Dallas 2021 2
Virtual Cybersecurity Summit
The Dallas Region Virtual Cybersecurity Summit is a new way to connect with like-minded executives, innovative solutions providers, experts and luminaries. With a shared interest in security innovation in the region, summit attendees have a lot to talk about in the live, immersive virtual experience.
Dallas 2021 2
Wed. Nov 11 — Thu. Nov 12
- Day 1
Identifying Risky Vendors: 7 Warning Signs You Shouldn’t Ignore 10:10 am
Presented by OneTrust Vendorpedia
For individuals managing third-party risk, there is one primary question that needs answering: Are your vendors safe to do business with? Answering that question is not so straightforward. Third-party risk comes loaded with complexities and compromises. However, there are “red flags” you can look for when evaluating the security, privacy, and compliance programs of your vendors.
Why Zero Trust Architecture Will Be the New Normal in 2021 10:30 am
Presented by Cloudflare
The COVID-19 pandemic brought changes no IT team was ready for: employees were sent home, customer interaction models changed, and cloud transformation efforts abruptly accelerated. Cloudflare recently commissioned Forrester Consulting to explore the impact of 2020 disruptions on security strategy and operations among companies of all sizes. To do so, they surveyed 317 global security decision makers from around the world.
Join Brian Parks, for an in-depth discussion of the survey results, followed by practical guidance for next year’s planning.
How 2020’s disruptions created challenges and opportunities for security teams of all sizes
Specific challenges North American companies faced in securing the change
Why executive buy-in for Zero Trust security initiatives is higher than ever
What peer security leaders are prioritizing for Zero Trust initiatives in 2021
How to drive successful Zero Trust pilot projects with Cloudflare for Teams
Get Rich Quick With Ransomware: A Lazy Hacker’s Perspective for Enterprises 11:05 am
Presented by Axis Security
Think Ransomware isn’t for you? In this enlightening talk, Gil Azrielant, co-founder of Axis Security, will quickly discuss the business opportunities, the technologies, the industry and the mechanics that attract hackers to ransomware. In the process Gil will reveal how some enterprises can use new technologies to defend themselves against attack.
The Last Line of Defense: The Importance of Having a Robust and Comprehensive Data Protection Strategy 11:20 am
Presented by Purestorage
Data protection is experiencing a resurgence. Historically it’s been seen as an innovation backwater and as “insurance”, but with the growth of Ransomware and cybercrime, and increasing risk, organizations are having to modernize their data protection architectures and strategies to ensure that data can be recovered quickly to ensure that an Organization can survive an attack. Join this session to learn about the latest innovations in the data protection space and how they can be deployed to provide a comprehensive last line of defense.
Iot – Security at the Edge: Expert Panel Discussion 11:45 am
The Internet of Things (IoT) poses entirely new challenges. With 35 billion IoT devices expected to be in operation by next year – weak passwords, insecure network services and a lack of secure update mechanisms concern every organization.
Keynote: The 2020 Cybersecurity Skills Shortage 12:45 pm
Presented by Osterman Research
The cybersecurity skills shortage is real and getting worse: according to ISC(2), nearly three million cybersecurity positions worldwide are currently unfilled, and Cyberseek reports that more than 300,000 positions are available just in the United States. A lack of cybersecurity analysts, researchers, and other security experts means that bad actors have even more of an upper hand because there are fewer people available to investigate potential threats, analyze attacks, and remediate security problems. The lockdowns arising from the COVID-19 pandemic has made the problem worse.
Osterman Research has conducted an in-depth study and produced a white paper focused squarely on this issue, and Michael Osterman will be presenting the results of that research. In this session you will learn:
The seriousness with which your peers taking the cybersecurity skills shortage.
What they’re doing to address it.
How executive management and employees view their organizations’ cybersecurity function.
How cybersecurity professionals are dealing with the stresses of doing their job.
How the cybersecurity skills shortage might be solved, both in the near-term and longer term.
Developing Your Identity Strategy 1:25 pm
Presented by Sailpoint
Remember when identity management meant creating new accounts and resetting user’s passwords? Over the years, digital identity has evolved into much, MUCH more. Your identity program now includes not just identity management, but also access management, privilege management, and even customer identity management, all of this falling under the umbrella of identity governance. More importantly, identity has shifted from being a basic operations function to the cornerstone for business enablement and digital transformation. In this presentation, Rob walks you through key considerations when developing your identity strategy to help you improve the current state of your program while building a solid foundation for the future of your identity program.
