherever it strikes, the AI fights back in seconds.

In this session, you’ll discover:

• Why only Autonomous Response can counter today’s machine-speed attacks
• Where advanced threat-actors exploit vulnerabilities in the cloud and IoT
• What achieving 100% visibility can reveal about your organization’s risk profile
• How the Cyber AI Analyst reduces the time spent triaging threats by 92%

A common phrase in information security is: “It is a matter of when you will be breached, not if.” As the headlines provide real-life examples from Marriot, to Equifax, to FedEx, this seems more true than ever before. But what should you do to prepare, respond and recover from it? What tools and tactics will make it easier to detect a breach (either as it happens or after the fact), what do you say to key stake holders about what is happening and how do you pivot from “How did this happen” to “How can we make sure it doesn’t happen again”. Few things in IT can be as high visibility and high stakes as a breach and this panel will equip the audience with what they need to know to better handle when a breach happens.