ISMG Engage - Finance
Engage February 16, 2023
Kicking off 2023, ISMG Engage Finance addresses the challenges ahead that are constantly evolving and impacting every aspect of our business and personal lives. We will bring together industry leaders and decision-makers to connect and learn from each other’s success, as well as challenges, in an interactive educational environment.
ISMG Engage provides a platform for executives to learn from each other. Join the largest community of security leaders for closed-door ’Deep Dive’ discussions designed to provide engaging insight on the latest threats, technology and solutions to apply in your place of work.
New York, NY
Name :
New York, NY
Samant Nagpal
General Manager and Global Head of Risk
Square
Claire Le Gal
Senior Vice President, Fraud Intelligence, Strategy & Cyber Products
Mastercard
Karen Boyer
SVP Financial Crimes, Fraud Intelligence
M&T Bank
Michael Novinson
Managing Ediitor
ISMG
John Kindervag
Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow
ON2IT Cybersecurity
Kolin Whitley
Head of North America Acceptance Risk
VISA
Arif Hameed
CISO and VP
Munich Re New Ventures
Tom Field
Chief Executive of Editorial
ISMG
Mat Schwartz
Executive Editor
ISMG
Ari Redboard
Head of Legal and Government Affairs
TRM Labs
Troy Leach
Chief Strategy Officer
Cloud Security Alliance
David Pollino
Former CISO
PNC Bank
Matanda Doss
Executive Director, Cybersecurity and Technology Controls, Commerical Bank
JP Morgan Chase & Co
Anna Delaney
Director, ISMG Productions
ISMG
Jeremy Grant
Managing Director-Technology Business Strategy
Venable LLP
Grant Schneider
Senior Director for Cybersecurity services ( Former U.S. federal CISO)
Venable LLP
Adam Evans
Vice President Cyber Operations & CISO
RBC
Fred Harris
Head of Cybersecurity Risk, Data Risk and IT Risk
Societe Generale
AnnaLou Triol
Deputy Director
FinCen
Chris Holden
CISO
Crum & Forster
Kevin Li
CISO
MUFG Securities Americas
Nick Coleman
CSO, Real Time Payments
Mastercard
Rashmi Sahay
Vice President, IT & Cyber Risk Leader 
Bank of the West/BNP Paribas
Michael Sawyer
Head of Technology Controls for Consumer Lending, Credit Cards and Merchant Services and Wealth and Investment Management
Wells Fargo
Parthiv Shah
SVP & CISO
Signature Bank
Rachel Guinto
AVP Global Information Risk Management (L2)
Manulife
View Agenda
Welcome and Keynote Address
  • 04:00 PM
  • 04:44 PM
Networking Break
  • 04:45 PM
  • 04:59 PM
  • 05:00 PM
  • 05:59 PM
Deep Dive Discussions: 10 Topic-Based Intimate Sessions

Meet with security industry leaders in a boardroom setting to converse with peers and gain insight into leading security trends and technology. Participate in one of the following topic-based closed door Deep Dive Discussions.

  • Zero Trust
  • OT
  • Cybercrime
  • Ransomware
  • Fraud
  • IAM
  • Cryptocurrency
  • Payments
  • Critical Infrastructure
  • Incident Response
  • 05:00 PM
  • 05:59 PM
How Malware Helps Bad Actors

Despite your team’s best efforts to defend against cyberattacks, organizations often lack visibility into when employees and consumers fall victim to the most nefarious type of attack - malware infections. Malware-stolen data is highly valuable to bad actors and is a gateway for them to commit fraud and infiltrate corporate networks.

When your users are affected by malware, it’s too late. Once a botnet is installed (like the infamous RedLine Stealer), cybercriminals have already started to siphon critical information such as passwords, financial data, web session cookies, browser autofill details and more. With that data, not even your most sophisticated lines of defense (including MFA) can stop criminals from impersonating your users.

Discussion topics will explore:

  • Analyze the depth of the malware problem and discuss ways your organization is addressing the problem currently
  • Look into the best ways to gain visibility into active infections that can potentially plague your systems
  • Discuss best ways to successfully mitigate the effects of these insidious information stealers with your peers
  • 05:00 PM
  • 05:59 PM
The Future of Ransomware and Evolving Attacks

Adaptations are needed to keep pace with the changing ransomware environment. This panel will address what you should be ready for. They will also debate valid and invalid approaches to minimizing risk -from technology, government and other activities that will influence how organizations can to respond to threats. This panel will:

  • Discuss current trends for ransomware attacks 
  • Look at the impact of the changing environment on insurance premiums
  • Debate whether norms or regulations should dictate payments
  • Address critical strategies and aspects to being successful in defending against attacks       
  • 05:00 PM
  • 05:59 PM
Better Understanding Cloud Security Risks

In just a few years, cloud conversations have gone from theoretical to critical. And with migrations to the cloud ongoing, many enterprises have had to rethink their security approach. In these environments, some practitioners are charged with expending resources to mitigate “high-severity” CVEs – regardless of how a vulnerability may interact with that IT environment. This risk may pale in comparison, for example, to a malware occurrence at the edge that goes unchecked.

