Speaker:
Art Coviello, former CEO, RSA Security; Venture Partner, Rally Ventures

The biggest companies (the Fortune 500 types) are more often than not taking matters into their own hands when it comes to breach prevention, eschewing long-term relationships with vendors and charting their own courses with a dizzying array of technologies. Meanwhile, the "unfortunate" 5,000 and beyond fall further behind, struggling to find talent and budget, while security industry vendors produce evermore granular point products that leave everyone unsatisfied and exhausted. Does this sound like the prospects are good for reducing breaches and fraud? The short answer: No.

During this session, former RSA Chairman Art Coviello will review possible paths forward for practitioners, as well as what they should be looking for from vendors, service providers and their own management.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Speaker:
Gregory Wilshusen, Director, Information Security Issues, U.S. Government Accountability Office

The complexity of information technology and the constantly evolving threat landscape makes implementing appropriate controls and processes to secure information assets a major challenge for most enterprises in and out of government. The number of vulnerabilities organizations face is mindboggling: the National Institute of Standards and Technology vulnerability database tops 82,000, and that doesn't count unknown vulnerabilities.

For a dozen years, Gregory Wilshusen and his team of auditors and technical specialists at GAO, the investigative arm of Congress, have issued some 200 reports containing nearly 3,500 recommendations on U.S. federal government IT security, and have identified common problems organizations face and the reasons they often fail in securing information technology. Wilshusen identifies the common areas agencies struggle with to secure their IT and prevent breaches, including access controls, identity and authentication management, continuous monitoring, patch implementation and software testing; explain typical reasons organizations fail to take proper actions to secure their organizations' IT; and recommend solutions organization should take to mitigate this problem.

Though Wilshusen's focus is on government agencies, his findings and recommendations also apply to enterprises outside the federal government, including the private sector.

Speakers:
Ari Schwartz, Managing Director for Cybersecurity Policy, Venable
Christopher Krebs, former Director of Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security
Jeremy Grant, former Sr. Executive Advisor NIST; Managing Director, Technology Business Strategy, Venable
Randy Sabett, Special Counsel, Cyber/Data/Privacy Practice Group, Cooley LLP
Steve Chabinsky, Global Chair of Data, Privacy and Cybersecurity, White & Case

Moderator: Eric Chabrow, Host & Producer, ISMG Security Report; Executive Editor, GovInfoSecurity & InfoRiskToday

Christopher Krebs, Special Counsel to Department of Homeland Security John Kelly, will kick off this panel discussion and set the tone about cybersecurity in the Trump era with a 10-minute overview of the cybersecurity challenges DHS is addressing

From there, the full panel will review how President Donald Trump's early initiatives on cybersecurity are shaping up. What impact will Trump's approach to IT security affect government IT, the nation's critical infrastructure and the private sector as well as the nation's long-term cybersecurity resiliency? How do they differ from the Obama administration's methods to secure IT? A panel of cybersecurity experts and policymakers from Republican and Democratic administrations will explore how the new administration's cybersecurity stance will have an impact not only your IT and security operations but your business or agency, as well.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Speaker:
Paul Bowen, Principal Security Technologist, Arbor Networks

The pressure is on for all industries to upgrade their cyber-protection policies. New York is the first state to initiate a 180-day grace period for all financial services companies to upgrade both cyber policies and protection. As New York's new cyber mandates roll out, other states and industries will likely follow. During this session, Arbor Networks' Principal Security Technologist Paul Bowen will outline the impact of these new regulations, and provide an incident response framework that helps with compliance and preventing an inevitable compromise from turning into a breach.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Speaker:
Matthew Braverman, Supervisory Special Agent, Washington Field Office, FBI

This session will review the latest trends in ongoing and emerging cyberthreats posed by cybercriminals. FBI Supervisory Special Agent Matt Braverman will walk through the latest tactics being used in ransomware, business email compromise exploits and other cyber-extortion schemes, and discuss the FBI's stance on how organizations can and should mitigate their risks and respond.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Speaker:
Kim Peretti, Co-Lead, Cybersecurity Preparedness and Response practice, Alston and Bird, and Former DOJ Cybercrime Prosecutor

Most sophisticated organizations have had their incident response plans in place for several years. But the landscape has changed, and incident response plans and planning that remain static are at risk of being counter-productive in today's environment. If you haven't dusted off your plan in even a couple of years, this session will provide an overview of changes in the landscape and what you need to do to be ready for them. We will discuss the evolving role of officers and directors, legal, the information security function, and risk management. We also will address the shifting perception of security incidents from the public and regulators, new laws across the globe, and how continuing evolution within the space impacts today's planning for security-related incidents.

