Virtual Summit
New England
Virtual Cybersecurity Summit
The New England Region Virtual Cybersecurity Summit is a new way to connect with like-minded executives, innovative solutions providers, experts and luminaries. With a shared interest in security innovation in the region, summit attendees have a lot to talk about in the live, immersive experience.
Date
Wed. Aug 18
Event Schedule
Times for this Event are in Eastern Time (EDT/EST)
The Summit will be open from 8AM to 6PM.
- Welcome / Introductions
-
Disrupting Lateral Movement by Securing Active Directory 8:50 am
Click to Expand
A common tactic among advanced threat actors and ransomware attacks today involves leveraging Active Directory to move laterally and accomplish their mission. Active Directory data can give attackers credentials, privileges, access, and persistence. Protecting it must be a high priority for any organization.
Active Directory security requires time, resources, expertise, and visibility. Typical best practices focus on limiting privileged accounts, conducting audits, and hardening systems, but these no longer suffice to address advanced attacks.
Join this session to explore new options that automate defending AD from compromise to prevent lateral movement.
Highlights include:
- Live detection for attacks targeting Active Directory
- Attack surface reduction at both Active Directory and the endpoint
- Continuous visibility to AD changes that introduce new exposures
- Addressing Active Directory assurance to reduce risks and pass Red team tests
Panel Participants:
-
Broken Authentication: Fixing one of the most critical web application security risks 9:10 am
Click to Expand
Authentication is a cornerstone capability of any application. Ensuring a user is who they say they are is crucial to maintaining data privacy and preventing fraud and data breaches. Consequently, improperly implemented authentication, known as broken authentication, is a potentially devastating application vulnerability. In fact, the Open Web Application Security Project (OWASP) lists broken authentication as the second most critical security risk to web applications.
This session will provide:
- An overview of broken authentication;
- Why it’s so dangerous;
- The types of threats that can take advantage of this vulnerability;
- How you can prevent this most critical application security risk.
Panel Participants:
-
Zero Trust Tips from Cisco’s SVP, Chief Security & Trust Officer 9:50 am
Click to Expand
Interested in bringing zero trust to your workforce but unsure of where to begin? This talk will cover the basics of workforce zero trust and best practices for implementation at organizations big and small. Practical learnings from Cisco’s rollout to its 100,000+ users will be shared to help you get started on your journey and plan for success.
Panel Participants:
-
Moving Beyond Password to Delight & Secure Users 10:10 am
Click to Expand
Passwords have been a constant throughout the internet era. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources across the applications we use on a daily basis.
But in this new digital age where data breaches are rampant, passwords are no longer good enough. Not only are they insecure, they are expensive and offer a poor user experience. Fortunately, there’s a better way to protect your applications and stop account takeover incidents.
In this session, we’ll discuss the benefits of passwordless authentication and explain how eliminating the password can help improve user experience, admin visibility and control, and scalability. We’ll also walk through key considerations and first steps as you embark on your passwordless journey.
Panel Participants:
-
Expert Panel Discussion: AppSec + Coud 10:30 am
Application Security in Hybrid, Multi-Cloud Environments
Click to Expand89% of CISOs say microservices, containers, and Kubernetes have created application security blind spots. As the application landscape continues to grow, and the increased use of cloud-native architectures challenges traditional approaches, cybersecurity leaders are often looking for new ways to understand potential vulnerabilities. With faster iterations from Agile Development pushing the DevSecOps Teams to move as quickly as possible, there is ample room for gaps to appear.
In this panel, our experts will discuss some of the various approaches to address these issues. The discussion will cover challenges faced by teams of all sizes, and processes, tools and methods that are in use to address.
-
Rethinking Data Protection in the Age of Ransomware 11:20 am
Click to Expand
With the proliferation of data-driven digital business growing at an exponential pace, so is the pace of cyber security threats and attacks, such as ransomware. Cyberattacks can cost a company $1.4 Million on average in recovery when you add in the cost of lost productivity, reputation damage, and service disruption. Are you at risk? Can your backup keep pace with the speed of recovery that’s needed today? Attend this session to find out why traditional backup won’t save you from ransomware attack and how continuous data protection helps you to prepare, respond and recover from an attack.
Panel Participants:
-
Building an Effective Security Awareness Program 11:40 am
Click to Expand
Searching on Google for the phrase “Humans are the weakest link”, one would find almost 100,000 results. However, by properly educating humans and making them aware, they can be the most vital asset and, in turn, become the human firewall for an organization. Cybercriminals are successfully gaining access to organization’s systems, data, and infrastructure in various industries worldwide. They are doing it the most common way, tricking the humans into clicking on a link and effectively bypassing the firewalls and opening the organization’s proverbial front door. It is quickly becoming known that Security Awareness Training programs are crucial to reducing the organization’s risk of an attack. However, what does it take to operate and maintain these programs successfully? Organizations need to have a robust security awareness and training program for all employees from the front desk to the boardroom. Understand the purpose of a Security Awareness Training Programs and how to keep up with emerging social engineering threats How various psychology concepts can get employees to accept the training and how everyone can be the human firewall. Learn about the red flags of social engineering or rogue website links.
Panel Participants:
- Lunch Break
-
Keynote Speaker: Cyber Kills 12:25 pm
Cyber incidents kill. They have killed before. They will kill again.
