
Virtual Summit
Canada West
Virtual Cybersecurity Summit
The Canada West Virtual Cybersecurity Summit is a new way to connect with like-minded executives, innovative solutions providers, experts and luminaries. With a shared interest in security innovation in the region, summit attendees have a lot to talk about in the live, immersive virtual experience.
Date
Wed. May 12 — Thu. May 13
Event Schedule
Times for this Event are in Pacific Time (PDT/PST)
The Summit will be open from 8AM to 6PM.
- Welcome / Introductions
-
Broken Authentication: Fixing one of the most critical web application security risks 9:05 am
Authentication is a cornerstone capability of any application. Ensuring a user is who they say they are is crucial to maintaining data privacy and preventing fraud and data breaches. Consequently, improperly implemented authentication, known as broken authentication, is a potentially devastating application vulnerability. In fact, the Open Web Application Security Project (OWASP) lists broken authentication as the second most critical security risk to web applications.
This session will provide:
- An overview of broken authentication;
- Why it’s so dangerous;
- The types of threats that can take advantage of this vulnerability;
- How you can prevent this most critical application security risk.
Panel Participants:
-
A Modern Approach to Information Protection 9:30 am
Data Loss Prevention (DLP) solutions alone can no longer address today’s data privacy requirements. Customer PII data is the most often lost or stolen data, and more than half of these breaches involve malicious attacks. Challenges like increasing threat activity, difficulty protecting a remote workforce, and accelerating migration of data to cloud platforms make it harder to secure data and comply with privacy regulations – especially when analysts need multiple tools to investigate data leakages. So how can you better protect your company in 2021?
Join us as we discuss how you can reimagine data privacy with a modern approach to information protection. In this session, we will cover:
- Modern data security challenges
- The convergence of data and threat protection to secure data from internal and external threats
- How people-centric investigations lead to more rapid investigative outcomes
Panel Participants:
-
Out of the Shadows: Real-time Asset Visibility and Security for Every Connected Device 10:15 am
For many years now, enterprises have seen an explosive rise in connected devices, from traditional IT devices like servers, workstations and PCs to new and more vulnerable IoT, IoMT, and OT like building systems, medical equipment and manufacturing machines. This myriad of devices from different manufacturers, operating systems and protocols expand the attack surface. IoT, IoMT, and OT bring their own challenges as they are typically not designed with security in mind. The bad news? Security teams are still responsible for all of them. It’s time for a modern approach. In this session, Ordr’s Chief Strategy Officer Danelle Au outlines why connected device security should be on your security initiatives in 2021, and presents a framework that starts with real-time asset inventory and ends with scalable security. Learn best practices and implementation considerations for device discovery, profiling and segmentation as you start your connected device security journey.
Panel Participants:
-
Expert Panel Discussion: Identity & Access Management 2021 10:35 am
Identity & Access Management 2021
The 2000’s view of “perimeter” in terms of security conjures up an analogy about castles and moats… but today, the question is, where is the moat? As we turbo-charged Work From Home this year, and BYOD is just a way of life – have your Identity and Access Management practices kept-up?
Panel Participants:
-
Disrupting Lateral Movement by Securing Active Directory 11:20 am
A common tactic among advanced threat actors and ransomware attacks today involves leveraging Active Director to move laterally and accomplish their mission. Active Directory data can give attackers credentials, privileges, access, and persistence. Protecting it must be a high priority for any organization.
Active Directory security requires time, resources, expertise, and visibility. Typical best practices focus on limiting privileged accounts, conducting audits, and hardening systems, but these no longer suffice to address advanced attacks.
Join this session to explore new options that automate defending AD from compromise to prevent lateral movement.
Highlights include:
- Live detection for attacks targeting Active Directory
- Attack surface reduction at both Active Directory and the endpoint
- Continuous visibility to AD changes that introduce new exposures
- Addressing Active Directory assurance to reduce risks and pass Red team tests
Panel Participants:
-
Moving Beyond Password to Delight & Secure Users 11:40 am
Passwords have been a constant throughout the internet era. As we’ve moved from desktops to smartphones, from on-premises infrastructure to cloud services, we’ve all relied on passwords to access and safeguard our data and resources across the applications we use on a daily basis.