A potential lack of visibility into apps, users and network traffic, coupled with alert fatigue, means practitioners may need a clearer view of their environment – before low-and-slow network reconnaissance leads to a potential crypto-locking nightmare. As enterprises mature in the cloud and their technology stacks grow – it becomes increasingly important to quickly detect and respond to vulnerabilities, malware and compromised assets. Network defenders, then, must use “contextual risk” factors to determine their next action items.
 

Discussion topics will explore:

  • Whether or not your organization should be cloud-first, and if this migration is necessary
  • Asses the risk and vulnerabilities’ detection in your cloud environment to mitigate potentially devastating consequences
  • How intertwined cloud security practices are with instances of ransomware, shadow IT or other concerns

Analyze the state of cloud security in the near- and long-terms, and what strategies your enterprise is utilizing to evolve accordingly

  • 05:00 PM
  • 05:59 PM
Little Device Big Threat! - IoT Attacks, Vulnerabilities and Prolific Risk

The Internet of Things (IoT) is expanding at a dramatic rate. As we connect our devices to more and more aspects of our daily lives, we are creating a roadmap for invasive listening, hacking and business disruption. Join us to learn more about where IoT is headed and how you can stay safe while still reaping the benefits of a digital world.  This session will illuminate

  • Biggest threats based on trending attacks  
  • Challenges of IoT security based on common vulnerabilities
  • Vulnerabilities caused by new technologies
  • Strategies for securing huge attack surfaces
  • Regulatory and compliance issues rising from third-party partnerships
  • 05:00 PM
  • 05:59 PM
OT Security: Adapting to Evolving Threat and Business Landscapes

Through accelerated digital transformation and hybrid work, our critical infrastructure is at risk like never before. And while attacks impacting cyber-physical systems long have been a growing concern, they are now more likely than ever.

Many of these legacy systems were not designed to co-exist seamlessly in a connected environment. And it will take years before a new generation of connected assets emerges with more natively integrated security processes. In the meantime, how do we introduce cybersecurity capabilities that are missing from many of these newly integrated cyber-physical systems?
 

Discussion topics will explore:

  • Assess the predominant threats to cyber-physical systems today
  • Discuss the biggest cybersecurity gaps, and pinpoint ways in which adversaries are exploiting them
  • Assess the most successful strategies leading enterprises are utilizing to migrate from OT network-centric security, toward cyber-physical systems asset-centric security
  • 05:00 PM
  • 05:59 PM
SIEM and IAM Must have Components of Zero Trust

Internal threats in today's era are complex and crucial in the cybersecurity domain. Understanding dynamic user behavior is challenging too. Traditional sequential and timeline-based methods cannot easily address the complexity of user behaviors. Hence, we need an AI-based report that enables analysts to understand user behavior patterns that result in identification of anomalies. We can strengthen our security further by including access management as the core of zero trust architecture to create a zero trust extended ecosystem.


Discussion Topics will Explore:

  • Fundamentals of SIEM
  • Challenges with traditional securities
  • Threats - How to mitigate both internal and external threats with Zero Trust approach
  • 05:00 PM
  • 05:59 PM
Critical Considerations for DDoS Mitigation

Last June, Cloudflare detected what at the time was the largest distributed denial of service attack on record - 26 million requests per second. Since then, that record has been crushed, and adversaries continue to leverage DDoS attacks for distraction, destruction and as companions to ransomware campaigns.

What are the top trends in both application-layer and network-layer DDoS attacks? What are the ransom attack trends? What are the five critical considerations for mitigating modern DDoS attacks?

Discussion Points will explore:

  • Assess today's top application-layer and network-layer DDoS trends
  • Discuss how DDoS attacks are being leveraged in ransom campaigns
  • Analyze the key considerations between always-on and on-demand DDoS protection
  • 05:00 PM
  • 05:59 PM
Answering the Big Questions About SASE and Zero Trust

Digital business, cloud adoption and a hybrid workforce require security and networking approaches to transform in order to accelerate business growth. The SASE (secure access service edge) model enables this transformation by leveraging the power of the public cloud to simultaneously improve security and user experience. A well architected SASE approach can help organizations accelerate their digital journey by consistently applying zero trust policies for all users, applications and devices, no matter where they may be located.

Gartner forecasts that SASE will be a $15 billion market in Asia-Pacific and Japan by 2025. However, with all the market noise around SASE, it is hard to differentiate between hype and practical outcomes and strategies. But questions remain: What is the business value of a SASE strategy? How to communicate the SASE strategy to the business and board of directors?

Discussion topics will explore:

  • Determine how to leverage SASE for your ZTNA, and which strategies are most advantageous accordingly
  • Debate whether or not all SASE approaches are created equal, if not, determine the key differences between the approaches
  • Analyze how SASE and zero trust can both complement existing security investments and strategies
  • Evaluate key indicators for selecting SASE vendors
  • Discuss the critical steps to complete SASE migration with your partner
  • 05:00 PM
  • 05:59 PM
Financial Services: “Shift Left Done Right!

