Speaker:
Vishal Salvi, CISO, Infosys Ltd

The keynote kicks off the summit with a review of the threat landscape, highlighting the state of cybersecurity solutions and services, as well as the contemporary technologies that could impact the industry. The industry is likely to witness new attack trends, including newer forms of mobile attacks, wipers deployed for counter incidence response, IoT security challenges and fileless malware. The world is moving from a "Cold War" to a "Code War"' where information has become vulnerable to misuse.

Speaker:
Philippe Alcoy, Cyber Security Technologist, APAC, Arbor Networks, the security division of NETSCOUT

From 50 Gbps in 2013 to 1.7 tbps today, DDoS attacks have, in just five years, exponentially grown in size, frequency and complexity. We need to take a closer look at how the cyber-threat landscape has changed, and understand the reasons behind our challenge in defending against advanced attacks. This session showcases industry best practices for mitigating DDoS attacks and looks at how advanced edge analytics will help you retain control over the security of your IT environment.

The session will cover:

• DDoS threat landscape and growing complexity
• Industry best practices for mitigation
• Using advance edge analytics for fighting the DDoS threat

Speaker:
Sridhara Sidhu, Head - Infosec Services and Regulatory Compliance and Risk Management, Wells Fargo

Resources and security controls deployed for early detection are turning out to be futile when it comes to dealing with today's emerging threats. This session details an effective approach to threat hunting, which includes response to advanced attacks. Threat hunting is emerging as a new line of defense and is the latest innovation for security operations centers when it comes to combating advanced security threats. In addition to describing effective threat-hunting approaches, this session also reviews:

• Marrying threat hunting and incident response;
• Actionable takeaways about how human intelligence can be used to proactively identify and mitigate threats more readily and reliably;
• How AI helps gather intelligence from billions of transactions.

Speaker:
Tamaghna Basu, CTO, neoEYED

As fraudsters continually refine their techniques to steal customers' credentials, organizations have found new ways to fight back with new tools that use behavioral biometrics and cognitive fraud detection.

It is critical to know how cognitive abilities would help in managing risks, compliance and governance as well as help in maximizing detection, reducing false positives and optimizing strong authentication.

The session will describe various models used for behavior pattern analysis and demonstrate how this may be integrated into a real-world SOC to achieve a proactive posture. It will address:

• Developing a risk framework with cognitive security;
• The technological expertise available to detect these anomalies and patterns.

Speaker:
Sethu S Raman, CRO, MphasiS

While some security experts see endpoint detection and response suites, or EDRs, as the successor to endpoint protection platforms, or EPPs, both have a role to play in securing the enterprise.

Implementing EDRs is time-consuming and requires specialized skills. EDRs generate so much finely detailed technical data about every aspect of an endpoint that they require skilled technicians to be effective, which means they could prove impractical for organizations that have small IT teams.

EDRs have capabilities to address some fundamental issues that signature-based anti-virus programs cannot handle. And EPP vendors increasingly bringing EDR-type capabilities to their platforms.

The session will feature a discussion of:

• The resource requirements for migrating to EDR;
• A plan for going down the EDR path;
• A strategy for getting the most from an EDR deployment.

Speaker:
Prasanna Lohar, Head-IT, DCB Bank

According to a recent Gartner report, Blockchain distributed ledger technology has reached the peak of its hype cycle and remains at the peak of inflated expectations. It offers enormous promise, but enterprises are unsure how to extract business value from it. The question all security and fraud practitioners across all industry verticals want an answer to is: What are the applications of a public or private blockchain in their respective domains? Will blockchain tech help cybersecurity or be a hindrance?

Some experts argue that blockchain technology can help enterprises address age-old cyber risk challenges, such as digital identities and maintaining data integrity, by securing and preventing fraudulent/malicious activity through its consensus mechanism. Several proof-of-concept projects are underway in India, and banking is leading the way.

What can enterprises learn about blockchain application in security and fraud, and what do they need to know about the security of the blockchain data itself? What will 2018 look like for blockchain-based initiatives, and what real-world operational benefits can be expected from such public/private distributed ledgers?

This session offers insights about:

• Blockchain's applicability to the enterprise security and fraud-prevention framework;
• How DLT has helped in enhancing authentication and secure applications without the need for any centralized authority or identity management;
• The value drivers for the blockchain initiatives underway;
• Establishing identity and preventing fraud using blockchain technology.

Speaker:
Ganesh Prasad, Pre-Sales Manager, India & SAARC, RSA

Understanding the early signs of breach to respond accurately and in time is important to secure the most critical assets. Maintaining basic cyber hygiene goes a long way in helping organizations with breach preparedness is to unite business risks and IT risks with a common language and framework to help identify and focus on threats which carry real business risk.

