Speaker:
Lt. Gen Rajesh Pant (Retd.), PVSM, AVSM, VSM, PhD, National Cybersecurity Coordinator - PMO, Govt. Of India

Recent security breach and fraud incidents across enterprises of all sizes suggest that organizations need much better defenses. As new attack trends emerge, including newer forms of mobile attacks, the world is moving from a "Cold War" to a "Code War," where information has become vulnerable and organizations struggle to mitigate sophisticated intrusions that slip through the chinks in their armor.

This session provides a review of the threat landscape and the state of cybersecurity solutions and services. It pinpoints what enterprises need to do to keep pace with global cyber threats.

Speaker:
Vishak Raman, Director, Security Business, Cisco India & SAARC

With cyber threats getting more sophisticated, a key challenge for every security professional is reducing the time to detect and respond to advanced attacks. An important step is to automate network and security operations to keep the business moving while keeping it secure.

This session describes how to:

• Build a comprehensive threat intelligence framework;
• Leverage open source to detect threats;
• Take a threat-centric approach to security to spot anomalies in the network in real time.

Speaker:
Brijesh Singh, Inspector General of Police (Cyber) and CISO, Maharashtra

There have been reports of India losing $18.5 billion due to business done on the digital black markets, which are used by hackers to infiltrate and siphon off information from big companies. Use of the dark web has raised questions on the loopholes in the laws in place to govern cybercrime in India. In the recent case Cosmos bank fraud, case, for example, $13.5 billion was fraudulently transferred with some assistance from the dark web.

The session details:

• How law enforcement agencies are dealing with the dark web;
• Challenges for investigating agencies in gathering evidence through the dark web;
• The complexities of the dark web and what needs to be done to pre-empt an attack and to understand the hackers' mindset;
• The need to be concerned about the dark web as part of your proactive defense strategy;
• How to approach monitoring and remediation if your content appears in the dark web.

Speaker:
A. K. Elavarasu, Vice President & Head-Information risk and Business Continuity, Mphasis

End point detection and response (EDR) implementation can be a time-consuming process that requires specialized skills. But it generates finely detailed technical data about every aspect of an end point, which helps in enhancing security. Although deploying EDR could be impractical for organizations that have small IT teams, for larger organizations, it has the capability to address some fundamental issues that signature-based anti-virus programs cannot handle. This session features a discussion of:

• The resource requirements for migrating to EDR;
• A plan for going down the EDR path;
• A strategy for getting the most from an EDR deployment.

Speaker:
Shakeel Khan, Business Manager, APJ, Zscaler

Digital transformation is the catalyst behind one of the largest technology shifts in our history. Every business wants better business agility, a competitive edge and cost savings.

To enable such a transformation, IT leaders have adopted SaaS applications and public cloud services, which help ensure scalability of IT infrastructure while improving the user experience. At least that's what they thought.But security often slows down these cloud initiatives or drives them to a firm halt. That's because legacy "castle and moat" security strategies were not built for a cloud-first world and require security appliances that add unnecessary complexity and management costs. They lack scalability and place users on the corporate network, leading to an increased attack surface.

This session offers insights on how enterprises are using the world's largest security platform built for the cloud to accelerate transformation.

Key topics include:

• How app transformation leads to network and security transformation;
• Why network security will slow transformation and must be rethought;
• How the internet has become the new corporate network;
• The benefits of leveraging a platform born in the cloud, for the cloud.

Speaker:
Pradeep Sharma, Security Strategist, RSA

Many organizations are launching ambitious digital initiatives. But they must identify, assess and mitigate the risks that emerge. And developing a comprehensive strategy is a major task as organizations face multiple dimensions of risk when it comes to digital expansion.

This session explores the approaches, strategies and solutions that can help manage security risks in this new age of digitization:

• An effective approach to manage the third party risks;
• Effective ways of identifying security risks;
• Risk mitigation strategies.

Speaker:
Diwakar Dayal, Managing Director - India & SAARC, Tenable

With digitization in full bloom, organizations' IT infrastructures have mushroomed to another level. As a result of new technologies, including IoT and the cloud, the cyberattack surface has spread far beyond laptops or servers in a data center.

But are security strategies evolving to keep up with the changes? How can organizations measure their cybersecurity success? This session addresses these and other important questions.

Our speaker discusses:

• The role of "risk score" metrics;
• Discovering and quantifying an organization's cybersecurity riskmeasure;
• Using metrics to create a cybersecurity report card and prepare a roadmap to reduce cyber risk;
• Prioritizing the risks and vulnerabilities that need immediate attention.

