The keynote kicks off the summit with a review of the threat landscape, highlighting the state of cybersecurity solutions and services, as well as the contemporary technologies that could impact the industry. The industry is likely to witness new attack trends, including newer forms of mobile attacks, wipers deployed for counter incidence response, IoT security challenges and fileless malware. The world is moving from a "Cold War" to a "Code War"' where information has become vulnerable to misuse.

Given the increase in sophisticated attacks, CISOs are constantly working toward developing detection, response and recovery capabilities, while prevention tops the wish list.

The Security Operations Center has been the foundation for incident detection and response, but its effectiveness is being questioned.

There's a need to move to a next-gen SOC or alternatively termed as CSOC (cybersecurity operations center), which is proactive in detecting threats. This can be done by integrating analytic, hunting and threat intelligence functions with traditional SOC functions of engineering, incident analysis and response.

The session details:

• Necessary ingredients to build a CSOC that helps in proactive monitoring and management capabilities;
• Tools for detection and quick response combined with sound analytics;
• Components of a risk analysis engine and discover patterns.

Resources and security controls deployed for early detection are turning out to be futile when it comes to dealing with today's emerging threats. This session details an effective approach to threat hunting, which includes response to advanced attacks. Threat hunting is emerging as a new line of defense and is the latest innovation for security operations centers when it comes to combating advanced security threats. In addition to describing effective threat-hunting approaches, this session also reviews:

• Marrying threat hunting and incident response;
• Actionable takeaways about how human intelligence can be used to proactively identify and mitigate threats more readily and reliably;
• How AI helps gather intelligence from billions of transactions.

How can a cognitive/deep-learning system be designed that constantly teaches itself about evolving trends and anomalies, based on the tremendous amount of data available to enterprises today?

The goal is to use artificial intelligence and machine learning to reduce dependence on human insight and intervention, steadily automating the process of detecting a wider gamut of emerging fraud and correlating across all data and intelligence available while simultaneously reducing operator error and time to action. This session will describe what it takes to design such a system that is sustainable, reliable and scalable. It will address:

• What practitioners need to know about machine learning;
• How to draft the correct roadmap and expectations;
• What technologies are playing key roles.

Organizations are increasingly looking at advanced IAM policies and controls to reduce insider data breach risks.

CISOs are working toward establishing processes to grant appropriate access to data by creating and managing user accounts and prevent unauthorized access to information.

Organizations have started automating the processes with an advanced IAM solution to gain holistic access controls, user accountability and system auditability and threat detection.

The session will discuss:

• How processes are being automated with the latest IAM solution to weaken adversarial attack chains;
• Use of a multifactor authentication to add a layer of security and access and privilege-based control;
• Integrating IAM into existing system through services that consolidate identities across applications and platforms.

E-commerce is one of the Indian economy's fastest growing sectors. Bank of America Merrrill Lynch estimates that Indian online retail market to carry a gross merchandise value of $62 billion by 2020, with a GMV of $17 billion this year. With e-commerce playing a pivotal role in the economy, cybersecurity fraud is posing immense challenges as accounts are compromised and subject to account takeovers and identity theft. So fraud techniques are constantly evolving, and new data breaches are reported every day. Are your online security practices adapting rapidly enough?

Weak passwords have been the bane of cybersecurity. But as multifactor authentication steadily becomes the norm, what are some next-generation authentication strategies that merit consideration?

How do you overcome the conundrum of a requirement for strong authentication, but also the real risk of cart abandonment if you ask consumers to jump through too many hoops? The session will discuss:

• Initiatives, including the FIDO2 standard, to move away from password authentication;
• Use of predictive fraud technologies and artificial intelligence to assess risk;
• Managing risk with the right tools and controls;
• Biometric authentication: the privacy and reusability concerns.

Mobile banking continues to evolve at a staggering rate. However, with mobile operating systems and their varying support of security best practices, multiple new threat vectors are being introduced, and many are already being widely utilized for malicious purposes.

There are now more than 10 million rogue mobile apps in circulation, with hidden malicious features such as those for monitoring and capturing user activity or bypassing mobile banking authentication mechanisms. To fight new threats, practitioners are putting their best foot forward in enhancing authentication and using a risk analysis engine that analyzes behaviors to help prevent fraud.

