Interop Las Vegas logo

Dark Reading Cyber Security Summit - May 2 and 3

Sponsored by:

watchguard cylance

Everything you need to know about today’s IT security challenges – but were afraid to ask

Anthem. OPM. LastPass. The list goes on – every day, your IT organization is abuzz with news of new hacks, breaches, and vulnerabilities that are coming to light in the media. And every day, your top executives worry that your organization might be next. It’s up to you, the IT professional, to participate in these discussions and answer key questions about today’s threats.

But do you really know everything you should about the current cyber security environment? Can you intelligently discuss the latest breaches, vulnerabilities, and emerging threats? Do you know about the most critical dangers in specific areas of IT, such as cloud environments and mobile systems? Most importantly, do you know what to do when your organization is compromised?

In this two-day Interop event, the Dark Reading team and a group of top cyber security experts will offer a crash course in what you need to know about data security and the dangers faced by your organization. You’ll get “speed reads” on each key area of security that address the essential elements your organization should know about cyber defense, as well as an overview of the latest exploits. You'll get insight on how to detect a compromise of your IT environment, and recommendations on how to respond. Best of all, you’ll have an opportunity to ask the experts the key questions you must answer in your environment – in a supportive, collegial setting where there are no dumb questions.

What You’ll Learn

  • What are the chief cyber threats that your organization should focus on?
  • How can you measure your security posture and the risk you currently face?
  • How can you minimize the security impact of mobile devices in the enterprise?
  • Are cloud services safe?
  • What are the best ways to prevent insiders from leaking critical information?
  • What should you do if you suspect a major compromise of your data?
  • Who are the cyber bad guys and why do they want to attack your organization?
  • And much more!


Who Should Attend

  • IT professionals who want to know more about security
  • CIOs / CTOs
  • Security professionals who want a fast, comprehensive update on the latest threats
  • IT and operations professionals who must answer questions about security posture
  • Business and IT people who want to contribute to the security conversation

Agenda


7:30-8:30am | Networking Breakfast

8:30-9:15am Opening Address: The State of the Enterprise Security Department (Tim Wilson & Sara Peters, Dark Reading)
Thanks to a plethora of major – and very public – data breaches, security has become one of the most critical issues in IT. What are the chief threats that security departments face, and what are they doing about them? What are today's top priorities for security professionals? This session will include data from two recent surveys of IT and security executives.

9:15-9:30am | Lightning Talk 1

9:30-10:15am Securing Your Enterprise Infrastructure (Drew Vanover, Blue Coat)
As enterprises add new networking capabilities, SDN, and virtualized server environments, the risks they face are changing as well. In this informative session, a top expert on infrastructure security will discuss the latest threats to networks and servers and how your organization can mitigate them.

10:15-10:30am | Coffee Break

10:30-11:15am | Protecting Your Data In the Cloud (Rich Mogull, Securosis)
Cloud computing services and technology offer a level of efficiency and cost savings that most enterprises simply can’t pass up. But does the growing use of cloud technology create a growing threat to enterprise data? How can IT organizations track and secure data as it travels through the cloud? In this session, a cloud security expert will discuss the key danger points in cloud computing and the latest technologies and practices for cloud security.

11:15am-12:00pm | Endpoints and End Users – Strengthening Your Weakest Links (Michele Fincher, Social-Engineer)
Most major data breaches start with the compromise of a single endpoint – a PC, a mobile device, a user who unwittingly gives up credentials. What can your organization to protect its endpoints? How can you create and enforce end user policies that protect your corporate data? In this session, a top expert discusses how endpoints and end users are most frequently compromised – and how to keep your end users from falling victim.

12:00-1:15pm Networking Lunch 
 
1:15-2:00pm | The Real Risks of Mobile Technology In the Enterprise (Andrew Blaich, Lookout)
Everyone is saying that the introduction of mobile devices and bring-your-own-device (BYOD) policies is a security risk to the enterprise. But exactly where do those risks come from? In this session, a top expert will debunk some of the myths about mobile security while raising up some threats and vulnerabilities you may not know about.

2:00-2:15pm | Coffee Break

2:15-3:00pm | Insider Threats and Preventing Data Leaks (Randy Trzeciak, CERT)
Major data leaks such as Edward Snowden’s release of NSA data and the dump of military data on WikiLeaks are only the tip of the insider threat iceberg. Every day, enterprises face the threat of losing valuable insider information – not only through malicious leaks but through unintentional, accidental violations of security rules that lead to exposure of critical information. How can organizations spot the signs of a data leak and stop it before it goes too far? How can IT help prevent accidental leaks of sensitive data? A top expert offers some essential advice on stopping data loss from within.

3:00-3:15pm | Lightning Talk: Cyber Kill Chain in Practice by Watchguard (Marc Laliberte, Watchguard)
Have you ever wondered how you easily a computer can become infected by malware or completely taken over by a cybercriminal? In this live hack, an information security professional will use a Cross-Site Scripting (CSS) attack to gain remote access to a vulnerable client. This session will finish with practical examples showing how your network perimeter can stop this type of attack at different stages of the Cyber Kill Chain model.