But in this new digital age where data breaches are rampant, passwords are no longer good enough. Not only are they insecure, they are expensive and offer a poor user experience. Fortunately, there’s a better way to protect your applications and stop account takeover incidents.
In this session, we’ll discuss the benefits of passwordless authentication and explain how eliminating the password can help improve user experience, admin visibility and control, and scalability. We’ll also walk through key considerations and first steps as you embark on your passwordless journey.
Panel Participants:
- Lunch Break
-
Keynote:Cross-Border Cybersecurity: US/Canadian Partnership 12:25 pm
This unique keynote presentation is an exclusive for the Canada-West Virtual Summit audience. We are delighted to connect the dots between the United States Secret Service and the local Canadian Counter-Cybercrime agencies. Our two senior agency representatives will talk about how they partner to thwart cybercrime, and stay ahead of the threat actors that prey on organizations in the area, especially those that have a good deal of cross-border trading activity.
The Secret Service is charged with protecting the US financial infrastructure, and by extension online crime components. Local law enforcement in Canada, aided by the Royal Canadian Mounted Police’s National Cyber Crime Coordination (RCMP C3) come to the aid of businesses and citizens in Canada when they have been the target of a cyber attack.
Pay close attention to this keynote, where both gentlemen will share their agency’s mission, take questions from Community Members, and explain further the steps to take before your organization is the target of an attack.
Panel Participants:
-
Rethinking Data Protection in The Age of Ransomware 1:20 pm
With the proliferation of data-driven digital business growing at an exponential pace, so is the pace of cyber security threats and attacks, such as ransomware. Cyberattacks can cost a company $1.4 Million on average in recovery when you add in the cost of lost productivity, reputation damage, and service disruption. Are you at risk? Can your backup keep pace with the speed of recovery that’s needed today? Attend this session to find out why traditional backup won’t save you from ransomware attack and how continuous data protection helps you to prepare, respond and recover from an attack.
Panel Participants:
-
Ransom DDoS – To Pay or Not to Pay? 2:00 pm
We know that some businesses are the target of constant DDoS attacks, while others face attacks less frequently. If your company falls on the side of less-frequent attacks or having never been attacked at all, you might be wondering, “does the threat still exist?” And “does it exist to the level of risk I’m willing to take by not having DDoS protection? The answer to both questions is an unequivocal “yes”.
In this session we will discuss a major Global Ransom Denial of Service Campaign mainly against the financial services industry. RDoS campaigns are extortion-based Distributed Denial of Service (DDoS) threats motivated by financial gain and demanding payment in bitcoin currency to prevent a DDoS attack on their target’s network. Several of our now- customers were impacted by this campaign. Given today’s volatile DDoS threat landscape with attacks ranging from massive volumetric assaults to sophisticated and persistent application level threats, comprehensive protection is a must for online businesses.
Panel Participants:
-
2021 State of Malware 2:20 pm
If 2020 taught us anything, it’s that cybercrime stops for nothing. What’s more—it adapts. Broadside attacks are out, precision is in, and ingenuity lies behind several new malware types and attack methods.
From ruthless COVID scams to ransomware attacks on hospitals, there were no targets, and no opportunities for exploitation, that were beyond the pale. We’ve gathered the intelligence you need to learn from 2020 and be prepared for anything 2021 throws at you.