Session will discuss:

• Identifying risk from a business-driven perspective
• Establishing and maintaining cyber hygiene
• Identifying early warning signs and responding proactively

Speakers:
Agnidipta Sarkar, Global Information Risk & Continuity Officer, DXC Technology
Naavi Vijayashankar, Cyber Law Expert
Ratan Jyoti, CISO, Ujjivan Small Finance Bank
Subhajit Deb, CISO, Dr. Reddy's Laboratories

Aadhaar - the largest biometric-based unique identification system in the world - holds the sensitive personal data of over 1.2 billion Indian citizens. With repositories of personal data held by both private companies and government, Aadhar has come under the lens for frequent data security lapses, and critics have started questioning whether the system really is "hack-proof."

Some believe that critics of Aadhaar are concerned only about citizens' fundamental right to privacy, or the loss of statutory benefits such as rations and direct benefit transfers due to a faulty Aadhaar system. However, recent breach incidents suggest the high likelihood of security lapses, which could lead to identity theft and the possibility of attacks against individuals from criminals leveraging compromised information from the huge data repository. This session explores UDAI's security posture, data protection capabilities and security control implementation methods.

The session will discuss:

• Building a resilient data protection framework in the context of Aadhar;
• Securing against fraud, hacks and new threats with appropriate tools and technologies;
• Lessons/best practices from other national social security/unique ID initiatives around the world.

Speaker:
Bharat Panchal, Sr VP & Head of Risk Management & CISO, National Payment Corporation of India

Payments technology changes rapidly, and cybercriminal techniques are having no trouble keeping pace. As the use of stolen data and fraudulent cards become more difficult, criminals are shifting their focus and innovating to access customer payment transaction data. The risk of data theft is very real. To stay ahead, merchants and institutions need tools that are specifically designed to address evolving challenges. There is a need for a new set of security standards that can work in parallel without hindering development. The payment card industry has defined standards for protecting cardholder account data, but what about other data types? And what lessons can be learned from the data security practices that the payment card industry has introduced over the years?

The session reviews:

• Innovations in security and compliance standards in securing payments transactions;
• Data-centric strategies for payment data protection in applications;
• How end-to-end encryption and tokenization can mitigate data breach risks.

Speaker:
Greg Singh, Technical Director - APAC, Skybox Security

The exploitation of vulnerabilities is the root cause of most data breaches today and as such, the remediation or mitigating vulnerabilities can be one of the single most effective means of protecting your organization from attack.

Addressing the sheer volume of vulnerabilities that are present in most organizations poses a daunting proposition for security operations and the traditional method of addressing vulnerabilities with a high CVSS score simply doesn't cut it today. How can you leverage threat intelligence combine with valuable information trapped inside your infrastructure to reveal what vulnerabilities pose an imminent threat to your specific environment.

Session will address:

• Contextual discovery of vulnerabilities in your environment
• Leveraging threat intelligence to manage vulnerabilities better
• Identifying and mitigating vulnerabilities that matter most to your organization

Speaker:
Shrenik Bhayani, General Manager, South Asia, Kaspersky Lab

The cybersecurity landscape is morphing at a rapid pace today - faster than ever before. Hundreds of sophisticated hacking campaigns and reckless proliferation of sophisticate malware threats over the last few years has left security teams struggling to contain these threats and protect the organization in a technology landscape that is changing at the same time. So what are the most important aspects of the global threat landscape today and what can e expect going forward?

The session will address:

• Facts and figures from Kaspersky Lab research
• The critical changes in the threat landscape
• Problem areas organizations need to monitor

Speakers:
Darshan Appayanna, CISO and Chief Knowledge Officer, Happiest Minds
Dharmaraj Ramakrishnan, Senior Director - IT and Head of Service Delivery - Banking and Payments, Fidelity National Information Services
Jagdeep Singh, CISO, Rakuten India
Lopa Mudraa Basuu, Global Director IT Risk Operations, Ocwen Financial Solutions

While encryption, data loss prevention and web filtering technologies will continue to be important, Cloud Access Security Brokers will play a critical role in improving cloud security.

CASB, which is a next-generation firewall, helps CISOs gain the necessary visibility, map risks and detect external and internal threats.

With many organizations ready to take to the cloud, citing security, lack of visibility and governance as challenges, CASBs sit in the sweet spot as far as cloud security is concerned.

The panel will discuss:

• How CASB can ensure that security policies are effectively protected and compiled;
• How CASB becomes a critical layer of security that enables encryption or federation with a variety of cloud providers;
• Challenges for organizations leveraging CASB.