What’s the single most important component of an effective cyber-security program? Here’s a hint: It has nothing to do with technology. Dave Grady, Senior Client Partner from Verizon’s Security Solutions group, will discuss the importance of stakeholder engagement in cyber-security. Drawing on his 10 years as a security program manager and a previous 15-year career as an internal communications manager, Grady will explore how better communication between security teams and the business lines, executives and customers they support can make for a more effective security program. Better still, effective stakeholder engagement can reduce security-practitioner burnout and contribute to their professional growth.

Join senior executives from BitSight, Tanium, Recorded Future and Cylance for a panel discussion on how cyber-security is taking a bigger seat at the “strategic table” as more organizations look at risk from an integrated perspective. Moderated by Verizon’s Dave Grady, this panel discussion will offer into how some of the world’s most leading-edge organizations are re-evaluating the role of cybersecurity in enterprise risk — and transforming their security programs to adapt to a world of complex IT ecosystems and ever-emerging threats.

Today 86% of organizations are in the process of building or already have an existing system in place to prevent/defend against insider attacks; if this statistic proves anything it is that more and more business are coming to terms with the hostilities of our world. Expected or unexpected, an employee with access to company-wide systems, no matter their intentions is a great threat to any organization. An employee with malicious intentions is dangerous, but according to a recent IBM survey, 95% of all breaches involved someone making a mistake. The Insider Threat panel at the Cyber Security Summit will show you how your organization is at risk, as well as showing you innovative & necessary steps to take in order to prevent attacks and increasing your defense systems.

Ask any analyst, reporter, or financial observer, and they’ll tell you that the security market is ripe for consolidation. For years, security vendors have proliferated, buoyed by high valuations and ever-expanding enterprise security budgets. While this rush to innovate has resulted in better and more sophisticated threat defenses, it has also created a complex web of tools which already overworked, overwhelmed, and understaffed security teams must manage. This tool sprawl is one reason that so many in and around the security industry believe that an era of consolidation is coming. According to ESG Research, 66 percent of businesses are actively working to consolidate their security portfolio. For many in the security industry, a security platform that essentially puts your “SOC-in-a-box” is an ideal solution to the tool sprawl problem. But this approach is not without peril. If the security industry consolidates to the point that there are just a few platform solutions, this will not only stifle innovation, it will result in a monoculture – and monocultures are notoriously susceptible to disease. If every organization uses an identical or nearly identical set of security tools, breaking into one means breaking into them all. And once threat actors figure out how to break in once, they’ll have the keys to every organization. Just like the world banana population – itself a monoculture – is currently being wiped out by a fungus to which is has no natural resistance, a single cyber threat could take down a vast number of organizations. In the case of cybersecurity, heterogeneity of defense systems is itself a defense, so security teams need to approach consolidation differently. In this session, attendees will learn: – How a data-first approach to security architectures can illuminate natural consolidation points – How collaboration with other parts of the IT organization can actually improve security posture and reduce tool sprawl. – How this collaborative approach also creates opportunity to leverage other parts of the organization to improve security posture through smarter processes and practices.

Cyber-attack has become the most significant risk facing today’s businesses, smart cities, and critical infrastructure, with the total cost of online crime projected to surpass one trillion dollars in 2019. At the heart of this crisis is none other than the traditional approach to cyber defense, which relies on rules and signatures to detect known threats at a time when cyber-criminals launch never-before-seen attacks on a daily basis.

To keep pace with the ever-evolving threat landscape, Darktrace employs a fundamentally different approach — one rooted in artificial intelligence. Rather than attempting in vain to predefine what the next novel attack will look like, Darktrace AI instead learns a unique ‘pattern of life’ for every user, device, and network that it safeguards. With this understanding of ‘self’ versus ‘not self,’ Darktrace can detect the subtly anomalous behavior indicative of both known and unknown attacks, allowing defenders to finally fight back against their online adversaries.

In this session, you will learn:

• Where cyber-criminals have found weaknesses in legacy approaches to security
• Why only self-learning security tools can parry never-before-seen attacks
• How to protect your network from machine-speed attacks with Darktrace Antigena
• What gaining 100% network visibility of your entire digital estate can reveal about the largely uncharted vulnerabilities that attackers are targeting today

Any means access to enterprise apps and resources is the new normal, as is news on advanced threats and massive data breaches. While perimeter controls are not going away, the mantra of Zero Trust dictates a verify before trust approach to safeguard access. As companies continue to migrate to the cloud, organizations are considering per-application access using a software defined perimeter (SDP) architecture. SDP offers simple and secure endpoint to application authentication with stateful access compliance. While the death of firewalls and VPNs has been grossly exaggerated, how, when and where should organizations take advantage of this extended mode of secure access? This session will explore:

This session will explore:

• Hybrid IT trends ushering new Secure Access challenges
• Key tenets of Zero Trust applied to Secure Access
• SDP capabilities, use cases and considerations
• Reference architecture for dual-mode VPN and SDP

For many organizations they are looking at over half of their IT spending being related to cloud, whether infrastructure, services or other tools in the near future. As a CISO, this movement to the cloud can fill you with dread. Furthermore, one of the risks corporate boards understand best is third party risk, and now your entire network is in someone else’s hands. This transition is the subject of a lot of concern and a lot of mixed signals. It doesn’t have to be that way though, especially as moving to the cloud can be a security improvement, if managed appropriately. This panel will talk about the security issues CISO’s and IT leaders need to be aware of as they move further and further over to the cloud, what best practices and services they should consider or utilize, and how they can fully leverage the cloud resources to bring their organization to the next level of security.

IChronicle leverages massive data and compute resources to help enterprises analyze and fight cyber threats. Backstory helps enterprise security teams investigate incidents and hunt for threats in their networks, at the speed of search. Join us in this session to see how Chronicle brings unique resources and talent to the goal of giving enterprises, and the people within them, the tools to win the fight against cybercrime.

In this session, Dr. Ian Pratt will talk about how modern malware continues to circumvent even the most advanced enterprise perimeter and endpoint security tools. Even AI and Machine Learning-based technologies can’t seem to keep up with the most sophisticated and well-funded hackers.

Join us to discuss new strategies today’s enterprises can employ to protect endpoints against ransomware, polymorphic malware, and threats that lurk inside email attachments, phishing links, file downloads and malicious websites.

A common phrase in information security is: “It is a matter of when you will be breached, not if.” As the headlines provide real-life examples from Marriot, to Equifax, to FedEx, this seems more true than ever before. But what should you do to prepare, respond and recover from it? What tools and tactics will make it easier to detect a breach (either as it happens or after the fact), what do you say to key stake holders about what is happening and how do you pivot from “How did this happen” to “How can we make sure it doesn’t happen again”. Few things in IT can be as high visibility and high stakes as a breach and this panel will equip the audience with what they need to know to better handle when a breach happens.