We have been hearing about digital transformation for some time. Your business could be looking to reduce the cost or thinking about agility and swiftly bringing your services to market.

Many of us are on a similar journey! New terms, new architectures, confusing statements, and more security technologies are afoot. And, of course, we have to confront our capacity to deliver on these technologies whilst ensuring information remains secure as best as we can.

Brendan will explain how we can help your team determine risk, build secure applications, monitor threats and evolve to automated remediation on any workload or asset, whether on-premise, hybrid or cloud-centric. 

The daunting task for CISOs today is to turn today’s threats into tomorrow’s advantage. The tool that most security leaders are leaning on is the XDR to build resilient, dynamic, and living security.  You could argue that true XDR can bring material benefit, but only if it combines different detection capabilities directly at the data source (network and endpoint)? However, the security promise of XDR would ensure detection, response, and adaptive prevention.   

The session will cover:  

• How XDR will drive enhanced detection and response with improved security operations  
• Improved network and endpoint visibility and remediation capabilities  
• Understand the critical components of the XDR puzzle and integration with the technologies 

Banks in the ASEAN have seen their customers targeted by social engineering frauds. New fraudulent methods are bypassing Web application firewalls and multi-factor authentication security controls. 

This session will cover:

• How are fraudsters leveraging automated bots, MFA bypass toolkits, and social engineering methods to evade traditional banking controls?
• How with F5's AI and behavior telemetry an ASEAN Bank could protect customers whose credentials & OTP were stolen via social engineering and smishing.
• Pitfalls in the use of AI with the network and security convergence

The challenge for CISOs in their digital transformation journey is to understand the right technologies required for their business and how do you secure those endpoints that are going to expand. The question would arise on what you need to focus on endpoint security that could protect all access points which are vulnerable to cyber criminals to breach your network.

The session will cover:

• Endpoint security for 2022 – How do you need to predict and protect
•  Knowing what’s connected to your network, despite ever expanding endpoints
•  Establishing sustainable security with the growth in endpoints for detection and response.

Organizations believe that cloud computing brings a whole new level of autonomy and functionality, besides enhancing performance, agility, productivity and scalability. The pandemic has created the urgency for enterprises to move to cloud and enterprises are in a race to adopt the ‘cloud-first’ strategy to optimize the IT spend and secure their hybrid work environment.   

CISO are tasked with building a cloud-first security strategy and mitigating risks arising with this.  

The session will cover:  

• Cloud migration and its bottle necks 
• A holistic approach to cloud security and compliance  
• Governance and risk 

The region has witnessed the most prominent organizations hitting the headlines. It is beyond doubt that organizations have a huge staff and a myriad of cybersecurity tools to secure their environment; yet, they were still breached. The current approach is insufficient, and the deployed technologies don’t provide the necessary intel to detect the blind spots. 

It is imperative to assess the effectiveness of the cyber threat intelligence program, and building a business case is essential in driving actionable threat intelligence. 

• Understanding what cyber threat intelligence gives to an organization 
• Reasons for taking a risk-based approach 
• Using technologies and integration to drive actionable threat intelligence

Building relationships with business unit leaders and driving a practical risk-based discussion with the board is critical in making informed risk decisions.  
The daunting task for CISOs is the uncertainty around the reporting of significant risks, including just what represents a 'significant' risk, which challenges many organizations today. Can you question the management and boards regarding how strategy affects risk and vice versa and their best approach to risk and discuss risk management in a meaningful and productive way?  

The session will cover:     

• Criteria for integrating risk information into decision making  
• Educating and evaluating of board members to measure strategic decisions on a risk parameter  
• Use case scenario to understand risk appetite and value at risk 

The popular SolarWinds hack, the supply chain attack that implanted a backdoor in the Orion network monitoring software pushed to 18,000 of the firm's customers, is considered to be potentially the most significant intrusion in our history.  
The campaign's full scale, including all of the tactics, techniques and procedures being used by attackers remaining unknown, has left most enterprises across the regions in a state of shock. 
What are the lessons the CISOs need to learn from this attack? Do you have a process to evaluate your vendor's security policies and frameworks? 

The session will cover:

• How should the risk framework of supply chain vendors evolve;
• The risks posed by different kinds of vendors;
• Defining security by design approach while evaluating the third-party products.

As Russia and Ukraine invasions are making the headlines, organizations across the globe are facing a series of DDoS attacks. Besides, new forms of malware intrusions are surfacing that can destroy infected machines. How are organizations in the South East Asian regions responding to DDoS attacks? How vulnerable are financial institutions to DDoS attacks? 

The session will cover: 

• How to strengthen your defenses against DDoS? 
• Managing your risk exposure 
• Attribution to the DDoS attacks 

Where does the journey to ‘zero trust’ begin and what are the common entry points and how can it unfold. Experts agree that ‘zero trust’ is based on the premise, ‘assume breach’, and treat every asset as breached, and all traffic as hostile.   
The plenary session will discuss how the way we approach security has changed dramatically as security perimeters have dissolved and assess the maturity of ‘zero trust’ state with a realistic look at security and its dependencies with other functions in securing the future work environment.  

Most OT systems are designed with very little consideration for security. With increased cyber risk in this new digital transformation era, any approach to bridge the IT and OT divide is mission-critical for enterprise security.  As a CISO, can you reduce risk, security, and risk management functions silos to bridge the security gaps?  Can you deploy the suitable asset inventory methods and map the IT/OT risks?   

This session will cover:   

• Building complete visibility and monitoring of your IT and OT assets with the right access control   
• Integrating OT threat monitoring into SoC for threat detection  
• Essential steps to establish OT security 

With the risks from third-parties escalating at a fast pace, enterprises across Southeast Asia are leaning towards SOC2, (Systems and Organization Controls) an audit procedure that ensures services providers securely manage their data and establish privacy and controls. How should CISOs comply with this standard as organizations move to the cloud and take up the digital transformation journey?

The session will cover: 

• Why is SOC 2 important and how to integrate it with your ISO standard framework 
• Establishing third party security using SOC 2 
• Essential steps for CISOs in complying with the standard