Hacking Exposed: Learning From the Adversaries 1:45 pm
Presented by Blackberry
Fileless attacks and fileless malware have grown in sophistication, especially in their ability to obfuscate and hide from both traditional and next-generation anti-virus. Join us to discover the techniques being used by APT32/OceanLotus to attack their victims and learn how to replicate them to better test your defenses. In this very short demonstration, you will learn techniques to make a weaponized document that is designed to not just bypass AV but also human threat hunters through a sophisticated method of obfuscation and the use of built-in trusted tools. The document is capable of allowing the attacker to gain remote access to the victim system and exfiltrate sensitive data. You will get to see, firsthand, the attack compromise both a Windows PC as well as a MacOS.
Cybersecurity Author Interview: No Safe Harbor 2:05 pm
Presented by eSentire
In this interview, our CSO, Michael Hiskey, interviews Mark Sangster. Mark is the author of the recent book, No Safe Harbor: the inside truth about cyber crime and how to protect your business. In this short conversation, Michael talks with the author about the stories in the book, what the key takeaways are, and the process of writing it.
Michael HiskeyMark Sangster
Cybersecurity Expert & Author “No Safe Harbor”
Wargaming: Who, What and How of a Strategic Tabletop 2:35 pm
Presented by Rapid7
The last thing any captain wants to do while the ship is sinking is say, “Well I hope the emergency procedures work.” The last thing an organization wants to say in the midst of an incident is, “We hope our Incident Response Plan works!” Tabletop exercises have many different positive outcomes that a company can utilized to further develop their security and incident response program. Though this is seen and categorized as strategic planning, there are many technical and tactical components needed to ensure the tabletop is effective at all levels of implementation. The last thing anyone wants are untested processes, tools, and procedures when the ship is taking on water.
Surviving the Digital Storm – Iot Security Deluge 3:00 pm
Presented by Check Point
We are on the verge of entering our 4th industrial revolution: the era of the Internet of Things (IoT). IoT is a broad term that comes to describe physical devices, embedded with electronics, software, sensors, actuators and network connectivity – all capable of collecting and exchanging data with other devices. The direct communications and data sharing between devices – among themselves or directly with various cloud services – are aimed to shorten development cycles, reduce energy consumption, enable precise view of a device status, and to streamline business processes with higher efficiency.
This revolution has already impacted various industries including healthcare, automotive, industrial control systems, transportation and smart homes. Due to the wide variety of attacks on IoT, there is a need for a substantial granularity while managing the security policies of these devices. IoT delivers the promise of becoming the next industrial revolution, and driving the next generation of efficiency and productivity. But this revolution will not flourish unless cyber security becomes one of its corner stones.
Defense-in-Depth Expert Panel Discussion 3:20 pm
Layering Defense in Depth (DiD) with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors. From individual laptops, to VPN to the WAN, the old paradigm of “castles and moats” is soooo 1999. How are organizations defending against inventive hackers penetrating their systems in 2020?
Keynote - The Dark Web: A New Underground Economy 4:00 pm
How Dark Markets are Innovating and Why It Matters
Throughout history, underground economies thrive following war, natural disaster or political upheaval. While difficult to accurately discern, the underground economy in the U.S. is estimated to be 11-12% of GDP or $2.5 trillion–excluding illegal drug sales, gambling or prostitution! Over the last two years, dark web marketplaces and other underground commerce methods have been innovative and growing, preparing for a new economic reality. While drugs are still popular, malware and stolen data have become far more lucrative for sellers and buyers. In this session, analyst Michael Mayes will share the latest on dark web market innovation and activity, including the sale of COVID-19 related drugs and supplies.
- Day 2
Don’t Get Phished! See How Ironscales Self-Learning Email Security Platform Stops Tomorrow’s Phishing Attacks Today! 8:55 am
Presented by Ironscales
Cyber Criminals don’t care. From holiday seasons, elections, tax-day or our current pandemic COVID-19. They’re ready to exploit people’s vulnerability.
Email phishing is their weapon of choice. 10 years ago, traditional solutions like secure email gateways (SEGs) or in-built security from mailbox providers were enough to stop cyber criminals from gaining access to our accounts. In 2020, attackers are more sophisticated and are changing tactics just as rapidly as businesses are moving to Office 365 and G-Suite.
In the face of this evolving threat, how can you stay ahead of micro-targeted attacks and defend against malicious emails before they gain access to your confidential data? How do you protect end-users confronted by fake login pages (after all, it’s not their job to determine what looks real and what doesn’t)? How do you ensure that your SOC team isn’t overwhelmed by the burden of identifying and remediating phishing threats?
