
Speaker:
Vishal Salvi, Senior Vice President and CISO, Infosys
Managing Editor, Asia & the Middle East, ISMG
Join us in Bengaluru at our Fraud and Breach Prevention Summit and hear from industry leaders who are experts in specialties ranging from IoT, Aadhaar Security, and the emerging use of deception technology to the ever-persistent and ongoing mobile frauds, eCommerce frauds, tackling unknown threats and ransomware attacks. 2018 promises to have more than enough for all of us to talk about and learn from each other, as data breaches and frauds increase in scale and frequency and with businesses today preparing to ensure an effective, swift, and well-orchestrated response.
We have consciously designed our two-day dual-track sessions to address the needs of CISOs, fraud and risk teams, security and IT professionals, and others by providing hands-on tools and real-world problems and solutions that attendees can take back with them and apply them long after the summit ends.
Speaker:
Vishal Salvi, Senior Vice President and CISO, Infosys
Speaker:
Philippe Alcoy, Cyber Security Technologist, APAC, Arbor Networks, the security division of NETSCOUT
From 50 Gbps in 2013 to 1.7 tbps today, DDoS attacks have, in just five years, exponentially grown in size, frequency and complexity. We need to take a closer look at how the cyber-threat landscape has changed, and understand the reasons behind our challenge in defending against advanced attacks. This session showcases industry best practices for mitigating DDoS attacks and looks at how advanced edge analytics will help you retain control over the security of your IT environment.
The session will cover:
Speaker:
Sridhar Sidhu, Senior Vice President and Head of Information Security Services Group, Wells Fargo
Resources and security controls deployed for early detection are turning out to be futile when it comes to dealing with today's emerging threats. This session details an effective approach to threat hunting, which includes response to advanced attacks. Threat hunting is emerging as a new line of defense and is the latest innovation for security operations centers when it comes to combating advanced security threats. In addition to describing effective threat-hunting approaches, this session also reviews:
Speaker:
Tamaghna Basu, CTO, neoEYED
As fraudsters continually refine their techniques to steal customers' credentials, organizations have found new ways to fight back with new tools that use behavioral biometrics and cognitive fraud detection.
It is critical to know how cognitive abilities would help in managing risks, compliance and governance as well as help in maximizing detection, reducing false positives and optimizing strong authentication.
The session will describe various models used for behavior pattern analysis and demonstrate how this may be integrated into a real-world SOC to achieve a proactive posture. It will address:
Speaker:
Sethu S Raman, CRO, MphasiS
While some security experts see endpoint detection and response suites, or EDRs, as the successor to endpoint protection platforms, or EPPs, both have a role to play in securing the enterprise.
Implementing EDRs is time-consuming and requires specialized skills. EDRs generate so much finely detailed technical data about every aspect of an endpoint that they require skilled technicians to be effective, which means they could prove impractical for organizations that have small IT teams.
EDRs have capabilities to address some fundamental issues that signature-based anti-virus programs cannot handle. And EPP vendors increasingly bringing EDR-type capabilities to their platforms.
The session will feature a discussion of:
Speaker:
Prasanna Lohar, Head-IT, DCB Bank
According to a recent Gartner report, Blockchain distributed ledger technology has reached the peak of its hype cycle and remains at the peak of inflated expectations. It offers enormous promise, but enterprises are unsure how to extract business value from it. The question all security and fraud practitioners across all industry verticals want an answer to is: What are the applications of a public or private blockchain in their respective domains? Will blockchain tech help cybersecurity or be a hindrance?
Some experts argue that blockchain technology can help enterprises address age-old cyber risk challenges, such as digital identities and maintaining data integrity, by securing and preventing fraudulent/malicious activity through its consensus mechanism. Several proof-of-concept projects are underway in India, and banking is leading the way.
What can enterprises learn about blockchain application in security and fraud, and what do they need to know about the security of the blockchain data itself? What will 2018 look like for blockchain-based initiatives, and what real-world operational benefits can be expected from such public/private distributed ledgers?
This session offers insights about:
Speaker:
Ganesh Prasad, Pre-Sales Manager, India , RSA
Understanding the early signs of breach to respond accurately and in time is important to secure the most critical assets. Maintaining basic cyber hygiene goes a long way in helping organizations with breach preparedness is to unite business risks and IT risks with a common language and framework to help identify and focus on threats which carry real business risk.
Session will discuss:
Speakers:
Agnidipta Sarkar, Global Information Risk & Continuity Officer, DXC TechnologyNaavi Vijayashankar, Cyber Law ExpertRatan Jyoti, CISO, Ujjivan Small Finance BankSubhajit Deb, CISO, Dr. Reddy's Laboratories
Aadhaar - the largest biometric-based unique identification system in the world - holds the sensitive personal data of over 1.2 billion Indian citizens. With repositories of personal data held by both private companies and government, Aadhar has come under the lens for frequent data security lapses, and critics have started questioning whether the system really is "hack-proof."
