Dallas 2021

Our digital environments and workforces are more dynamic than ever. To navigate the risks and challenges that digital innovation brings, organizations must rethink their approach to security.  Static, legacy approaches have become redundant against sophisticated, fast-moving threats, and attackers that continue to evolve their techniques. Organizations are increasingly turning to new technologies like AI to achieve much-needed adaptability and resilience; protecting workforces and data from attack by detecting, investigating and responding to cyber-threats in real time — wherever they strike.

Every organization gets compromised – it’s how you fast you detect and respond to an incident that counts. This is especially important when you look at trends like the overnight move to remote work, the rise in encrypted traffic and acceleration of cloud adoption, as well as the proliferation of enterprise IoT that have expanded the attack surface and complicated the job of security professionals. We’ll explore those trends and the opportunity that lay ahead for security teams post-compromise to prevent an event that results in an outage or an incident from becoming a full-scale data breach.

More and more organizations are moving workloads to the cloud in hopes of increased flexibility and agility. However, this seems to come with increased complexity in the daily operations of traditional network and security professionals. Migration of traditional applications to the public cloud and the development of cloud-native applications further fragments already complicated infrastructures. Traditional security and network teams must work together with those in charge of cloud operations to secure access and connectivity across multiple security controls. The centralization of security policies offers visibility and control into these complex hybrid environments, ensuring security while maintaining business agility.

Secured Access Service Edge, or SASE, is no longer a buzzword tossed around by cybersecurity pundits but is a robust, cloud-based service model to enable secure anywhere, anytime access from any device.

In the Are you SASE Ready? 5 Steps for Building Your SASE Roadmap webcast, you will learn how to build a roadmap to move to SASE and the benefits such a move will offer.

The session will cover how SASE will provide your organization with a path to reducing network and security cost and complexity while increasing security and connectivity to give your users a better experience, regardless of location.

In this session, Paul Martini, CEO, CTO & Co-founder at iboss, will discuss:

• An understanding of the main drivers that lead organizations to migrate to SASE cloud;
• 5 steps to help you understand how to future-proof your network security investments;
• What to consider when choosing a SASE platform.

In 2020, there was an unprecedented growth in ransomware attacks and this trend shows no signs of slowing down. Rather, these attacks are evolving and becoming more harmful as cyber criminals become more organized and effective. It is predicted that in 2021, businesses will fall victim to a ransomware attack every 11 seconds with an estimated cost of over $20 billion – 57 times more than in 2015, making ransomware the fastest growing type of cybercrime.

As a result, companies are transitioning from the traditional “trust but verify” method and implementing a Zero Trust model, requiring all users to be authenticated and continually authorized in order to be granted access and maintain access to company data and applications. By leveraging various technologies & techniques such as multifactor authentication, IAM, least privilege access, and microsegmentation, the Zero Trust model reduces the risk of a ransomware attack and minimizes the potential damage from a breach.

This panel will highlight where enterprises are most vulnerable to becoming a victim of ransomware and how utilizing a Zero Trust model minimizes this risk. Industry experts will discuss best practices to avoid a ransomware attack including adapting the Zero Trust model, what to do if your company is being held for ransom, ways to mitigate the damage caused by an attack, and how to recover afterwards.

As security and IT teams support the disparate tools, resources and infrastructure required to enable organizations to securely move to the cloud, innovate, compete and grow, they face the challenge of establishing centralized visibility, detection and control over this fragmented, multifaceted environment with many owners.
Join this session to hear how by focusing in on the four main areas of Distributed Operations, AI Driven Analytics, Just In Time Expertise and Automation, you can create a unified SOC, from many dispersed components and personnel, that can operate as one high functioning effective unit.

With the Passwordless Decade well underway, more and more organizations are asking the question: Why is now the right time to move beyond passwords?

George Avetisov, CEO of HYPR, will discuss the rise of organizations moving to the cloud, how the perimeter fades and the attack surface gets larger. Modern tools such as SNIPR and Modlishka make it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. 

How did we get here, and will mainstream adoption of passwordless security have an impact? We will explore how the rise of virtual desktop infrastructure and a remote workforce has affected workstation login and review how the evolution of authentication has impacted organizations’ identity and access management systems.

In this session, you’ll learn:

The move to cloud poses unique challenges as organizations adapt to securing infrastructure as code for all applications while being prepared to secure brave new features such as containers, microservices and automatic scaling. Deploying all your infrastructure as code with security built-in is a challenge. Teams must consistently conform to established standards operating in the cloud environment and enforce these standards through processes such as automated checking and automated compliance testing.

“As we’ve all learned throughout the years, good compliance doesn’t always equal good security, but good security usually means easy compliance.”