According to this year's CloudBees Global C-Suite Security Survey, the drive to shift left is having a significant impact on both delivering software and the developer experience overall. Specifically, executives believe that security (75%) and compliance (76%) requirements hinder innovation. Catching problems early and fixing them before they slow the process or get into production is still the ultimate goal of shift left. However, a new approach and mindset are required to deliver on the promise.
 

Discussion topics will explore:

  • Best practices to transform and deliver software at the speed the business demands
  • Evaluate techniques that ensure assets are compliant at every stage
  • Look at how security and compliance teams can change from the “department of slow” to the “department of go”
  • 05:00 PM
  • 05:59 PM
Advancing Threat Intel to Learn the Adversary's Next Move

As cybercriminals continue to target organizations with ransomware, API and DDoS attacks, security professionals are under constant pressure to become highly competent not just in threat prevention, but in detection and response. However they often struggle to understand threats and translate them into actionable countermeasures.

High quality defensive knowledge is scarce, and adversaries continue to take advantage of weak points including misconfigured defenses, poor security architectures, and excessive privileges, further reducing the value of investment in security solutions.

Discussion topics will explore:

  • Discuss how to advance your threat intelligence program, and what strategies are best to proactively achieve this
  • Assess what defensive strategies are most advantageous to predict the adversary's next move

Provide insights on how to improve resiliency and mitigate impact of attacks

Refreshment Break
  • 06:00 PM
  • 06:29 PM
  • 06:30 PM
  • 07:29 PM
Deep Dive Discussions: 10 Topic-Based Intimate Sessions

Meet with security industry leaders in a boardroom setting to converse with peers and gain insight into leading security trends and technology. Participate in one of the following topic-based closed door Deep Dive Discussions.

  • Zero Trust
  • OT
  • Cybercrime
  • Ransomware
  • Fraud
  • IAM
  • Cryptocurrency
  • Payments
  • Critical Infrastructure
  • Incident Response
  • 06:30 PM
  • 07:29 PM
The Future of Ransomware and Evolving Attacks

Adaptations are needed to keep pace with the changing ransomware environment. This panel will address what you should be ready for. They will also debate valid and invalid approaches to minimizing risk -from technology, government and other activities that will influence how organizations can to respond to threats. This panel will:

  • Discuss current trends for ransomware attacks 
  • Look at the impact of the changing environment on insurance premiums
  • Debate whether norms or regulations should dictate payments
  • Address critical strategies and aspects to being successful in defending against attacks       
  • 06:30 PM
  • 07:29 PM
Better Understanding Cloud Security Risks

In just a few years, cloud conversations have gone from theoretical to critical. And with migrations to the cloud ongoing, many enterprises have had to rethink their security approach. In these environments, some practitioners are charged with expending resources to mitigate “high-severity” CVEs – regardless of how a vulnerability may interact with that IT environment. This risk may pale in comparison, for example, to a malware occurrence at the edge that goes unchecked.

A potential lack of visibility into apps, users and network traffic, coupled with alert fatigue, means practitioners may need a clearer view of their environment – before low-and-slow network reconnaissance leads to a potential crypto-locking nightmare. As enterprises mature in the cloud and their technology stacks grow – it becomes increasingly important to quickly detect and respond to vulnerabilities, malware and compromised assets. Network defenders, then, must use “contextual risk” factors to determine their next action items.
 

Discussion topics will explore:

  • Whether or not your organization should be cloud-first, and if this migration is necessary
  • Asses the risk and vulnerabilities’ detection in your cloud environment to mitigate potentially devastating consequences
  • How intertwined cloud security practices are with instances of ransomware, shadow IT or other concerns
  • Analyze the state of cloud security in the near- and long-terms, and what strategies your enterprise is utilizing to evolve accordingly
  • 06:30 PM
  • 07:29 PM
Little Device Big Threat! - IoT Attacks, Vulnerabilities and Prolific Risk

The Internet of Things (IoT) is expanding at a dramatic rate. As we connect our devices to more and more aspects of our daily lives, we are creating a roadmap for invasive listening, hacking and business disruption. Join us to learn more about where IoT is headed and how you can stay safe while still reaping the benefits of a digital world.  This session will illuminate

  • Biggest threats based on trending attacks  
  • Challenges of IoT security based on common vulnerabilities
  • Vulnerabilities caused by new technologies
  • Strategies for securing huge attack surfaces
  • Regulatory and compliance issues rising from third-party partnerships
  • 06:30 PM
  • 07:29 PM
How Malware Helps Bad Actors

Despite your team’s best efforts to defend against cyberattacks, organizations often lack visibility into when employees and consumers fall victim to the most nefarious type of attack - malware infections. Malware-stolen data is highly valuable to bad actors and is a gateway for them to commit fraud and infiltrate corporate networks.

When your users are affected by malware, it’s too late. Once a botnet is installed (like the infamous RedLine Stealer), cybercriminals have already started to siphon critical information such as passwords, financial data, web session cookies, browser autofill details and more. With that data, not even your most sophisticated lines of defense (including MFA) can stop criminals from impersonating your users.