Some believe that critics of Aadhaar are concerned only about citizens' fundamental right to privacy, or the loss of statutory benefits such as rations and direct benefit transfers due to a faulty Aadhaar system. However, recent breach incidents suggest the high likelihood of security lapses, which could lead to identity theft and the possibility of attacks against individuals from criminals leveraging compromised information from the huge data repository. This session explores UDAI's security posture, data protection capabilities and security control implementation methods.
The session will discuss:
Payments technology changes rapidly, and cybercriminal techniques are having no trouble keeping pace. As the use of stolen data and fraudulent cards become more difficult, criminals are shifting their focus and innovating to access customer payment transaction data. The risk of data theft is very real. To stay ahead, merchants and institutions need tools that are specifically designed to address evolving challenges. There is a need for a new set of security standards that can work in parallel without hindering development. The payment card industry has defined standards for protecting cardholder account data, but what about other data types? And what lessons can be learned from the data security practices that the payment card industry has introduced over the years?
The session reviews:
Speaker:
Greg Singh, Technical Director - APAC, Skybox Security
The exploitation of vulnerabilities is the root cause of most data breaches today and as such, the remediation or mitigating vulnerabilities can be one of the single most effective means of protecting your organization from attack.
Addressing the sheer volume of vulnerabilities that are present in most organizations poses a daunting proposition for security operations and the traditional method of addressing vulnerabilities with a high CVSS score simply doesn't cut it today. How can you leverage threat intelligence combine with valuable information trapped inside your infrastructure to reveal what vulnerabilities pose an imminent threat to your specific environment.
Session will address:
Speaker:
Shrenik Bhayani, General Manager, South Asia, Kaspersky Lab
The cybersecurity landscape is morphing at a rapid pace today - faster than ever before. Hundreds of sophisticated hacking campaigns and reckless proliferation of sophisticate malware threats over the last few years has left security teams struggling to contain these threats and protect the organization in a technology landscape that is changing at the same time. So what are the most important aspects of the global threat landscape today and what can e expect going forward?
The session will address:
Speakers:
Darshan Appayanna, CISO and Chief Knowledge Officer, Happiest MindsDharmaraj Ramakrishnan, Senior Director - IT and Head of Service Delivery - Banking and Payments, Fidelity National Information ServicesJagdeep Singh, CISO, Rakuten IndiaLopa Mudraa Basuu, Global Director IT Risk Operations, Ocwen Financial Solutions
While encryption, data loss prevention and web filtering technologies will continue to be important, Cloud Access Security Brokers will play a critical role in improving cloud security.
CASB, which is a next-generation firewall, helps CISOs gain the necessary visibility, map risks and detect external and internal threats.
With many organizations ready to take to the cloud, citing security, lack of visibility and governance as challenges, CASBs sit in the sweet spot as far as cloud security is concerned.
The panel will discuss:
Speaker:
Jayesh Ranjan IAS, Principal Secretary, Information Technology, Electronics and Communications Department, Government of Telangana
Critical infrastructure - energy, defense and transportation among the components - forms the backbone of a nation's economy, security and health. Hence, it is imperative to secure critical infrastructure elements, such as power grids, communication and finance.
State-sponsored attacks are gaining momentum and sophistication, and a persistent cyberattack on critical infrastructure could play havoc. The challenge, then, is to find new ways to mitigate risks emerging from rising threats to critical infrastructure. The most critical challenge for every region or nation is defining what critical infrastructure is, which needs to be protected at any cost. In addition, while in many ways organizations have created a glass house believing it to be secure, in most cases it is not resilient enough to protect against threats.
This session will discuss:
Speaker:
Anubhav Wahie, Business Manager- Cybersecurity, Cisco India
The Cyber threat landscape has evolved leaps and bounds over the last few years. The discussion on breaches, now at the board room level, is focused on preparedness, predictive intelligence and effective incident response. Leveraging a credible source of threat intelligence is foundational-in addition to its contribution to proactive threat hunting, it provides "relevant" insights to the cyber security operations center.
There is a continuous traction on building incremental capabilities. However, balancing best of breed capabilities with building a strong platform is extremely essential in operationalizing this setup. The platform approach helps with information exchange across vectors, which is critical to effective security operations. Lastly, time to detect and remediate can reduce the extent of impact and its containment. This can be achieved through automation.
This session would discuss:
Speaker:
Prakash Padariya, Head - Information Security, GE India Technology Center
Visibility has been a big challenge for every security practitioner. The exponential increase in the volume of incidents as well as the amount of threat intelligence and advisories that a typical security team needs to sift through on a daily basis, along with the increasing sophistication and stealth employed by advanced attackers, makes detecting an intrusion like finding a needle in a haystack. Traditional approaches are failing to effectively scale to address contemporary challenges, and a fresh look at visibility is necessary for active threat hunting, which active defense and cyber hunting can provide. By bringing broad military deception strategies to cybersecurity, deception technology puts the narrative squarely back in the hands of the defender in the event of an intrusion.
This session addresses:
Speaker:
Ravi Krishnan MuthuKrishnan, Product Security Architect, Visa
As businesses surge ahead with agile development processes, cloud and DevOps, traditional security can no longer be the show stopper. Security needs to integrate with the DevOps process to ensure responsibility is shared and security is built in.