Explore:
• Top threats for businesses and consumers
• Emerging cybercrime trends and tactics
• Analyses by industry, region, and platformPanel Participants:
-
The Rise of Secure Access Service Edge (SASE) 2:40 pm
Secure access service edge (SASE) offerings are cloud-delivered platforms that give consistent security across different applications, devices, web destinations, on-premises resources, and infrastructure. To achieve this, these platforms deliver a variety of functionality from complementary security solutions. As organizations operate in our frenetic business world, SASE becomes imperative. In this session, you will learn:
- Why organizations need SASE
- The key components of SASE offerings
- How SASE architectures impact performance
Panel Participants:
-
Expert Panel Discussion: Supply Chain / Third Party Risk 3:20 pm
Beyond SolarWinds: Supply Chain & Third Party Risk Management for 2021
Even before SolarWinds Orion Code Compromise, Supply Chain Attacks were up over 400% in 2020. As 2021 rolls on, this attack vector has received tremendous attention. Along with third-party risk in general, partner organizations and software systems with unfettered, privileged, deep access to infrastructure create “a perfect storm” threat for modern cyber executives.
In this panel, our experts will discuss these challenges in detail, as well as the multiple approaches to identify the best means of using supply chains while keeping the third party risks at a minimum.
Panel Participants:
- Day One Closing Session
- Day Two
- Welcome / Introductions
-
THE LAST LINE OF DEFENSE: DATA PROTECTION 9:20 am
With the growth of Ransomware and cybercrime, Data protection is experiencing a resurgence. Organizations are quickly having to modernize their data protection architecture and strategies to meet not only these demands but also the demand that digital transformation is placing upon them; current approaches are designed around a backup centric approach, whereas a new approach centered around restore and getting organizations back up and running as quickly as possible are critical. Join this session to learn about the latest innovations in the data protection space and how they can be implemented to provide a restore centric approach and provide a true last line of defense.
Panel Participants:
-
Shift Left – The imperative need for code security 9:40 am
As we transform our organizations leveraging the cloud more every day we protect these multi-cloud environments with continuous and automated security and compliance. Today more than ever this same security should be integrated into the CI/CD pipeline with Infrastructure as Code Security for DevSecOps. This session will discuss shifting cloud security left into your CI/CD pipeline stopping misconfigurations, policy violations and potential malware present in 3rd party modules
Panel Participants:
-
Managed Detection and Response – Is it the Answer For Preventing Cyber-Attacks? 10:20 am
Managed Detection and Response (MDR) providers are becoming more and more popular as an alternative to big security teams deploying multiple security tools. The question most often asked, “Is an MDR service right for my organization?”
In this one on one interview, Bill Munroe of CyGlass will put John Menezes, CEO of a leading MDR provider, on the hot seat getting insights on:
- Why an MDR is so important to your organization
- What critical services an MDR must provide
- How to select the right MDR provider
- When an MDR provider is the right solution
This fireside chat will address concerns within the cybersecurity landscape, the hype of XDR & other security offerings and more. Join this fast paced, interactive interview.
Panel Participants:
-
Your Ransomware Hostage Rescue Guide 10:40 am
Ransomware attacks are on the rise and are estimated to cost global organizations $20 billion. As ransomware attacks become more targeted and more damaging, your organization faces increased risk that can leave your networks down for days or even weeks. So, how can your organization avoid getting held hostage?
Join Erich Kron CISSP, Security Awareness Advocate at KnowBe4, as he looks at concerning features of new ransomware strains, provides actionable info that you need to prevent infections, and gives you tips on what to do when you are hit with ransomware.
In this webcast we will cover:
- What new scary ransomware strains are in the wild
- Am I infected?
- I’m infected, now what?
- Proven methods of protecting your organization
- How to create your human firewall
Don’t get held hostage by ransomware and become a statistic!
Panel Participants:
-
Faking It: Stopping Impersonation Attacks with Cyber AI 11:20 am
Today, 94% of cyber-threats still originate in the inbox. ‘Impersonation attacks’ are on the rise, as artificial intelligence is increasingly being used to automatically generate spear-phishing emails, or ‘digital fakes’, that expertly mimic the writing style of trusted contacts and colleagues.
Humans can no longer distinguish real from fake on their own – businesses are increasingly turning to AI to distinguish friend from foe and fight back with autonomous response.