The session details:

• New threat vectors being introduced and how to prepare for them;
• Enhanced authentication standards to fight threats;
• Components of a risk analysis engine.

As fraudsters continually refine their techniques to steal customers' credentials, organizations have found new ways to fight back with new tools that use behavioral biometrics and cognitive fraud detection.

It is critical to know how cognitive abilities would help in managing risks, compliance and governance as well as help in maximizing detection, reducing false positives and optimizing strong authentication.

The session will describe various models used for behavior pattern analysis and demonstrate how this may be integrated into a real-world SOC to achieve a proactive posture. It will address:

• Developing a risk framework with cognitive security;
• The technological expertise available to detect these anomalies and patterns.

Aadhaar - the largest biometric-based unique identification system in the world - holds the sensitive personal data of over 1.2 billion Indian citizens. With repositories of personal data held by both private companies and government, Aadhar has come under the lens for frequent data security lapses, and critics have started questioning whether the system really is "hack-proof."

Some believe that critics of Aadhaar are concerned only about citizens' fundamental right to privacy, or the loss of statutory benefits such as rations and direct benefit transfers due to a faulty Aadhaar system. However, recent breach incidents suggest the high likelihood of security lapses, which could lead to identity theft and the possibility of attacks against individuals from criminals leveraging compromised information from the huge data repository. This session explores UDAI's security posture, data protection capabilities and security control implementation methods.

The session will discuss:

• Building a resilient data protection framework in the context of Aadhar;
• Securing against fraud, hacks and new threats with appropriate tools and technologies;
• Lessons/best practices from other national social security/unique ID initiatives around the world.

Payments technology changes rapidly, and cybercriminal techniques are having no trouble keeping pace. As the use of stolen data and fraudulent cards become more difficult, criminals are shifting their focus and innovating to access customer payment transaction data. The risk of data theft is very real. To stay ahead, merchants and institutions need tools that are specifically designed to address evolving challenges. There is a need for a new set of security standards that can work in parallel without hindering development. The payment card industry has defined standards for protecting cardholder account data, but what about other data types? And what lessons can be learned from the data security practices that the payment card industry has introduced over the years?

The session reviews:

• Innovations in security and compliance standards in securing payments transactions;
• Data-centric strategies for payment data protection in applications;
• How end-to-end encryption and tokenization can mitigate data breach risks.

According to a recent Gartner report, Blockchain distributed ledger technology has reached the peak of its hype cycle and remains at the peak of inflated expectations. It offers enormous promise, but enterprises are unsure how to extract business value from it. The question all security and fraud practitioners across all industry verticals want an answer to is: What are the applications of a public or private blockchain in their respective domains? Will blockchain tech help cybersecurity or be a hindrance?

Some experts argue that blockchain technology can help enterprises address age-old cyber risk challenges, such as digital identities and maintaining data integrity, by securing and preventing fraudulent/malicious activity through its consensus mechanism. Several proof-of-concept projects are underway in India, and banking is leading the way.

What can enterprises learn about blockchain application in security and fraud, and what do they need to know about the security of the blockchain data itself? What will 2018 look like for blockchain-based initiatives, and what real-world operational benefits can be expected from such public/private distributed ledgers?

This session offers insights about:

• Blockchain's applicability to the enterprise security and fraud-prevention framework;
• How DLT has helped in enhancing authentication and secure applications without the need for any centralized authority or identity management;
• The value drivers for the blockchain initiatives underway;
• Establishing identity and preventing fraud using blockchain technology.

While encryption, data loss prevention and web filtering technologies will continue to be important, Cloud Access Security Brokers will play a critical role in improving cloud security.

CASB, which is a next-generation firewall, helps CISOs gain the necessary visibility, map risks and detect external and internal threats.

With many organizations ready to take to the cloud, citing security, lack of visibility and governance as challenges, CASBs sit in the sweet spot as far as cloud security is concerned.

The panel will discuss:

• How CASB can ensure that security policies are effectively protected and compiled;
• How CASB becomes a critical layer of security that enables encryption or federation with a variety of cloud providers;
• Challenges for organizations leveraging CASB.