Speaker:
Harshil Doshi, Security Strategist, Forcepoint

Even with over $1 trillion spent on cybersecurity in the last decade, adversaries have continued to be highly successful in breaching the data of enterprises, governments, people and countries. With the advent of cloud adoption, digitization and automation of almost all processes, maintaining data security is going to get even more difficult.

How prepared we are to deal with the next generation of cyberthreats while we embark on a journey of making our world more connected and automated? A behavioral mechanism that predicts risks and make controls more adaptive to changing risk profiles can play an essential role. This session describes this new risk management approach.

Speaker:
Kiran Mohandas, Consulting Engineer

Many enterprises are adopting multi-cloud and other new technologies, including the internet of things and blockchain. They're substantially increasing their investments in security products. Nevertheless, large-scale cyberattacks and breaches are becoming even more common.

So with such big security investments, are these enterprises missing something very fundamental in their approach to network security? What's truly needed is to rethink security, focusing on protecting both perimeter-oriented traffic as well as lateral threat propagation within the network. This session explains this new approach.

Speaker:
Rakesh Kharwal, Managing Director - APAC, Cyberbit

Enterprises are increasing their security budgets, but they still are struggling with attracting and training the necessary cyber talent. Organizations are addressing the skills gap challenges using industry certifications, product certifications, on-the-job training or by following cybersecurity frameworks. But these methods may prove ineffective, falling short of producing "cyber pilots" who can fight the most sophisticated cyber wars.

Should cybersecurity team members be trained using simulations, just like military pilots? Can organizations use hyper-realistic training on a simulator to build their abilities?

This session will provide answers, addressing how to:

• Improve the training of new cybersecurity specialists;
• Build tools to understand attackers' range;
• Create a rapid response team to fight complex incidents.

Speakers:
Justice Shrikrishna , Former Judge, Supreme Court of India, and Chairman of the Data Protection Committee
Rahul Matthan, Fellow with Takshashila's Technology & Policy Research Programme

In an exclusive interview, Justice Srikrishna will sit for a 'fire side' chat interview in which he will discuss about India's long pending Data Protection Law for the Enterprise: From Policy to Practice.

Coverage will include:

• Key ingredients of the data protection framework and regulation;
• Breach Notification-what kind of controls need apply;
• Where does privacy begin at the enterprises;
• Status of Section 43A of the IT Act 2000, in view of new data protection law.

Speakers:
Mahesh Rajaraman, Group President II - Credit Cards Risk Mgmt & RCU Retail Assets, Yes Bank
Vipin Surelia, Senior Director- Risk Services & CRO

Vipin Surelia, Senior Director-Risk Services, Visa leads the India and South Asia team that ensures the safety and security of the VISA network, as well as internal and external products and services, including business continuity.

In this exclusive interview, Surelia will sit for a "fireside chat" interview in which he will address top fraud trends and payment card security, as well as take questions from attendees.

Coverage includes:

• The evolution of the threat landscape;
• Risk management challenges and mitigation techniques
• 2019 initiatives in securing digital payments

Speaker:
Subhajit Deb, CISO, Dr. Reddy's Laboratories

Since May 25, 2018, when GDPR went into full effect, security practitioners have been waiting to see how privacy regulators might impose sanctions for breaches. They're still seeking clarity on various GDPR clauses. For example, is there a resilient data protection framework for GDPR? How can an organization implement built-in security controls for its data inventory? How should data governance be handled?

This session addresses:

• The practical challenges security practitioners face in complying with GDPR;
• How to build a strong privacy-centric contract and governance mechanism for suppliers and other third parties;
• Building in effective security controls at the design stage.

Speaker:
Sudarshan Rajgopal, Global Lead- Information Risk Management and Security, Shell

As cyberattacks become more frequent, security operations teams and CISOs are struggling to keep up with the deluge of security alerts from an increasing arsenal of threat detection technologies. The challenges from an increasingly hostile threat landscape, combined with a lack of people, expertise and budget devoted to security, are driving organizations toward security orchestration and automation to tackle threats and transform security operations.

The session discusses:

• How digital transformation will enable security's transparent orchestration movement;
• Deriving threat intelligence from multiple sources in real time;
• Leveraging human and machine power to prioritize incident response activities;
• Automating machine-driven activities.

Speaker:
Sidharth Mutreja, Enterprise Solutions Architect- APAC

As cyber threats continue to evolve, organizations need to be able to rapidly detect and respond to the threats and attacks. Traditionally, security operations centers have been responsible for timely response, but this approach is proving insufficient. There's a need to move from an incident-driven to an intelligence-driven approach.