DevSecOps enables application security testing by the developer and by the tester all the way into pre-production - whether it is static, dynamic or software composition analysis - in a more automated fashion.
This session will review:
Speaker:
Yogesh Kulkarni, Professional Services Lead - APAC, Rapid7
Security has always been a price sensitive market, and there are many vendors who meet some of the parameters of managed security services providers' and customers' requirements. But in some cases organizations choose solutions by compromising the features over price. What is the correct balance between the two and what are the basic foundational parameters for choosing the right solution? This session will explore the 'Basic Categorization" on how to choose the right solution to reduce risk, and increase the security posture.
Session will address:
Speaker:
Santhosh Varkey, Manager, Sales Engineering, Sophos
Sophisticated attacks comprise of a combination of delivery of exploit techniques, cryptojacking and exploiting user ignorance, enough to run the wrong program. Next generation threats routinely exploit legacy technologies which fail to identify and response to these threats. Way forward is Next Gen technologies, including deep Machine Learning and coordinated defense .This session will also include a live demonstration of exploit technique and blocking credential theft with machine learning.
Session will address:
Speaker:
Sunil Varkey, CISO, Wipro Limited
Cyber threat intelligence is a key cyber risk management enabler, providing the context necessary to inform decisions and action across the business. Whether related to incident response, monitoring and detection, or governance and policy making, well-structured cyber threat intelligence functions serve stakeholders across the business. They ensure that knowledge of current and anticipated relevant threats is provided in relevant formats.
This presentation discusses the role intelligence programs play and steps organizations can take to transform security operations to be intelligence-led. It reviews:
Speaker:
Vinit Goenka, Member Governing Council, CRIS - Center for Railway Information System, Organisation Under Ministry of Railways
The Cambridge Analytica debate throws up tough questions around the need for a strong data protection and privacy regime in India. In an age where privacy regime around the world are being strengthened and becoming more mature, the Indian approach to privacy and data protection remains a non-starter, with a data protection legislation still on the drawing board for the last half a decade. Democracies around the world are suffering from the misuse of personal information being harvested and analyzed, from social media and other sources, political parties to direct their political campaigns and influence the public opinion and the voting process.
The speaker will share deeper insight on the mechanics of how this process works, if it is illegal and why; and more importantly, the implications for the world's biggest democracy if we are not able to understand and address this issue, and put in the correct checks and balances. What does the government need to do to prevent and mitigate this kind of abuse? What are the regulatory requirements to introduce and enforce world class privacy and data protection standards in India?
Session will address:
Speakers:
Latha Reddy, Distinguished Fellow, East West Institute, New York & Former Dy. National Security and Cybersecurity Adviser of IndiaRudra Murthy, CISO, Digital India, Ministry of Home AffairsSanjay Sahay, Additional Director General of Police - Cyber, Karnataka PoliceSrinivas Poosarla, Head - Global Privacy & Data Protection, Infosys TechnologiesSubhajit Deb, CISO, Dr. Reddy's Laboratories
The privacy movement is gathering steam in India, with the Supreme Court recently ruling privacy is a fundamental right of citizens. However, a more immediate scramble is underway is to understand how Indian enterprises have started adapting to GDPR regime.
How has the GDPR mandate impacted Indian organizations, specifically those conducting business with EU nations and handling EU citizens' data? What are some challenges related to compliance with GDPR, and what is expected of organizations in the case of a data breach? What can practitioners expect the implications and impact to be, and how will it change the business imperatives, in the view of the hefty fines GDPR could impose? And what do Indian practitioners stand to learn from the changes taking place in the privacy landscape worldwide?
In this session, a panel of information security, cyber law and privacy experts, moderated by Sanjay Sahay, Additional Director General of Police-Cyber for Karnataka Police, will address:
Speakers:
Gyana Bardhan Pattnaik, Global Head-Embedded Horizontal & Application Software & IoT, L&T Technology ServicesMinatee Mishra, Director, Product SecurityRavikiran Avvaru, Head-IT & Security, APAC, ME & Africa, Apollo TyresVishal Jaitak, Cybersecurity Leader, GE Digital
The government of India is hopeful that the nation can build a $15 billion Internet of Things industry by 2020. MeitY has been developing standards for operating IoT across technologies and using data security as an enabler for adopting IoT. According to a recent study, India now has 41 IoT use cases, including smart manufacturing supply chain, service operations, transportation/logistics, healthcare, smart governance and smart utilities.
The growing number of IoT devices can potentially provide a direct conduit to some very private and valuable information in your company. In our rush to connect everything, security and privacy are often afterthoughts.
For IoT to become a business enabler in India, security considerations must be adequately addressed. It's essential to take a structured approach to implement security by design, with secure coding and end-to-end encryption of data. Because IoT devices generate huge amounts of data - and protecting data privacy is critical - it's crucial to secure the originating source of the data.
This panel will discuss:
For our premium members, we offer online webinars from all of our past events. Become a member now to get access to keynotes and important sessions from previous events.