Click to ExpandCyber incidents kill. They have killed before. They will kill again.
Even though the cyber industry constantly strives to raise the world’s awareness about emerging threats, it seems like we have neglected to talk about the thing that will soon become the center of the cybersecurity domain – life-threatening cyber threats (LTTs).
Even the current cybersecurity industry standards (e.g., NIST Cybersecurity framework) fail to discuss (and even mention) this threat category, let alone explain how such threats should be incorporated in the risk management process in a way that would allow security experts and decision-makers to identify and tackle such threats effectively.
In this talk, we will discuss this threat, review past incidents that have resulted in casualties, and dive into effective risk management strategies. We will define the different LTTs subcategories (e.g. direct and indirect), understand who can be affected by such threats (most of enterprises, business and individuals), and how.
We will discuss incentives, discover why these attacks almost never happen even though they are possible, and see why this is about to change. We will revisit the relationship between physical security and cybersecurity.
Lastly, we will understand why the cyber industry must adopt the right mindset when human lives are at stake and incorporate this notion into their standards, policies, and methodologies.
Panel Participants:
-
The Risk Management “Balance Sheet” 1:05 pm
Click to Expand
Managing risk has always been a part of the CISO responsibility set; however, the ways in which it is managed has no clear definition. With new ransomware threats, supply chain attacks, and third-party risk in the mix – perhaps a new way to budget risk is required. Is there an effective way to have a “risk balance sheet” – a way in which the CISO could communicate risk to the rest of the C-suite in a consistent language they would understand?
-
Beyond SolarWinds: Supply Chain & Third-Party Risk Management for 2021 1:25 pm
Click to Expand
Even before SolarWinds Orion Code Compromise, Supply Chain Attacks were up over 400% in 2020. As 2021 rolls on, this attack vector has received tremendous attention. Along with third-party risk in general, partner organizations and software systems with unfettered, privileged, deep access to infrastructure create “a perfect storm” threat for modern cyber executives.
In this session we will discuss these challenges in detail, as well as the multiple approaches to identify the best means of using supply chains while keeping the third-party risks at a minimum.
-
Expert Panel Discussion: Beyond SolarWinds/3rd Party 2:00 pm
Beyond SolarWinds: Supply Chain & Third-Party Risk Management for 2021
Click to ExpandEven before SolarWinds Orion Code Compromise, Supply Chain Attacks were up over 400% in 2020. As 2021 rolls on, this attack vector has received tremendous attention. Along with third-party risk in general, partner organizations and software systems with unfettered, privileged, deep access to infrastructure create “a perfect storm” threat for modern cyber executives.
In this panel, our experts will discuss these challenges in detail, as well as the multiple approaches to identify the best means of using supply chains while keeping the third-party risks at a minimum.
-
AI & ML in Cybersecurity: Can we ‘Science the heck’ out of trouble? 2:25 pm
Click to Expand
We get it, Artificial Intelligence (AI) with particular focus on Machine Learning (ML) is one way to overcome advanced threats with particular attention to scale. That said, those terms are thrown at our executives to delight, amaze and confuse them. How do we really discern between them as tools in our kit versus ‘Weapons of Mass Distraction’?
-
Managing the Insider Threat 2:45 pm
Click to Expand
An adversary who attacks an organization from within can prove fatal to the business and is generally impervious to conventional defenses. Social science research has been used to explain why traditional methods fail against these trusted betrayers. Every company must identify and utilize new management techniques, increase security, and revise workplace strategies for categorizing and defeating insider threats.
There are key players in positions to either effectively support or undermine the insider threats. Leadership style can make a difference in the way an institution recognizes and identifies these threats from rethinking background investigations to recognizing deception and using lawful disruption. Most importantly, organizations must circumvent these predators before they jeopardize the workplace and sabotage business operations.
-
Expert Panel Discussion: Cloud Security 2021: What’s New, What Changes 3:25 pm
Cloud Security 2021: What’s New, What Changes
Click to ExpandAlthough it seems like a decade – just a few years ago, industry analysts were still advising the CISO community to keep the “crown jewel” data in private data centers. Requirements for the security OF the cloud, and the security IN the cloud have accelerated quickly and today – amid the pandemic – that transition is near-complete.
This is a broad topic – so our panel today will focus on the nuances of security IN the cloud, and some of the cutting-edge practices that innovative organizations are doing today to get ahead of threat actors who target online storage, protocols, email, file shares, and other data and network access that can be accidentally be exposed.
-
Operational Technology (OT) & Industrial Control Systems (ICS): Cybersecurity Concerns 3:50 pm
Click to Expand
Since the Stuxnet worm was first discovered back in 2010, attacks related to SCADA systems have been of concern. While manufacturing and utility organizations tend to talk about them more, there are wide implications across the cybersecurity landscape that touch on ICS and OT systems of all kinds.
In this session we will talk about why these types of attacks represent a primary concern, and what state-of-the-art looks like in terms of building protections.
- CISO Panel 4:30 pm
- Closing Session + Prize Drawing
-
Partners
Gold Partners
![Attivo Networks]()
![Auth0]()
Silver Partners
![KnowBe4]()
![Okta - Alternate]()
![Zerto - Alternate]()
Exhibiting Partners