– Tom Holodnik, Intuit

Paradigm Shift in Cloud Security – AWS ProServe and ThreatModeler Joint Offering

To scale secure migrations to the cloud, AWS ProServe and ThreatModeler have designed a 30-day accelerated program. This joint offering (Automated Threat Modeling) enables a self-service model to scale secure Cloud Development Life Cycles (CDLCs) by automatically converting an architecture diagram into a threat model and recommend the controls required to secure the attack surface. Automated Threat Modeling analyzes the live AWS service environment to validate the security controls, ensuring all the threats have been mitigated. Even developers with little or no knowledge of security can build their AWS environment securely.

Over the past few years, the number of organizations that have adopted cloud-based systems has grown exponentially, largely due to the COVID-19 pandemic. In turn, cloud security has become a critical issue for IT security executives and their teams. McAffee reported an increase of 630% in attacks by external actors targeting cloud services between January and April of 2020. This uptick in cloud security breaches is projected to persist even after the pandemic as many companies continue to utilize the cloud and leverage its benefits.

While migrating to the cloud offers numerous advantages, it also poses certain threats and challenges. In a recent report by Oracle & KPMG, over 90% of IT Professionals felt their organization had a cloud security readiness gap. A significant concern for many who are adapting to a cloud-based workforce is misconfigurations and gaps in cloud security programs. Additionally, cloud-based infrastructure requires adopting new security policies and processes. Many companies believe their existing security teams lack the necessary skillsets and knowledge that the cloud environment requires, especially as organizations turn to multi-cloud, hybrid cloud, and distributed cloud models.

This panel will highlight the areas where cloud systems can leave enterprises vulnerable, ways to minimize common misconfiguration errors, and other best practices to mitigate threats when migrating to the cloud. Our lineup of Industry Experts will provide their expertise on developing a robust cloud security strategy that addresses these issues and insight on how to stay secure in the future of cloud security.

When you hear “ransom attack” you probably think of ransomware – the malware that can encrypt or block files or entire systems until you pay the attacker to restore access. But there’s been a massive surge in a virulent new type of ransom attack. And the defenses you’ve established to fight ransomware won’t help defeat this new threat, because it doesn’t require malware. Instead, the extortionists simply threaten to shut down your network with a massive Distributed Denial of Service (DDoS) attack at a specified day and time – unless you pay. 

Attend this session to learn:

• Why these new attacks are so dangerous
• How a typical attack unfolds
• What to do if you’re threatened
• How to prepare to fight one off successfully

Insider Threat has become increasingly problematic to businesses as the frequency and cost of these threats have risen over the last several years. In a global study conducted by Ponemon Institute in September of 2019, there was a 31% increase in overall cost of Insider Threat and a 47% increase in the total number of Insider Incidents from 2018.

Today, Insider Threat poses an even greater risk to businesses in the wake of the COVID-19 pandemic. Forrester Research, Inc. reported that in 2020, a quarter of all security breaches were caused by an insider and estimates that in 2021, Insider Threats will account for 33% of security breaches.

This panel will discuss the various factors that contribute to this increase in Insider breaches, how remote work has impacted the malicious & non-malicious Insider Threats facing businesses, and the implications this has on enterprises today. Our lineup of Industry Experts will offer their insight & provide best-practices on how businesses and their IT Security Teams should address these risks and adapt in order to defend against Insider Threats.

Users can be induced to click on malicious content through fear, curiosity or trust. The malware they invite onto their devices routinely evades detection by even the most sophisticated security products, making breaches inevitable. It is time for a different approach to endpoint security, applying the sound engineering principles of least privilege and strong isolation enabled by modern CPUs – protection that doesn’t rely on detection.

Nation States, Non-Nation State Actors, Hacktivists, enterprise cyber criminals, shadow government agencies, terrorist organizations, loosely affiliated groups are using this next level $#@! as we speak to conduct cyber warfare: irregular warfare and proxy attacks, disinformation and disruption campaigns, “truth decay” (‎RAND Corp); to manipulate and influence public opinion, foment criminal violence; infiltrate organizations to conduct fraud, scam, and harass; highjack legitimate real human accounts for impersonation; and to distribute malware. These are very interesting times we are living in and this is the new cyber battleground.

If anyone has benefitted from the pandemic, it has been cyber attackers.

As businesses expanded their investment in cloud resources and other IT resources in response to the pandemic, cyberattacks also dramatically increased.

Businesses reported 445 million cyberattack incidents in 2020, double the rate for 2019.

It didn’t have to be this way. With stronger threat intelligence solutions in place, many of the security incidents of 2020 could likely have been averted.

During this session Avital a very Senior Threat Intelligence Team Lead at Cyberint, will demonstrate with examples why pin-pointed Threat Intelligence should be a key component for your Cyber-security strategy.

Prior to defending an organization against a determined attacker, their techniques must be understood. This presentation provides an adversarial viewpoint to inform network defense leaders how the attackers see their organizations and are able to be successful with their objectives, even when well defended. The presenter will draw upon over 17 years of personal experience as a Red Team operator and leader to illustrate how your organizations are viewed, through the eyes of an adversary.