Virtual Summit
New York City Virtual Cybersecurity Summit 2020
The New York City Virtual Cybersecurity Summit is a new way to connect with like-minded executives, innovative solutions providers, experts and luminaries. With a shared interest in security innovation in the region, summit attendees have a lot to talk about in the live, immersive virtual experience.
Date
Wed. Aug 19 — Thu. Aug 20
Event Schedule
-
Continuous Vulnerability Management: Striving for a 14-Day SLA 9:20 am
Presented by Ivanti
The importance of having a continuous vulnerability management process as part of an overall security program such as that provided by the CIS controls framework.
When threat actors exploit weaknesses in an organization’s IT infrastructure, the consequences can be devastating to productivity, reputation, and financially. Without treating cybersecurity as an ongoing process, hackers can find, weaponize, deploy, and attack your infrastructure faster than your team can patch the vulnerability leaving your infrastructure unprotected. Your systems may be secure today, but next week, a cybersecurity criminal may discover and exploit a critical vulnerability in your environment. Join us as we discuss how continuous vulnerability management can be executed effectively.
Speaker:
-
Credential Harvesting as a Service: How This Dark Web Organization Steals Your Microsoft Credentials Presentation 9:40 am
Presented by Avanan
In this presentation, we will analyze the attack methods of a single advanced persistent threat organization that guarantees its dark-web customers that their messages will bypass Microsoft security. We will review the software they use to send email from anywhere in the world, their techniques that take advantage of both short- and long-lived vulnerabilities and the infrastructure to harvest credentials and perform attacks almost instantaneously. You will be surprised by the sophistication of the tools as well as their ease of use. Updated regularly with release notes and training videos, they are not ‘hackers’, so much as software developers with a very clear product offer: 100% access to your inbox. We will watch them over time and show how the tricks they use provide us with the indicators-of-attack we need to stop them.
Speaker:
-
Threat Hunting & Modern Security: 3 Fundamental Flaws 10:30 am
Presented by CriticalStart
Security Operations is a discipline continuously evolving – with the evolution of tools and processes , there are still 3 fundamental flaws that exist with Modern Security Operations. We will examine 3 specific flaws of modern security operations:
- Risk Acceptance
- SOC Alert Overload
- Inability to mitigate all Zero-Day Attacks.
We will start the discussion with a quick SOC capacity expertise, review in detail the 3 fundamental security flaws, revisit the math from the SOC capacity exercise to understand “what is being missed based upon my current capacity?” We will also cover costs to the business for associated with these flaws and wrap up with some suggestions for mitigation.
Speaker:
-
Introduction to Risk-Based Vulnerability Management 10:50 am
Presented by Kenna Security
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix one in 10 of those vulnerabilities.
But as a security executive you still need to keep your organization secure, so how do you do that when you can’t possibly fix all of your vulnerabilities? The answer is to focus on your highest-risk vulnerabilities first.
Join Kenna Security’s CTO and Co-Founder Ed Bellis as he:
- Reviews what years of research into vulnerability management data uncovered about the scope of the challenge
- Details the findings on how risk-based is the way to get ahead in vulnerability management
- Lays out several factors that drive better remediation performance
- Provides steps for setting up a successful risk-based vulnerability management program
Speaker:
- Lunch Break
-
The USSS’ Current Posture During the COVID-19 Pandemic 12:10 pm
Presented by United States Secret Service
Tom will discuss the USSS’ current posture during the COVID19 pandemic. He will discuss how the pandemic, and the current telework posture of the majority of the private and public workforce has had on effect on criminal activity, cyber hygiene, and the incident response process. He will discuss the continued importance of having a relationship with federal law enforcement and the need for timely reporting of incidents and events, especially if the incident involves the loss of money through U.S. and International financial systems.
Speaker:
-
Shifting PAM into High Gear with Zero Standing Privilege (ZSP) 1:05 pm
Presented by Remediant
Zero Standing Privilege (PAM) was a new term introduced in 2019 and might just be the best approach to shift your PAM strategy into high gear. In this short presentation, we’ll discuss how PAM projects were managed historically and highlight a new PAM approach to reduce the impact of compromised admin credentials.