Join IRONSCALES and learn about:
What techniques bad actors use to bypass traditional security measures
What new attacks are being used by bad actors to take advantage of the pandemic
What can you quickly do to protect your Office 365/G-Suite users who are working remotely
How automation & collaboration tools can enable your SOC team to respond to incidents faster, giving them time savings so that they can focus on other projects.
Rise of the Machines: Best Practices for Securing Unmanaged and Iot Devices 9:20 am
Presented by Ordr
For many years now, enterprise networks have seen an explosive rise in devices that are challenging for security teams to secure. These include not only unmanaged devices, but also the extensive portfolio of Internet of Things (IoT) in enterprises such IP cameras, conference room TVs, smart building systems, manufacturing machines and medical devices.
Join Ordr CSO in this webinar to learn:
Risks and vulnerabilities associated with unmanaged and IoT devices
Why traditional networking and security tools fall short
Security best practices to protect these devices without impacting business operations
Understanding and Combating Credential Stuffing Attacks 9:45 am
Presented by Auth0
Credential stuffing attacks are the most common threats observed at Auth0. These attacks can lead to fraud, loss of reputation, and ultimately, loss of revenue.
In credential stuffing attacks, threat actors use stolen credentials from one breach to take over users’ other accounts. This is effective because, according to Google, 65% of people reuse passwords across multiple accounts. On some days, these attacks originate from more than 50,000 IP addresses and may account for as much as half of all login attempts using our platform. Even the most mature companies are vulnerable if they don’t have the right preventative measures in place.
Join Auth0 to learn:
How credential stuffing attacks work
What effect they can have on your company
Steps to detect and mitigate these attacks
A New Spin on Securing Active Directory 10:20 am
Presented by Attivi Networks
CISOs, Penetration Testers, and Incident Responders all agree that Active Directory is a primary target for attackers. So why isn’t AD defended more effectively? Join us in this session to learn who is attacking AD, why AD Security has traditionally been so difficult, and some groundbreaking new techniques for securing Active Directory.
Data Minimization: How to Use ML to Reduce Risk on Duplicate Data 10:45 am
Presented by BigID
With data growing exponentially, data sources spread across disparate data sources, centers, and clouds, it’s more difficult than ever to proactively reduce risk, classify, and protect critical and sensitive data.
One of the largest sources of risk comes from duplicate and redundant sensitive data migrating across multiple data sources and stores. Blind spots into your derivative data can create unnecessary data exposure risks, stall cloud migration initiatives, data minimization initiatives, and M&A processes, and present an additional layer of compliance challenges across the board.
Join Michael Long from BigID to explore these risks – and how to apply ML and NLP to discover, identify, and minimize duplicate and similar data.
Managing All Types of Risk: Expert Panel Discussion 11:05 am
Risk comes from all angles in 2020 users, vendors, partners, systems. In this panel, we will discuss some of the many facets encountered by security leaders in organizations of all sizes, with particular focus to the threat landscape seen across the Midwest.
Complying With Reduced Tls/SSL Certificate Lifetimes 11:35 am
Presented by Entrust
Join Andrew Sheedy, PKI Services Director at Entrust, as he navigates the pain points in the TLS/SSL Certificate landscape.
In April of 2020, a decision was made that TLS certificates issued on or after September 1st, 2020 must have a validity period of no more than 398 days. We will cover the impacts this decision has on your company and the industry as a whole, as well as other current trends.
Keynote: Cyber Threats, Not if but When 12:15 pm
Presented by FBI
SA Bishea will address cyber threat trends, how the FBI combats cyber threats, what you can do and resources available.
Wpa3: The New Standard for WI FI Security 1:05 pm
Presented by Aruba
The Wi-Fi Alliance has recently announced a new standard in wireless, Wi-Fi CERTIFIED WPA3TM. WPA3 (Wi-Fi Protected Access) is designed as the successor to widely used WPA2 and brings a number of core enhancements to improve security protections and onboarding procedures across personal, public, and enterprise networks.
Security issues on the network range widely for IT and personal users alike – from malicious attackers and unknown devices to risks posed by a misconfigured network. The rise in IoT devices exacerbate these problems, especially in enterprise networks. In the home and small business space, open and lightly protected networks are attractive targets for attackers out to gain access to the network or sniff out potentially sensitive information sent in the clear. WPA2-Personal is particularly susceptible to offline dictionary attacks, while WPA2-Enterprise is very hard to the provision because it has so many options.
This is where standards-based designs, much like an API-compatible, multivendor network architecture, steps in to enable a high degree of adoption of new features and technologies to improve end-user protections and IT capabilities.
As we walk through what WPA3 does, please note, WPA3 does not replace your existing enterprise-grade security solution. Security must be taken holistically and integrate capabilities ranging from a user, device, and application-level granularity.