Discussion topics will explore:

  • Analyze the depth of the malware problem and discuss ways your organization is addressing the problem currently
  • Look into the best ways to gain visibility into active infections that can potentially plague your systems
  • Discuss best ways to successfully mitigate the effects of these insidious information stealers with your peers
  • 06:30 PM
  • 07:29 PM
OT Security: Adapting to Evolving Threat and Business Landscapes

Through accelerated digital transformation and hybrid work, our critical infrastructure is at risk like never before. And while attacks impacting cyber-physical systems long have been a growing concern, they are now more likely than ever.

Many of these legacy systems were not designed to co-exist seamlessly in a connected environment. And it will take years before a new generation of connected assets emerges with more natively integrated security processes. In the meantime, how do we introduce cybersecurity capabilities that are missing from many of these newly integrated cyber-physical systems?

Discussion topics will explore:

  • Assess the predominant threats to cyber-physical systems today
  • Discuss the biggest cybersecurity gaps, and pinpoint ways in which adversaries are exploiting them
  • Assess the most successful strategies leading enterprises are utilizing to migrate from OT network-centric security, toward cyber-physical systems asset-centric security
  • 06:30 PM
  • 07:29 PM
SIEM and IAM Must have Components of Zero Trust

Internal threats in today's era are complex and crucial in the cybersecurity domain. Understanding dynamic user behavior is challenging too. Traditional sequential and timeline-based methods cannot easily address the complexity of user behaviors. Hence, we need an AI-based report that enables analysts to understand user behavior patterns that result in identification of anomalies. We can strengthen our security further by including access management as the core of zero trust architecture to create a zero trust extended ecosystem.


Discussion Topics will Explore:

  • Fundamentals of SIEM
  • Challenges with traditional securities
  • Threats - How to mitigate both internal and external threats with Zero Trust approach
  • 06:30 PM
  • 07:29 PM
Financial Services: “Shift Left Done Right!

According to this year's CloudBees Global C-Suite Security Survey, the drive to shift left is having a significant impact on both delivering software and the developer experience overall. Specifically, executives believe that security (75%) and compliance (76%) requirements hinder innovation. Catching problems early and fixing them before they slow the process or get into production is still the ultimate goal of shift left. However, a new approach and mindset are required to deliver on the promise.

Discussion topics will explore:

  • Best practices to transform and deliver software at the speed the business demands
  • Evaluate techniques that ensure assets are compliant at every stage
  • Look at how security and compliance teams can change from the “department of slow” to the “department of go”
  • 06:30 PM
  • 07:29 PM
Answering the Big Questions About SASE and Zero Trust

Digital business, cloud adoption and a hybrid workforce require security and networking approaches to transform in order to accelerate business growth. The SASE (secure access service edge) model enables this transformation by leveraging the power of the public cloud to simultaneously improve security and user experience. A well architected SASE approach can help organizations accelerate their digital journey by consistently applying zero trust policies for all users, applications and devices, no matter where they may be located.

Gartner forecasts that SASE will be a $15 billion market in Asia-Pacific and Japan by 2025. However, with all the market noise around SASE, it is hard to differentiate between hype and practical outcomes and strategies. But questions remain: What is the business value of a SASE strategy? How to communicate the SASE strategy to the business and board of directors?
 

Discussion topics will explore:

  • Determine how to leverage SASE for your ZTNA, and which strategies are most advantageous accordingly
  • Debate whether or not all SASE approaches are created equal, if not, determine the key differences between the approaches
  • Analyze how SASE and zero trust can both complement existing security investments and strategies
  • Evaluate key indicators for selecting SASE vendors
  • Discuss the critical steps to complete SASE migration with your partner
  • 06:30 PM
  • 07:29 PM
Advancing Threat Intel to Learn the Adversary's Next Move

As cybercriminals continue to target organizations with ransomware, API and DDoS attacks, security professionals are under constant pressure to become highly competent not just in threat prevention, but in detection and response. However they often struggle to understand threats and translate them into actionable countermeasures.

High quality defensive knowledge is scarce, and adversaries continue to take advantage of weak points including misconfigured defenses, poor security architectures, and excessive privileges, further reducing the value of investment in security solutions.

Discussion topics will explore:

  • Discuss how to advance your threat intelligence program, and what strategies are best to proactively achieve this
  • Assess what defensive strategies are most advantageous to predict the adversary's next move
  • Provide insights on how to improve resiliency and mitigate impact of attacks

     
  • 06:30 PM
  • 07:29 PM
Critical Considerations for DDoS Mitigation

Last June, Cloudflare detected what at the time was the largest distributed denial of service attack on record - 26 million requests per second. Since then, that record has been crushed, and adversaries continue to leverage DDoS attacks for distraction, destruction and as companions to ransomware campaigns.

What are the top trends in both application-layer and network-layer DDoS attacks? What are the ransom attack trends? What are the five critical considerations for mitigating modern DDoS attacks?