In an era when thousands of documents can be encrypted in minutes, ‘immune system’ technology takes action in seconds – stopping cyber-threats before damage is done.
Panel Participants:
- Lunch Break
-
Keynote Session: Keeping Malware Out and IoT Devices Secure. 12:10 pm
Upgrading the Fabric of the Canadian Internet – Keeping Malware Out and IoT Devices Secure.
Organizations and households should consider that the internet is one of the most important networks they use. Yet, most IT managers still draw it like a cloud when there are services that make up the fabric of the internet that can be used by them to be more cybersecure. This is where the Canadian Internet Registration Authority (CIRA) comes in.
CIRA is a not-for-profit organization with over 20 years managing critical infrastructure in Canada. We work to make this fabric a critical tool that both organizations and households can use to help improve their security. This presentation will cover two of our cybersecurity initiatives for helping secure Canadian critical services and homeowners resulting in a more trusted Internet.
CIRA Canadian Shield is a free malware and phishing filtering service available to all households that leverages the same enterprise-level threat feed that our CIRA DNS Firewall uses to protect large organizations. During this presentation, we will discuss the architecture, security, and privacy capabilities of this service. We will also demonstrate some of the threat trends we have observed across the country based upon hundreds of thousands of users comparing households to businesses.
The CIRA IoT Registry makes it possible to manage a fleet of IoT devices and ensure they are not communicating with unauthorized parties. Many IoT devices including medical services, remote sensing, power plants, and municipal services are harder to secure and manage. The efficiency gains quickly evaporate, are hard to keep organized, and are notoriously vulnerable to cyber attacks. Our experts will show how the CIRA IoT Registry can provide a method to ensure secure device management.
Panel Participants:
-
The exodus of endpoints: A journey of endpoints through hostile conditions 1:05 pm
Learn how the recent pandemic drove the endpoint to scattered remoteness and brought about the convergence of management and security. Are we trading productivity for security? Join our session to know more.
Panel Participants:
-
Planning and Defending Against IoT Cybersecurity Threats 1:40 pm
Over the past decade, the Internet of Things (IoT) has exploded in size, surpassing 22 billion internet-connected devices in early 2020. While IoT devices can provide a new level of convenience and efficiency across an organization, their continued growth expands the threat landscape of connected devices. From unknown vulnerabilities to poor configuration practices, the implementation of new IoT devices can create opportunities for hackers to compromise the security of your network and gain access to critical data.
In this session, join Verkada’s CISO Kyle Randolph in a discussion on how businesses can modernize the technology to grow efficiency and accessibility, while also following the right steps and considerations to best protect their most critical assets in this age of growing connectivity.
Panel Participants:
-
Why NDR? Why decrypt traffic? How a 13th century friar helps cybersecurity today 2:00 pm
The Scientific Method transformed the process of scientific discovery. It gave us an empirical framework to arrive at the truth through hypothesis, experimentation, data collection, analysis and conclusion, as opposed to making discoveries the old fashioned way;hunches, revelations, dogma and common sense. In the same manner, reliable and complete data, tools to analyze and query the data and a framework to investigate is key to today’s cybersecurity.
Join us to learn more about:
- Role of NDR in the SOC
- NSA’s guideline on: Why to decrypt, why not decrypt, what to do if you do decrypt
Panel Participants:
-
Expert Panel Discussion: Defense in Depth 2:10 pm
Defense in Depth: New Strategies for 2021
Layering Defense in Depth (DiD) with intentional redundancies increases the security of a system as a whole and addresses many different attack vectors. From individual laptops, to VPN to the WAN, the old paradigm of “castles and moats” is soooo 1999. How are organizations defending against inventive hackers penetrating their systems in 2020?
Panel Participants:
- CISO Panel 3:00 pm
- Summit Final closing Session
-
Partners
Gold Partners
Silver Partners
Bronze Partners
Exhibiting Partners
Affiliate Partners