Session 2538 - Outpacing the Adversary: Detection and Containment at Speed/Scale
Date/Time: Monday, September 12, 2016: 3:15PM – 4:15PM
Room: W101B
Speaker - Eric (Egon) Rinderer, CISSP, Senior Director - Federal, Tanium
History has taught us some very bad habits when it comes to incident response in our enterprise. The vast majority of systems are based on the collection, aggregation and post-mortem analysis of data in order to coax out useful information. The reality is that this always keeps us in a following position relative to our adversary. Sufficient technology exists to allow us to outpace the adversary but requires us to re-think our methods, tactics, techniques and procedures since they are all based on assumed latency. A sample tools platform for such real-time response at any scale will demonstrate how the outcome changes when the adversary no longer holds the high ground.
Session 2330 - Information Sharing within a Secure Cloud Environment
Date/time: Monday, September 12, 2016: 4:30 PM-5:30 PM
Room: W103AB Speaker - Dr. David Bouvin, Professor, Capella University Information sharing is critically important within a competitive business environment. The successful sharing of information requires the proper protection of data, management of information, and acquisition of knowledge. In a competitive business environment, effective managers will be able to acquire, access, leverage, and protect information on a continuous basis. Additionally, data analysis and information management steps will need to occur via a cloud environment throughout the entire global marketplace. The proper utilization and protection of data, information, and knowledge can improve managerial decision making and the overall competitiveness of an organization.
Session 3136 - Scanners Are Dead
Date/Time: Tuesday, September 13, 2016 11:00am - 12:00pm
Speaker - Nish Bhalla, CEO/Founder, Security Compass
Many application security teams scramble to pinpoint vulnerabilities and flaws during the testing and release stages while managing limited security resources, a multitude of compliance regulations and surprise feature requests. Although these teams are trying to follow the right application security practices, they're being left in the dark, over-worked and most importantly applications are being shipped with fragmented security. The common denominator we have experienced with our customers is reliance on dynamic and static testing tools during the final stages of the lifecycle, ignoring the benefits of building security in during the first stage of the software development lifecycle: Requirements.
Session 3438 - Ransomware Doesn’t Mean Game Over
Date/Time: Tuesday, September 13, 2016 - 3:15pm - 4:15pm
Speaker - Adam Kujawa, CEH, MCTS, Linux+, CREA, GREM, Head of Malware Intelligence, Malwarebytes
Many organizations believe that the incident response (IR) process begins when someone (or some tool) detects anomalous activity. At this point, teams spring into action to track down the intruder and remove them from the environment, at which point business as usual can resume. In reality, the first step of IR is incident planning. Knowing what will be done, by whom and in what time frame, as well as making the business-as-usual environment one where responders have access to the information they need in a timely manner, is crucial to any organization's successful response.
Session 3331 – NextGen Endpoint For Dummies – Tech Survey & Decision Guide
Date/Time: Tuesday, September 13, 2016: 3:15 PM-4:15 PM
Room: W105AB Speaker - Atif Ghauri, CTO, Herjavec Group
From the demise of conventional signature-based endpoint technologies have risen next generation solutions. These technologies have cluttered the marketplace introducing a conundrum for endpoint selection. This session will focus on the key requirements for effective security prevention, detection, and remediation. It will introduce a real-world framework for categorizing endpoint capabilities, and enable selection of solutions matching the unmet needs of security programs.
The following topics will be covered:
• What do i actually need?
• Real-world framework to categorize endpoint capabilities
• Map vendors into buckets within the framework
• Housekeeping, what's needed before you even start?
• Cheat sheet of probing questions to ask vendors
• Best practices of deploying best of breed solutions
Session 3532 – Anatomy of a Ransomware Attack Date:/Time: Tuesday, September 13, 2016: 3:15 PM-4:15 PM
Room: W102A
Speaker - Barry Shteiman, Director of Threat Research, Exabeam
Ransomware is currently one of the most disruptive security challenges for enterprises. As it moves from an individual employee’s PC to the corporate network, the impact can be significant. Despite much research, most security firms and analysts don’t have a good idea of how a piece of ransomware actually operates, i.e. what is affected and when, what signals to look for, etc. Exabeam researchers have detonated nearly 100 strains of ransomware in the labs and produced a detailed analysis of how a ransomware attack actually unfolds, and how an organization might respond.
Session 3433 – Why Targeting is the Next Big Trend in Attacks
Room: W104AB
Speaker - Dr. Lance Cottrell, Chief Scientist, Ntrepid Corp.
While we will never see the end of generalized mass attacks, the real damage is being done through highly targeted attacks. In discussing why targeted attacks are so effective and economically advantageous to the attacker, we'll learn why that trend is likely to continue. Timely case studies of targeted and integrated attacks will contribute to understanding the trade-offs for the adversaries. Some suggestions for countermeasures against this strategy will be provided.
Session 3435 – Translating CyberRisk to Financial Risk: Quantifying Impact in Dollars
Room: W108B
Speakers - Julian Waits, President & CEO, PivotPoint Risk Analytics: David Shearer, CEO, (ISC
Information security professionals need to be capable of speaking with colleagues, especially at the C and board levels, about security issues in business terms rather than technical terms. The need to change cyber security from a technical discussion to a business discussion has long been clear. Information Security professionals should be prepared to answer, “how much could our organization lose to cyber incidents over the next year and to what extent will proposed security investments reduce the risk of financial loss?” This session will demonstrate how by using Cyber Value-at-Risk modeling. Cyber Value-at-Risk modeling can be used to quantify your organization’s financial risk exposure to cyber-attacks in dollars and cents.
Session 3437 – Misuse Cases: Requirements with a Different View
Room: W101A
Speaker - Greg Sternberg, CISSP, Enterprise Security Architect, Sungard Availability Services Security requirements generally tend to be either too broad (product should be secure) or too specific (PII in NIST Special Publication 800-122 defines PII). But an even bigger concern is that security requirements often lack a connection with the business (all data must be encrypted) and may even be anti-business (increase password length to 16). Misuse cases put security requirements into a business context by communicating potential risks to the stakeholders. They help teams understand the rationale behind them and why they are needed. Utilizing misuse cases also helps integrate security into the project life cycle by starting at the requirements phase (or even earlier!) and enabling the development of cohesive test cases.
Session 4133 – Security Operations in a Multi-Cloud World
Date/Time: Wednesday, September 14, 2016: 11:00 AM-12:00 PM
Speaker - Jarret Raim, Director of Strategy, Rackspace
As the Cloud matures and organizations become more comfortable in using it, more and more companies are finding themselves in the business of using a variety of platforms to achieve business objectives. From dedicated environments through virtualization platforms like VMWare, Hyper-V and OpenStack to public cloud platforms like AWS and Azure, security organizations are being asked to manage these platforms with a single operation. As a managed service provider for the world’s leading cloud technologies, Rackspace helps customers manage this transition successfully. In this talk, we’ll investigate the type of security operation that can be successful in this mission.