Discussion Points will explore:

  • Assess today's top application-layer and network-layer DDoS trends
  • Discuss how DDoS attacks are being leveraged in ransom campaigns
  • Analyze the key considerations between always-on and on-demand DDoS protection
Closing Comments
  • 07:30 PM
  • 07:59 PM

Kicking off 2023, ISMG Engage Finance addresses the challenges ahead that are constantly evolving and impacting every aspect of our business and personal lives. We will bring together industry leaders and decision-makers to connect and learn from each other’s success, as well as challenges, in an interactive educational environment.
ISMG Engage provides a platform for executives to learn from each other. Join the largest community of security leaders for closed-door ’Deep Dive’ discussions designed to provide engaging insight on the latest threats, technology and solutions to apply in your place of work.

New York, NY
Name :
New York, NY

Samant Nagpal
General Manager and Global Head of Risk
Square
Claire Le Gal
Senior Vice President, Fraud Intelligence, Strategy & Cyber Products
Mastercard
Karen Boyer
SVP Financial Crimes, Fraud Intelligence
M&T Bank
Michael Novinson
Managing Ediitor
ISMG
John Kindervag
Creator of Zero Trust, Senior Vice President, Cybersecurity Strategy, ON2IT Group Fellow
ON2IT Cybersecurity
Kolin Whitley
Head of North America Acceptance Risk
VISA
Arif Hameed
CISO and VP
Munich Re New Ventures
Tom Field
Chief Executive of Editorial
ISMG
Mat Schwartz
Executive Editor
ISMG
Ari Redboard
Head of Legal and Government Affairs
TRM Labs
Troy Leach
Chief Strategy Officer
Cloud Security Alliance
David Pollino
Former CISO
PNC Bank
Matanda Doss
Executive Director, Cybersecurity and Technology Controls, Commerical Bank
JP Morgan Chase & Co
Anna Delaney
Director, ISMG Productions
ISMG
Jeremy Grant
Managing Director-Technology Business Strategy
Venable LLP
Grant Schneider
Senior Director for Cybersecurity services ( Former U.S. federal CISO)
Venable LLP

Adam Evans
Vice President Cyber Operations & CISO
RBC
Fred Harris
Head of Cybersecurity Risk, Data Risk and IT Risk
Societe Generale
AnnaLou Triol
Deputy Director
FinCen
Chris Holden
CISO
Crum & Forster
Kevin Li
CISO
MUFG Securities Americas
Nick Coleman
CSO, Real Time Payments
Mastercard
Rashmi Sahay
Vice President, IT & Cyber Risk Leader 
Bank of the West/BNP Paribas
Michael Sawyer
Head of Technology Controls for Consumer Lending, Credit Cards and Merchant Services and Wealth and Investment Management
Wells Fargo
Parthiv Shah
SVP & CISO
Signature Bank
Rachel Guinto
AVP Global Information Risk Management (L2)
Manulife

View Agenda
Welcome and Keynote Address
  • 04:00 PM
  • 04:44 PM
Networking Break
  • 04:45 PM
  • 04:59 PM
  • 05:00 PM
  • 05:59 PM
Deep Dive Discussions: 10 Topic-Based Intimate Sessions

Meet with security industry leaders in a boardroom setting to converse with peers and gain insight into leading security trends and technology. Participate in one of the following topic-based closed door Deep Dive Discussions.

  • Zero Trust
  • OT
  • Cybercrime
  • Ransomware
  • Fraud
  • IAM
  • Cryptocurrency
  • Payments
  • Critical Infrastructure
  • Incident Response
  • 05:00 PM
  • 05:59 PM
How Malware Helps Bad Actors

Despite your team’s best efforts to defend against cyberattacks, organizations often lack visibility into when employees and consumers fall victim to the most nefarious type of attack - malware infections. Malware-stolen data is highly valuable to bad actors and is a gateway for them to commit fraud and infiltrate corporate networks.

When your users are affected by malware, it’s too late. Once a botnet is installed (like the infamous RedLine Stealer), cybercriminals have already started to siphon critical information such as passwords, financial data, web session cookies, browser autofill details and more. With that data, not even your most sophisticated lines of defense (including MFA) can stop criminals from impersonating your users.

Discussion topics will explore:

  • Analyze the depth of the malware problem and discuss ways your organization is addressing the problem currently
  • Look into the best ways to gain visibility into active infections that can potentially plague your systems
  • Discuss best ways to successfully mitigate the effects of these insidious information stealers with your peers
  • 05:00 PM
  • 05:59 PM
The Future of Ransomware and Evolving Attacks

Adaptations are needed to keep pace with the changing ransomware environment. This panel will address what you should be ready for. They will also debate valid and invalid approaches to minimizing risk -from technology, government and other activities that will influence how organizations can to respond to threats. This panel will:

  • Discuss current trends for ransomware attacks 
  • Look at the impact of the changing environment on insurance premiums
  • Debate whether norms or regulations should dictate payments
  • Address critical strategies and aspects to being successful in defending against attacks       
  • 05:00 PM
  • 05:59 PM
Better Understanding Cloud Security Risks

In just a few years, cloud conversations have gone from theoretical to critical. And with migrations to the cloud ongoing, many enterprises have had to rethink their security approach. In these environments, some practitioners are charged with expending resources to mitigate “high-severity” CVEs – regardless of how a vulnerability may interact with that IT environment. This risk may pale in comparison, for example, to a malware occurrence at the edge that goes unchecked.