Do you know what admin credentials exist today or even how they change over time in your organization? This is just one of several challenges we’ll discuss, offer a solution and discuss the need and value of frequent scanning of admin rights, reporting on current standing privileges and the adoption of a ZSP and Just-In-Time administration.
So, if you’re looking for quick wins in PAM, including removing local admin rights and support for DevOps+PAM use cases, join the discussion and learn how other organizations like yours have succeeded.
Speaker:
-
Get Rich Quick with Ransomware! A Lazy Hacker’s Perspective for Enterprises 1:25 pm
Presented by Axis Security
Think Ransomware isn’t for you? In this enlightening talk, Gil Azrielant, co-founder of Axis Security, will quickly discuss the business opportunities, the technologies, the industry and the mechanics attracting hackers the world over to ransomware. In the process Gil will reveal how some enterprises can use new technologies to defend themselves against attack.
Speaker:
-
Deciphering SOC 2 Compliance in Cloud-Native Environments 2:15 pm
Presented by Capsule8
How did a fairly straightforward endeavor – an IT audit – become that monster under the bed?
Compliance projects all too often feel a massive box checking exercise. You may be pulling staff and co-workers into a vast abyss, mapping arcane compliance controls, deciphering audit speak, all to hopefully pass an audit and maybe shore up security. So how can you, the IT experts, quickly tease out the essence of what an auditor needs to give them confidence that you have passed an audit?
In this presentation we will use the example of a SOC 2 Type 1 audit in a cloud-native environment to demystify all of the dots, dashes and control numbers, giving you a high level roadmap of key elements required to pass your own SOC 2 audit regardless of where you are on your cloud native or compliance journey.
Speaker:
-
Three Things You Need to Know About New CCPA Regulations 2:35 pm
Presented by Spirion
This presentation describes the many cyber security requirements of the California Consumer Privacy Act. Included is an analysis of additional requirements recently published by the California Attorney General.
On March 11, 2020, the California Attorney General issued another set of revisions to the California Consumer Privacy Act of 2018 regulations. Updates include guidance on IP addresses, privacy policy disclosures, and denying deletion requests. While the regulations address many questions, they still leave much unanswered, and privacy/security professionals need clarity ahead of the July 1, 2020 compliance deadline. In this interactive presentation, a data protection industry veteran will offer perspective on the Regulations and three ways professionals can hedge their compliance bets ahead of the deadline. Takeaways include:
- Understand the most pressing elements of the Regulations
- Learn how to prioritize and rationalize your compliance efforts
- How to leverage your efforts in advance of CCPA 2.0
Speaker:
- Q&A - AI & ML in Cybersecurity: Can We ‘Science the Heck’ Out of Trouble?
- Closing Session
-
Cyber Resilience: Rethinking Your Data Protection Strategy in the Age of Ransomware 9:20 am
Presented by Zerto
Ransomware threats increased by 300% last year, and the industry is expecting it to get worse. Ransomware victims’ greatest pains are downtime and data loss. Current DR and Backup solutions aren’t equipped to help you manage it at the speed of business. Join us for this discussion on how to transform your data protection approach to ensure you can protect your data and resume operations almost instantly when facing a ransomware attack. See you there!
Speaker:
-
Managing Digital Risk Amid Disruption 9:40 am
Presented by RSA
Digital transformation is not only changing how companies think about business. It is changing how we think about risk. We need to *act* on risk, not worry about it. We need to start and end with the basics. In this session we review several key areas of digital risk management to target as you are challenged to be a key contributor in your company’s digital journey.
Speaker:
-
Developing Your Identity Strategy 10:30 am
Presented by Sailpoint
Remember when identity management meant creating new accounts and resetting user’s passwords? Over the years, digital identity has evolved into much, MUCH more. Your identity program now includes not just identity management, but also access management, privilege management, and even customer identity management, all of this falling under the umbrella of identity governance. More importantly, identity has shifted from being a basic operations function to the cornerstone for business enablement and digital transformation. In this presentation, Rob walks you through key considerations when developing your identity strategy to help you improve the current state of your program while building a solid foundation for the future of your identity program.