As a result, organizations need to implement next-generation SOCs that are much more proactive in detecting and ultimately remediating threats. This can be done by integrating analytics, threat hunting and threat intelligence functions with conventional SOC functions, including engineering, incident analysis and response.

This session covers:

• The key challenges faced by security operations;
• The key requirements of a modern security operation;
• A next-generation SOC framework leveraging threat intelligence;
• The key building blocks of a next-generation SOC.

Speakers:
Jaspreet Singh, Partner, Advisory Services, E&Y
Maheswaran S, Regional Director for South Asia

The cascading effect of growing regulatory requirements and customer demand to protect their data is building a compelling need for organizations to have a strong, end-to-end data protection strategy. As organizations continue to invest heavily in data protection solutions, many still struggle to achieve the goal of protecting their critical information assets.

The session highlights how data identification helps organizations implement effective data protection frameworks and maximize investments already made in data protection/management controls.

The session details:

• The need for data identification to enhance data protection;
• Global best practices for engaging users in an organization's data protection strategy;
• How to leverage AI and machine learning for effective data identification;
• Maximizing data protection investments through effective data identification.

Speaker:
Debasish Mukherjee, Country Director India & SAARC, SonicWall

Speeding up the detection of breaches requires a new approach, including a security platform that combines security intelligence, advanced threat prevention, reporting and management.

An end-to-end solution can provide interoperability, creating situational awareness with a holistic view.

The session explain how a single platform of visualization can help to:

• Provide actionable cyber threat intelligence to help better understand security risks and quickly respond to them in real time;
• Reduce security silos by consolidating and integrating security technologies;
• Manage cyber risk with greater visibility and control.

Speaker:
Anoop Das, Enterprise Manager, Middle East and India, Mimecast

Email remains a key vector for attacks because of the pervasiveness of phishing. Despite significant investments in security defenses, attackers and fraudsters continue to infiltrate organizations through targeted and advanced techniques. That's why organizations need a cyber-resilient program for email that's easy to manage; lowers costs and prevents attacks before they happen; minimizes disruptions during an attack; and enables quick recovery of email and data after an attack.

This session explores strategies for mitigating the risks to email. It addresses:

• Technologies hackers use to evade defensive measures;
• Ways to mitigate the risks of email compromises;
• Techniques to plug gaps in email security
• A holistic approach to safeguarding against email-borne cyberattacks, business disruption, data loss and human error.

Speakers:
Dharmaraj Ramakrishnan, Senior Director - IT and Head of Service Delivery - Banking and Payments, Fidelity National Information Services
Geetha Nandikotkur, Managing Editor, Asia & the Middle East, ISMG
K S Narayanan, CISO, PwC India
Sethu S Raman, CRO, MphasiS
Srinivas Rao, Co-Founder & Chief Mentor, Aujas Networks
Vijay Bharti, Senior Vice President & CISO, Happiest Minds

India's regulatory bodies are insisting that transactional data be stored domestically to help prevent breaches and to have better data protection mechanisms in place. The move could help fast-track cybercriminal investigations. But will data localization lead to improved data security?

This panel discusses:

• Whether the emphasis on data localization could hamper security efforts;
• The cost implications on storing data domestically;
• The best security controls to put in place;
• Whether creation of next-generation SOCs will help in building a strong monitoring framework.

Speakers:
Minatee Mishra, Director, Product Security
Naavi Vijayashankar, Cyber Law Expert
Ravikiran Avvaru, CISO, Toyota Kirloskar
Satyavathi Divadari, Director - Cyber Security, Cognizant Technology Solutions
Sridhar Sidhu, Senior Vice President - Enterprise Information Security, Wells Fargo
Subhro Dey, Assistant Vice President, Governance & Oversight, Wells Fargo

Too many organizations continue to address breach response from a reactive mode - having a crude disaster-recovery plan in place in case something "does" happen rather than accepting that something "will" happen and proactively preparing for it.

In this session, a panel of legal, technical and law enforcement experts discusses what well-prepared organizations are doing right when it comes to proactive interaction with law enforcement, information sharing and breach investigation and response.

The session discusses:

• Assessing an incident response plan;
• Evaluating forensic readiness;
• Using an information sharing mechanism.

Speakers:
Ajay Kanwal, Managing Director & CEO, Jana Small Finance Bank
Bithal Bhardwaj, CISO and Principal Risk Advisor, GE Africa & South Asia
Sanjay Sahay, Additional Director General of Police - Cyber, Karnataka Police

Security Leaders Creating Value for Business: Meeting the Expectations. Where is the Disconnect?