3:15-4:00pm Finding and Fixing Application Security Vulnerabilities (Chris Eng, Veracode)
Customer databases, enterprise applications, Big Data – the keys to your enterprise’s kingdom lie in its applications. But application security is often overlooked, both by software manufacturers and by internal development teams. What steps can your organization take to find and repair application vulnerabilities – before your attackers discover them? A top applications security expert discusses key practices for scanning and securing applications, as well as offering some insight on how to improve security in your software development organization.

4:00-4:45pm Monitoring and Measuring Enterprise Security Posture (Rafal Los, Optiv)
Over the years, most enterprises have acquired a plethora of tools to detect and/or block security threats. But how can organizations monitor these tools to detect potential threats and measure the security posture of the enterprise? In this session, a top expert on security monitoring will offer some advice on how to monitor and report on an enterprise's security posture, and how to use the data from multiple security systems to track down sophisticated threats.

4:45-6:00pm | Cocktail Reception

7:30-8:30am Networking Breakfast

8:30-9:15am | Day 2 Opening Address: The Impact of a Data Breach
To understand the cyber risk your organization faces, you need to understand the likelihood of a breach – and its potential cost. In this session, a top expert discusses the many – and sometimes hidden – costs of a data breach, including its impact on customers and end users. You'll also get insight on the frequency of data breaches, and a better understanding of how likely it is to happen to you.

9:15-9:30am | Lightning Talk 3 (Stuart McClure, Cylance)

9:30-10:15am Who Are the Bad Guys? Cyber Criminals and Their Motivations (Chris Scott, Crowdstrike)
Another key element in assessing risk is assessing your attractiveness as a target. Today's cyber attackers range from financially-motivated criminals to politically-motivated hacktivists to state-sponsored information-gathering hacker units. This session offers a look at the different types of cyber attackers, their methods, and their motivations.

10:15-10:30am | Coffee Break

10:30-11:15am | Developing and Testing an Effective Incident Response Program (Andy Jordan, Bishop Fox)
If your organization doesn't have a plan for handling a major data breach, you're already in trouble. In order to swiftly and effectively respond to a cyber compromise, you must develop a program for first response in the data center, and downstream response in the business units and in the public eye. This session offers some guidance on how to build an incident response plan, and how to test and practice that plan so that you're ready for the real thing.

11:15am-12:00pm | Detecting and Mitigating Targeted and Sophisticated Attacks (Gunter Ollmann, Vectra Networks)
In the past, most cyber attack campaigns were primarily random, and they simply exploited the most vulnerable systems they could find. Today, however, there is an increasing number of sophisticated attacks that target specific companies, data, or even employees. These attacks are often extremely well-disguised and may escape the security tools that most enterprises use to screen out more random attacks. What tools and defenses are there to prevent targeted attacks on your organization? In this session, you will hear about the latest types of targeted attacks and what your enterprise can do to stop them.

12:00-1:15pm | Networking Lunch

1:15-2:00pm | Collecting and Using Threat Intelligence Data (Bhaskar Karambelkar, ThreatConnect)
The good news in IT security is that there is a growing list of resources and services that can inform you on the latest threats in cyber space and the criticality of each. The bad news is that with so many sources and so much data, using threat intelligence to improve your cyber defenses can be a bewildering process. In this session, you'll get a look at some of the different types of threat intelligence data, and you'll get advice on how to choose the right ones – and integrate the information to improve your defenses.

2:00-2:15pm | Coffee Break

2:15-3:00pm | Finding and Fixing Security Issues In Your Electronic Supply Chain (Peter Gregory, Optiv)
As organizations such as Target have discovered, cyber attackers sometimes attack indirectly, through suppliers, contractors, and customers that have access to your systems. But how can you ensure that third parties are keeping their own systems secure – and are not providing an avenue of compromise for your data? How should you work with your partners in the event of a security incident? In this session, our speaker discusses the methods you can use to vet your suppliers’ security -- and how to work with your partners if a compromise is found.

3:00-3:15pm | Lightning Talk 4

3:15-4:00pm | Understanding, Measuring, and Predicting Cyber Security Risk (John Pironti, IP Architects)
For many organizations, making the right business decisions means making the right decisions about risk. But the risk of a cyber breach is one of the hardest variables to measure. In this session, you'll get insight on how to evaluate cyber risk, and how to perform "what if" scenarios to help your business decision makers arrive at the right choices.

4:00-4:45pm | Cyber Insurance: Does It Really Work? (David Bradford, Advisen)
One of the ways that today's enterprises are minimizing cyber security risk is by buying cyber insurance, which promises to pay them back for the costs of a major data security breach. But how much does cyber insurance cost? And what does it pay in the event of a major compromise? In this session, an expert on cyber insurance will discuss the strengths and weaknesses of cyber insurance policies – and the hidden costs that it may not cover.

Summit Leader


Tim Wilson

Editor in Chief and Co-Founder of DarkReading.com

Tim Wilson is Editor in Chief and Co-Founder of DarkReading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one of the top cyber security journalists in the US in voting among his peers, conducted by the SANS Institute. In 2011 he was named one of the 50 Most Powerful Voices in Security by SYS-CON Media. Find Tim on Twitter: @darkreadingtim.