With that, WPA3 aims to solve these key problems:
Problem: Wireless traffic is passed in the clear (open networks)
Solution: With WPA3, there are no more open networks! OWE, or Opportunistic Wireless Encryption encrypts all wireless traffic on formerly Open networks.
The most likely relatable scenario typically involves networks you commonly connect to in small businesses such as coffee shops, private auto shops, and restaurants, where Wi-Fi is not a gated asset. If these are Open networks or even if they use a shared and public PSK (such as written on a chalkboard or on the menu in a restaurant) your Wi-Fi traffic can be decrypted by attackers on the network. OWE raises the bar on security and protects against these passive attacks.
An OWE network provides users with a seamless experience. It looks like an Open network in the list of available networks, but under the covers, OWE provides improved security.
Problem: PSK can be methodically hacked with an offline dictionary attack
Solution: PSK mode is replaced by SAE, or Simultaneous Authentication of Equals, which is resistant to active, passive, and dictionary attacks. Offline dictionary attacks observe a single WPA2-PSK exchange and then cycle through all possible combinations of a Wi-Fi password, seeing if the guessed one was used in the exchange, until the right password is found. The more complex you make your password the better, but complex passwords are hard for people to manage and enter with a low probability of error. Putting the burden of network security on users is never a good idea. With WPA3-SAE, the protocol is secured and retains its security even when used with PSKs that would be deemed too weak for WPA2-PSK.
With WPA3-SAE, users need not learn about new security procedures (or know what a dictionary attack is). The UI for SAE is identical to a PSK network. Users are comfortable entering a password when prompted and nothing changes from their point-of-view but under the covers they get a truly secure connection.
Problem: Mix-and-match nature of WPA2-Enterprise can result in less-than-optimal security
Solution: WPA3 introduces 256-bit encryption, CNSA (Suite B) security capabilities, and baseline rules to ensure consistent security.
While enterprises deploy highly secure networks using WPA2-Enterprise configurations, there are still too many options during implementation that can result in less-than-secure deployments. For instance, should you use RSA key exchanges? 1024-bit authenticating 2048-bit? TLS 1.0? SHA1? With new WPA3-CNSA, EAP-TLS uses Suite B TLS ciphersuites, and also introduces 192-bit security commonly deployed in high-security Wi-Fi networks in government, defense, and industrial verticals. These ciphersuites combine all of the various options—cipher mode, hash algorithm, key exchange, authentication method—into a single suite that provides consistent security for each user connection. No more mixing and matching of options and no more worries about clients “negotiating down” the security of an EAP-TLS connection, whether intentionally or unintentionally
Why Do Small Businesses Need Big Protection? 1:30 pm
Presented by Cisco
As a Small and Medium Business (SMB), it’s easy to feel like some of the biggest cybersecurity challenges are aimed at large organizations. The opposite is true. Small businesses face many of the same cybersecurity challenges as larger businesses: 66% experienced a cyberattack in 2019, and 63% experienced a data breach.
Yet, 75% of SMBs know they need more security – and 41% say they worry about breaches from SaaS Apps, which they rely heavily on. At the base of many of these challenges lies DNS Security. DNS protection is easier to add, and more impactful on reducing overall threats than any other single upgrade that can be made to an average system.
Rohit will discuss a simple, cloud-delivered security service that is cost-effective for a team of any size to deploy, use, and manage.
Introduction to Proactive Prevention 2:00 pm
Presented by Morphisec
Despite continued infosec investments, data breaches continue while companies contend with complicated security architectures composed of disconnected technologies that produce mountains of non-actionable data. A renewed focus on prevention may hold the answer. Security architecture can be broken down into three main elements: Prevention, Detection and Remediation. Prevention should be considered the most strategically important defense element, as by default good true time zero prevention dramatically reduces latency, risks and operational costs of the security structure as a whole. As advanced threats evolve and data center transformation forces enterprise teams to consolidate security, the need for faster, easier and more deterministic threat prevention is essential, thus corporations need to consider a purpose-built stack of true prevention capabilities, that isn’t available in a singular off-the-shelf solution, and add Detection based tools, which by definition have a huge latency, false alerts and are cost prohibitive, where and when appropriate, but not as a prevention tool.
Implementing True Zero Trust Control on the Endpoint 2:20 pm
Presented by ThreatLocker
In this presentation, ThreatLocker CEO, Danny Jenkins will reveal his approach to managing 3 critical layers of cybersecurity. During this session, you will learn critical security measures you should implement to protect these 3 layers against today’s cyber threats.
- Identity: The New Perimeter: Expert Panel Discussion 2:45 pm