CyberNext Summit Tracks

Date: Tuesday, October 08, 2019 Time: 14:15-15:15 Location: Ballroom

SOC analysts are under siege to keep pace with the ever-changing threat landscape. The analysts are overworked, burnout and bombarded with the sheer number of alerts that they must carefully investigate. This intense workload can be a true testament against anyone’s patience. We need to empower our SOC analysts to overcome this monotonous work that is leading to career burnout. Our industry is struggling to keep up and is alternatively promoting silver bullets and panaceas to catch...

Numerous malware variants are being created daily. To adjust to this evolution, machine learning tools are being utilized by security companies to detect the novel threats and new attack vectors. Same for the threat hunting, where the ML helps in p roactively and iteratively parsing through networks detecting the advance threats. Important question is where we want to apply these advanced techniques. The technology should be applied in a smart way to tackle specific problems. In this...

Date: Tuesday, October 08, 2019 Time: 15:45-16:45 Location: Ballroom

Organizations are at a tipping point, overwhelmed by cyber events, day to day operations, budget, and availability. Increasing triggers are compounding the problem along with increasing standards, compliance, and an overabundance of next best tools resulting in unsustainability. A rapid-fire session will engage attendees on a pragmatic approach to risk reduction through a pragmatic CyberSecurity which simplifies the approach. Bringing clarity and focus to risk reduction efforts, while...

What are the cyber threats posed to natural gas?  What's the state of cyber defense for our pipelines?  Downstream Natural Gas Information Sharing and Analysis Center (DNG-ISAC) Threat Analyst will provide an overview of the dynamic cyber and physical threats faced by the natural gas and pipeline sub-sector in 2019 and 2020.  Industry data will be summarized to paint a picture of current challenges to the safety and operation of our national critical energy infrastructure...

In this presentation, I'll discuss how leveraging the MITRE ATT&CK framework to overlay your current technologies, will help you articulate and formalize back to the business metrics around your current defensive capabilities, the technical threats you are protecting the business from and how you are minimizing business risk.

Date: Tuesday, October 08, 2019 Time: 16:45-17:15 Location: Ballroom

The private sector continues to be victimized by an onslaught of sustained cyber assaults aimed at undermining the United States economy, weakening its military, and threatening its democracy. The need for the US government and private industry to share information has long been viewed as the only viable solution to thwarting cyberattacks. Despite the information sharing efforts, spanning nearly two decades, private industry continues...

Date: Wednesday, October 09, 2019 Time: 13:00-14:30 Location: Ballroom

Preview of the upcoming Leadership Compasses on Endpoint Protection/Anti-Malware and Endpoint Detection & Response. In this session, we'll talk about the Leadership Compass methodology and the criteria that are reviewed and compared to generate these research reports.

Mobile malware authors invest a lot of time and energy into code development to ensure their campaigns are successful.  Attendees will also learn about these different campaigns and how the attacks are evolving.This evolution includes anti-emulator detection, antivirus suppression, chunked update downloads, etc. A list of analysis tools and resources used during the analysis will be provided at the end of the session.

Security feeds and threats are the never ending endpoint to do list.  In this session we are going to talk about the fundamentals of operations and how to reduce your threat exposure.  Lets excel at the fundamentals to close the gaps illuminated by the security team.   Patching, Ransomware deployment protocol, limited admin rights, shared passwords, unused software, and the other fundamentals of security exposure.  Visibility, management, and real time reactions to...

Date: Wednesday, October 09, 2019 Time: 15:00-16:00 Location: Ballroom

Cybersecurity is critical to protecting IoT and mesh networks.  Network sensors and endpoints are the most vulnerable network assets.  As endpoint diversity expands to nontraditional assets and applications, stakeholders must adopt cybersecurity best practices to protect their networks. This talk focuses on strategies to harden the IoT security posture.

In 2019, interconnectivity and growth of data have exploded. The digital world continues to expand at breakneck speed, with 20 billion networked devices and data anticipated to grow tenfold from 2017 to 2025. 96% of companies now use cloud services and 81% of enterprises operate multi-cloud landscapes. There are over 5 billion mobile phone users, with 2 billion customers preferring mobile banking rather than enter a physical branch. IoT is an integral part of the future of data technology...

Date: Wednesday, October 09, 2019 Time: 16:00-17:00 Location: Ballroom

Owners and operators of the electric grid in the United States are facing an unprecedented number of physical and cyber security risks. This session will discuss the methods that electric utilities are using to address the wide variety of risks, with special focus on the program Cyber Mutual Assistance.

In today’s business environment, it’s imperative for organizations of all sizes to have a dynamic online presence. However, with always being connected, there comes real risk to your business. Ransomware attacks, like Petya and WannaCry, have demonstrated how businesses can be brought to a halt by locking access to business-critical data, even with the latest next-generation defenses in place. So, how do you protect yourself? What should you be looking for? In this...

Date: Thursday, October 10, 2019 Time: 13:00-14:00 Location: Ballroom

Everyone knows that the password is dead, yet most companies are still struggling with them. With such a broad choice of strong authentication products on the market, what can possibly prevent their broader adoption? If you are still thinking about finding the right balance between security and user experience, you’re doing it wrong. Even more, if you are still thinking about password replacement as just a matter of introducing strong authentication into your company, you really...

A true least-privilege security model requires users, processes, applications, and systems, to have just enough rights and access—and for no longer than necessary—to perform a necessary action or task. While organizations are increasingly effective at applying the “just enough” piece using privileged access management (PAM) solutions, they have largely neglected the time-limited part of the equation. Today, powerful accounts with always-on (24x7) privileged access...

Date: Thursday, October 10, 2019 Time: 14:30-15:30 Location: Ballroom

Fairfax County, VA needed the ability to register residents to pay their taxes online and provide management for applications in the courts used by both residents and county employees. These needs needed to be met in a way that didn't sacrifice security for usability and recognized that some of the most important tasks for security required automation. The county also wanted to build a solution that avoided vendor lock-in by supporting standard protocols. Finally, the system had to work...

It is no secret that IT infrastructures are well underway in their transition to cloud-based deployments, whether SaaS or IaaS. But what about security controls? With some security controls, such as email, web, and identity management, deploying via the cloud is becoming the standard approach, but what about endpoint, SIEM, network monitoring, and other more traditionally on-premises areas? With security, nothing is easy! Also are we at risk of simply recreating on-premises security controls...

Date: Thursday, October 10, 2019 Time: 15:30-16:00 Location: Ballroom

We are at the gate to the all-digital age and see cultures, biases and routines clash with compliance, privacy regulations and governance. While social engineering attacks are being refined on a daily basis, the education of users is often falling behind. New threats are addressed with tech, the next breach calls for even more tech and so on. But is that really all it takes to make our digital lives safer, more trustworthy or even resilient? What are the key aspects to focus on when...