Speaker:
Alex Mosher, Vice President of Security Strategy, CA Technologies

Many organizations are undergoing a transformation to support digital platforms and stay competitive; but in order to maintain security, they have to ensure that access to these platforms is limited and that security remains a priority. New vulnerabilities to cybercrime are being introduced through hybrid environments, ones that often include remote access to systems and servers, automation of processes, and concentration of administrative power. Limiting administrative power through privileged access management is increasingly critical, but so is authentication, as more legitimate users' credentials are being compromised and access to systems is being fooled by the coders. According to the 2017 Verizon Data Breach Investigations Report, today's breaches involve a "combination of human factors, hardware devices, exploited configurations or malicious software." How can these risks be mitigated while still keeping a competitive edge? This session will explore how taking a proactive stance can help mitigate risks, while still enabling the business to use tools that are necessary in today's digitally charged economy.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Speaker:
Sean Keef, Global Sales Enablement, Skybox

Monetarily motivated attacks are by far the most prevalent cyberthreats to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. By understanding the commercialization of attack tools and services - particularly the vulnerabilities they use, re-use and share - vulnerability management can focus on the small subset of vulnerabilities that are exploited in the wild and packaged in distributed crimeware. This threat-centric approach improves vulnerability prioritization and focuses remediation on the relatively small number of exploitable vulnerabilities, greatly reducing risk through efficient, intelligent processes. This session will cover what's been driving the shift to distributed cybercrime, how to align vulnerability management with real-world threat behavior, and what intelligence and tools are needed.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Speaker:
Barak Feldman, SVP, PAM and Identity Security, Cyberark

Privileged accounts have been at the center of each recent high-profile attack. Moreover, attackers are leveraging privileged credentials as their entry point to high-value systems within the network. This session will explain how hackers that successfully exploit these credentials are able to gain a privileged foothold, allowing them unfettered access to elevate privileges and move about the network freely without detection. With a solid understanding of this well-used method of attack, attendees will learn how to properly secure and manage these powerful credentials. During this session, CyberArk will discuss growing attack trends and what security leaders are doing to protect their organizations from these advanced attacks. CyberArk also will walk through a typical attack that uses privileged accounts and how passwords can be exploited to break down the front door. The session will touch on the growth and prevalence of privileged credentials. We will discuss how to securely store and manage credentials and how to reduce the attack surface - specifically attack surfaces favored by insiders and outsiders with insider credentials. Additionally, this session will review how to detect credential harvesting and blocking future credential-theft attempts, all while maintaining governance and compliance standards.

Speaker:
Chip Mason, Lead, Mainframe Security Product Management, Broadcom

As data continues to grow and become increasingly regulated, organizations will need an enterprise-wide security strategy that's holistic, covering users as well as data, while also improving their compliance posture. It's easy to think of the mainframe as just another platform in the data center, until you stop and realize that roughly 70 percent of corporate data still resides on the mainframe. That begs serious questions security leaders must ask themselves, such as, "Do you know where on the mainframe that data is, how it's being used, who has access to it, and if all of that data is being handled and stored in a manner compliant with industry legislation and regulations? This session will explore what organizations need to do to strategically and tactically to secure all corporate data, address regulatory compliance requirements, and outline how to stay competitive by securing all core business applications.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.

Speakers:
Kim Peretti, Co-Lead, Cybersecurity Preparedness and Response practice, Alston and Bird, and Former DOJ Cybercrime Prosecutor
Matthew Braverman, Supervisory Special Agent, Washington Field Office, FBI
Richard Bortnick, Cyber Liability and Insurance Attorney, Traub Lieberman Straus & Shrewsberry, LLP
Robert Villanueva, Executive Vice President, Q6 Cyber and Founder of the Cyber Threat Intelligence Division of the US Secret Service

Too many organizations continue to address breach response from a reactive mode - having a crude disaster-recovery plan in place in case something "does" happen, rather than accepting that something "will" happen and proactively preparing for it. In this session, a panel of legal, technical and law-enforcement experts will discuss what well prepared organizations are doing right, when it comes to proactive interaction with law enforcement, information sharing and breach investigation and response.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.