Speaker:
-
How Do You Start a ML Project? Finding the Breach With Infinity SOC 10:50 am
Presented by Check Point Software Technologies
What is Machine Learning? Can you decipher buzzwords such as Artificial Intelligence, machine or deep learning, and differentiate between hype and fake news? Cyber-attacks are more prevalent than ever in our world today, with exponential, every-increasing variance, velocity, and volume of threat campaigns. This presentation aims to hopefully enable you to understand what lies beneath the words “AI-powered cloud” or more precisely “data driven security”.
The Security Operations Center (SOC) is often all that stands between an organization and a potentially financially devastating data breach. However, 98% of SOC teams face significant challenges in their mission to detect and shut down attacks. For many SOC teams, finding malicious activity inside their network is like finding a needle in a haystack. They are often forced to translate information from across a multitude of monitoring solutions and navigate through tens of thousands of daily alerts. This is crossroad where machine learning and security align to equip security analysts with relevant and actionable information to prevent and respond to threats in real time.
Speaker:
- Q&A: Users as the Attack Vector - People and Security
- Lunch Break
-
Shift Left – Building Security into the Application Development Lifecycle 1:05 pm
Presented by Micro Focus
By building security into your application development lifecycle you not only help reduce your attack surface, but also save roughly 30% in costs associated with resolving the application security vulnerabilities afterwards… never mind the costs associated with a breach, such as shareholder value and brand tarnishing.
Speaker:
-
2020: The Passwordless Decade 1:25 pm
Presented by HYPR
As we enter the passwordless decade, more and more organizations are asking the question: How quickly can I move beyond passwords?
George Avetisov, CEO of HYPR, will discuss the rise of organizations moving to the cloud, how the perimeter fades and the attack surface gets larger.
Modern tools such as SNIPR and Modlishka make it easier for hackers to launch large-scale automated attacks, bringing credential re-use and two-factor-authentication attacks to record highs. How did we get here, and will mainstream adoption of passwordless security have an impact?
We will explore how the rise of virtual desktop infrastructure has affected workstation login and review how the evolution of authentication has impacted organizations’ identity and access management systems.
In this session, you’ll learn:
- Why is Credential Reuse at All-time Highs?
- How has Authentication Evolved?
- Why this is the Passwordless Decade
Speaker:
-
A People-Centric Approach to Cyber Risk Management 2:15 pm
Presented by Proofpoint
Today’s threat landscape is characterized by attacks which focus on humans. For the third straight year, Proofpoint Threat Research has confirmed that over 99% of attacks are human-activated.
Developing a holistic cyber security program involves educating end users on where and how they are exposed to cyber-attacks, gathering metrics, and highlighting key areas where proactive steps can be identified to minimize risks to cyber-attacks.
During this presentation, we’ll cover:
- The clearly defined risk areas that are frequently targeted in cyber-attacks, with clear examples and use cases
- How organizations can implement a People-Centric security approach, decreasing their vulnerability to cyber threats.
Speaker:
-
Reducing Friction and Managing Remote Work Environments 2:35 pm
Presented by Automox
The business world has changed and many of those changes, like remote working, are here to stay. And keeping your teams safe during this period is a no-brainer—as is making sure their remote endpoints are managed and secure. But with these changes come a list of concerns and issues that many organizations just are not ready to address, sometimes highlighting legacy support policies and even out-of-standard technological needs. The friction of everyday management of the full enterprise has increased, putting a strain on the IT and support staff as well as the users.
During this presentation, I will address common areas of friction in endpoint management as well as ways to pinpoint friction in your environment, and finally ways to address the problems and setup your organization for scalability with endpoint management.
Speaker:
- Q&A Ransomware - to Pay, or Not to Pay?
-
How Various Cryptocurrency and and Blockchain Technologies Fundamentally Work 3:45 am
Presented by United States Secret Service
This presentation will provide a basic overview of the mechanics of how various cryptocurrency and and blockchain technologies fundamentally work, and the role it plays in emerging cyber-enabled crimes such as Ransomware and Business Email Compromises (BEC).
Speaker:
- Summit Final Closing Session