A potential lack of visibility into apps, users and network traffic, coupled with alert fatigue, means practitioners may need a clearer view of their environment – before low-and-slow network reconnaissance leads to a potential crypto-locking nightmare. As enterprises mature in the cloud and their technology stacks grow – it becomes increasingly important to quickly detect and respond to vulnerabilities, malware and compromised assets. Network defenders, then, must use “contextual risk” factors to determine their next action items.
 

Discussion topics will explore:

  • Whether or not your organization should be cloud-first, and if this migration is necessary
  • Asses the risk and vulnerabilities’ detection in your cloud environment to mitigate potentially devastating consequences
  • How intertwined cloud security practices are with instances of ransomware, shadow IT or other concerns

Analyze the state of cloud security in the near- and long-terms, and what strategies your enterprise is utilizing to evolve accordingly

  • 05:00 PM
  • 05:59 PM
Little Device Big Threat! - IoT Attacks, Vulnerabilities and Prolific Risk

The Internet of Things (IoT) is expanding at a dramatic rate. As we connect our devices to more and more aspects of our daily lives, we are creating a roadmap for invasive listening, hacking and business disruption. Join us to learn more about where IoT is headed and how you can stay safe while still reaping the benefits of a digital world.  This session will illuminate

  • Biggest threats based on trending attacks  
  • Challenges of IoT security based on common vulnerabilities
  • Vulnerabilities caused by new technologies
  • Strategies for securing huge attack surfaces
  • Regulatory and compliance issues rising from third-party partnerships
  • 05:00 PM
  • 05:59 PM
OT Security: Adapting to Evolving Threat and Business Landscapes

Through accelerated digital transformation and hybrid work, our critical infrastructure is at risk like never before. And while attacks impacting cyber-physical systems long have been a growing concern, they are now more likely than ever.

Many of these legacy systems were not designed to co-exist seamlessly in a connected environment. And it will take years before a new generation of connected assets emerges with more natively integrated security processes. In the meantime, how do we introduce cybersecurity capabilities that are missing from many of these newly integrated cyber-physical systems?
 

Discussion topics will explore:

  • Assess the predominant threats to cyber-physical systems today
  • Discuss the biggest cybersecurity gaps, and pinpoint ways in which adversaries are exploiting them
  • Assess the most successful strategies leading enterprises are utilizing to migrate from OT network-centric security, toward cyber-physical systems asset-centric security
  • 05:00 PM
  • 05:59 PM
SIEM and IAM Must have Components of Zero Trust

Internal threats in today's era are complex and crucial in the cybersecurity domain. Understanding dynamic user behavior is challenging too. Traditional sequential and timeline-based methods cannot easily address the complexity of user behaviors. Hence, we need an AI-based report that enables analysts to understand user behavior patterns that result in identification of anomalies. We can strengthen our security further by including access management as the core of zero trust architecture to create a zero trust extended ecosystem.


Discussion Topics will Explore:

  • Fundamentals of SIEM
  • Challenges with traditional securities
  • Threats - How to mitigate both internal and external threats with Zero Trust approach
  • 05:00 PM
  • 05:59 PM
Critical Considerations for DDoS Mitigation

Last June, Cloudflare detected what at the time was the largest distributed denial of service attack on record - 26 million requests per second. Since then, that record has been crushed, and adversaries continue to leverage DDoS attacks for distraction, destruction and as companions to ransomware campaigns.

What are the top trends in both application-layer and network-layer DDoS attacks? What are the ransom attack trends? What are the five critical considerations for mitigating modern DDoS attacks?

Discussion Points will explore:

  • Assess today's top application-layer and network-layer DDoS trends
  • Discuss how DDoS attacks are being leveraged in ransom campaigns
  • Analyze the key considerations between always-on and on-demand DDoS protection
  • 05:00 PM
  • 05:59 PM
Answering the Big Questions About SASE and Zero Trust

Digital business, cloud adoption and a hybrid workforce require security and networking approaches to transform in order to accelerate business growth. The SASE (secure access service edge) model enables this transformation by leveraging the power of the public cloud to simultaneously improve security and user experience. A well architected SASE approach can help organizations accelerate their digital journey by consistently applying zero trust policies for all users, applications and devices, no matter where they may be located.

Gartner forecasts that SASE will be a $15 billion market in Asia-Pacific and Japan by 2025. However, with all the market noise around SASE, it is hard to differentiate between hype and practical outcomes and strategies. But questions remain: What is the business value of a SASE strategy? How to communicate the SASE strategy to the business and board of directors?

Discussion topics will explore:

  • Determine how to leverage SASE for your ZTNA, and which strategies are most advantageous accordingly
  • Debate whether or not all SASE approaches are created equal, if not, determine the key differences between the approaches
  • Analyze how SASE and zero trust can both complement existing security investments and strategies
  • Evaluate key indicators for selecting SASE vendors
  • Discuss the critical steps to complete SASE migration with your partner
  • 05:00 PM
  • 05:59 PM
Financial Services: “Shift Left Done Right!

According to this year's CloudBees Global C-Suite Security Survey, the drive to shift left is having a significant impact on both delivering software and the developer experience overall. Specifically, executives believe that security (75%) and compliance (76%) requirements hinder innovation. Catching problems early and fixing them before they slow the process or get into production is still the ultimate goal of shift left. However, a new approach and mindset are required to deliver on the promise.
 

Discussion topics will explore:

  • Best practices to transform and deliver software at the speed the business demands
  • Evaluate techniques that ensure assets are compliant at every stage
  • Look at how security and compliance teams can change from the “department of slow” to the “department of go”
  • 05:00 PM
  • 05:59 PM
Advancing Threat Intel to Learn the Adversary's Next Move

As cybercriminals continue to target organizations with ransomware, API and DDoS attacks, security professionals are under constant pressure to become highly competent not just in threat prevention, but in detection and response. However they often struggle to understand threats and translate them into actionable countermeasures.

High quality defensive knowledge is scarce, and adversaries continue to take advantage of weak points including misconfigured defenses, poor security architectures, and excessive privileges, further reducing the value of investment in security solutions.

Discussion topics will explore:

  • Discuss how to advance your threat intelligence program, and what strategies are best to proactively achieve this
  • Assess what defensive strategies are most advantageous to predict the adversary's next move

Provide insights on how to improve resiliency and mitigate impact of attacks

Refreshment Break
  • 06:00 PM
  • 06:29 PM
  • 06:30 PM
  • 07:29 PM
Deep Dive Discussions: 10 Topic-Based Intimate Sessions

Meet with security industry leaders in a boardroom setting to converse with peers and gain insight into leading security trends and technology. Participate in one of the following topic-based closed door Deep Dive Discussions.

  • Zero Trust
  • OT
  • Cybercrime
  • Ransomware
  • Fraud
  • IAM
  • Cryptocurrency
  • Payments
  • Critical Infrastructure
  • Incident Response
  • 06:30 PM
  • 07:29 PM
The Future of Ransomware and Evolving Attacks

Adaptations are needed to keep pace with the changing ransomware environment. This panel will address what you should be ready for. They will also debate valid and invalid approaches to minimizing risk -from technology, government and other activities that will influence how organizations can to respond to threats. This panel will:

  • Discuss current trends for ransomware attacks 
  • Look at the impact of the changing environment on insurance premiums
  • Debate whether norms or regulations should dictate payments
  • Address critical strategies and aspects to being successful in defending against attacks       
  • 06:30 PM
  • 07:29 PM
Better Understanding Cloud Security Risks

In just a few years, cloud conversations have gone from theoretical to critical. And with migrations to the cloud ongoing, many enterprises have had to rethink their security approach. In these environments, some practitioners are charged with expending resources to mitigate “high-severity” CVEs – regardless of how a vulnerability may interact with that IT environment. This risk may pale in comparison, for example, to a malware occurrence at the edge that goes unchecked.

A potential lack of visibility into apps, users and network traffic, coupled with alert fatigue, means practitioners may need a clearer view of their environment – before low-and-slow network reconnaissance leads to a potential crypto-locking nightmare. As enterprises mature in the cloud and their technology stacks grow – it becomes increasingly important to quickly detect and respond to vulnerabilities, malware and compromised assets. Network defenders, then, must use “contextual risk” factors to determine their next action items.
 

Discussion topics will explore:

  • Whether or not your organization should be cloud-first, and if this migration is necessary
  • Asses the risk and vulnerabilities’ detection in your cloud environment to mitigate potentially devastating consequences
  • How intertwined cloud security practices are with instances of ransomware, shadow IT or other concerns
  • Analyze the state of cloud security in the near- and long-terms, and what strategies your enterprise is utilizing to evolve accordingly
  • 06:30 PM
  • 07:29 PM
Little Device Big Threat! - IoT Attacks, Vulnerabilities and Prolific Risk

The Internet of Things (IoT) is expanding at a dramatic rate. As we connect our devices to more and more aspects of our daily lives, we are creating a roadmap for invasive listening, hacking and business disruption. Join us to learn more about where IoT is headed and how you can stay safe while still reaping the benefits of a digital world.  This session will illuminate

  • Biggest threats based on trending attacks  
  • Challenges of IoT security based on common vulnerabilities
  • Vulnerabilities caused by new technologies
  • Strategies for securing huge attack surfaces
  • Regulatory and compliance issues rising from third-party partnerships
  • 06:30 PM
  • 07:29 PM
How Malware Helps Bad Actors

Despite your team’s best efforts to defend against cyberattacks, organizations often lack visibility into when employees and consumers fall victim to the most nefarious type of attack - malware infections. Malware-stolen data is highly valuable to bad actors and is a gateway for them to commit fraud and infiltrate corporate networks.

When your users are affected by malware, it’s too late. Once a botnet is installed (like the infamous RedLine Stealer), cybercriminals have already started to siphon critical information such as passwords, financial data, web session cookies, browser autofill details and more. With that data, not even your most sophisticated lines of defense (including MFA) can stop criminals from impersonating your users.

Discussion topics will explore:

  • Analyze the depth of the malware problem and discuss ways your organization is addressing the problem currently
  • Look into the best ways to gain visibility into active infections that can potentially plague your systems
  • Discuss best ways to successfully mitigate the effects of these insidious information stealers with your peers
  • 06:30 PM
  • 07:29 PM
OT Security: Adapting to Evolving Threat and Business Landscapes

Through accelerated digital transformation and hybrid work, our critical infrastructure is at risk like never before. And while attacks impacting cyber-physical systems long have been a growing concern, they are now more likely than ever.

Many of these legacy systems were not designed to co-exist seamlessly in a connected environment. And it will take years before a new generation of connected assets emerges with more natively integrated security processes. In the meantime, how do we introduce cybersecurity capabilities that are missing from many of these newly integrated cyber-physical systems?

Discussion topics will explore:

  • Assess the predominant threats to cyber-physical systems today
  • Discuss the biggest cybersecurity gaps, and pinpoint ways in which adversaries are exploiting them
  • Assess the most successful strategies leading enterprises are utilizing to migrate from OT network-centric security, toward cyber-physical systems asset-centric security
  • 06:30 PM
  • 07:29 PM
SIEM and IAM Must have Components of Zero Trust

Internal threats in today's era are complex and crucial in the cybersecurity domain. Understanding dynamic user behavior is challenging too. Traditional sequential and timeline-based methods cannot easily address the complexity of user behaviors. Hence, we need an AI-based report that enables analysts to understand user behavior patterns that result in identification of anomalies. We can strengthen our security further by including access management as the core of zero trust architecture to create a zero trust extended ecosystem.


Discussion Topics will Explore:

  • Fundamentals of SIEM
  • Challenges with traditional securities
  • Threats - How to mitigate both internal and external threats with Zero Trust approach
  • 06:30 PM
  • 07:29 PM
Financial Services: “Shift Left Done Right!

According to this year's CloudBees Global C-Suite Security Survey, the drive to shift left is having a significant impact on both delivering software and the developer experience overall. Specifically, executives believe that security (75%) and compliance (76%) requirements hinder innovation. Catching problems early and fixing them before they slow the process or get into production is still the ultimate goal of shift left. However, a new approach and mindset are required to deliver on the promise.

Discussion topics will explore:

  • Best practices to transform and deliver software at the speed the business demands
  • Evaluate techniques that ensure assets are compliant at every stage
  • Look at how security and compliance teams can change from the “department of slow” to the “department of go”
  • 06:30 PM
  • 07:29 PM
Answering the Big Questions About SASE and Zero Trust

Digital business, cloud adoption and a hybrid workforce require security and networking approaches to transform in order to accelerate business growth. The SASE (secure access service edge) model enables this transformation by leveraging the power of the public cloud to simultaneously improve security and user experience. A well architected SASE approach can help organizations accelerate their digital journey by consistently applying zero trust policies for all users, applications and devices, no matter where they may be located.

Gartner forecasts that SASE will be a $15 billion market in Asia-Pacific and Japan by 2025. However, with all the market noise around SASE, it is hard to differentiate between hype and practical outcomes and strategies. But questions remain: What is the business value of a SASE strategy? How to communicate the SASE strategy to the business and board of directors?
 

Discussion topics will explore:

  • Determine how to leverage SASE for your ZTNA, and which strategies are most advantageous accordingly
  • Debate whether or not all SASE approaches are created equal, if not, determine the key differences between the approaches
  • Analyze how SASE and zero trust can both complement existing security investments and strategies
  • Evaluate key indicators for selecting SASE vendors
  • Discuss the critical steps to complete SASE migration with your partner
  • 06:30 PM
  • 07:29 PM
Advancing Threat Intel to Learn the Adversary's Next Move

As cybercriminals continue to target organizations with ransomware, API and DDoS attacks, security professionals are under constant pressure to become highly competent not just in threat prevention, but in detection and response. However they often struggle to understand threats and translate them into actionable countermeasures.

High quality defensive knowledge is scarce, and adversaries continue to take advantage of weak points including misconfigured defenses, poor security architectures, and excessive privileges, further reducing the value of investment in security solutions.

Discussion topics will explore:

  • Discuss how to advance your threat intelligence program, and what strategies are best to proactively achieve this
  • Assess what defensive strategies are most advantageous to predict the adversary's next move
  • Provide insights on how to improve resiliency and mitigate impact of attacks

     
  • 06:30 PM
  • 07:29 PM
Critical Considerations for DDoS Mitigation

Last June, Cloudflare detected what at the time was the largest distributed denial of service attack on record - 26 million requests per second. Since then, that record has been crushed, and adversaries continue to leverage DDoS attacks for distraction, destruction and as companions to ransomware campaigns.

What are the top trends in both application-layer and network-layer DDoS attacks? What are the ransom attack trends? What are the five critical considerations for mitigating modern DDoS attacks?

Discussion Points will explore:

  • Assess today's top application-layer and network-layer DDoS trends
  • Discuss how DDoS attacks are being leveraged in ransom campaigns
  • Analyze the key considerations between always-on and on-demand DDoS protection
Closing Comments
  • 07:30 PM
  • 07:59 PM

Speaker Interviews

February 16, 2023

ISMG Engage - Finance