
8:30 am - 9:00 am

Registration & Exhibit Browsing

Managing Editor, Asia & the Middle East, ISMG
ISMG, a global industry in information security news, will host its flagship event of 2021 Cybersecurity Virtual Summit: India & SAARC on March 23-24, 2021.
The year 2020 has been chaotic for enterprise security dealing with COVID-19 associated challenges, which also led the practitioners to find new ways to address the cybersecurity challenges in securing the distributed work environment. Experts hope the year 2021 will bring in new vigor as the CISOs are expected to rethink security and risk strategies as the industry is ushering in new forms of threats and also fight the unknown unknowns.
Join our virtual summit to gain expert insight from the stalwarts of the InfoSec industry on the myths and realities about deploying new frameworks and risk mitigation tools, taking a tactical and strategic approach to building cyber defenses in responding to new forms of threats and how to take control of security in this ‘virtual’ enterprise world.
23 and 24 March 2021 at 8:30 am IST
As analysts say, after feeling so defenseless in the face of calamity, enterprises are moving to an adaptive era. With the distributed workforce will come the inevitable discomfort of potentially exposing organizations to cyberattacks if the right precautions are not taken to adapt to this new phenomenon.
Should CISOs start making tough decisions when allocating scarce resources for data security? Since there is no limitless budget and no endless resources, what should they prioritize and how ruthless they need to be.The session will discuss:
Speaker:
Manoj Abraham, Additional Director General of Police, Kerala Police
Today's big challenge facing enterprise security is the 'dark web,' an ungoverned and seemingly ungovernable internet area where you can browse and communicate with complete anonymity. Through the use of dark web and crypto currencies, criminals have been able to very successfully run 'crime-as-a-service' model. The business and the security agencies have been able to make very little, if any, impact.
What can be done to make your enterprises' cybercrime - resilient', and how should law enforcement respond to this menace.
The session will discuss:
Speaker:
Vernon Co, Senior PreSales Consultant APAC, EfficientIP
In this ‘zero trust’ era, DNS remains a favorite target and attack vector due it’s criticality for linking users to apps. 79% of organizations suffered DNS attacks, causing severe impacts such as app downtime. But as it sees almost all traffic intent, DNS is ideally placed to be your first line of defense against malware, ransomware and data theft, overcoming limitations of firewalls and IPS.
The session will discuss how client-based domain filtering and threat intelligence created from real-time analysis of DNS traffic:
Enterprises traditionally used on-premises IAM software to manage identity and access policies. With companies adopting cloud services, the process of managing identities is getting more complicated. Therefore, adopting cloud IAM solutions becomes a logical step. However, mapping single sign-on users and IAM roles can become challenging as users can have multiple functions that span several cloud accounts.
The session will discuss:
As organizations continue to view Security as just a technology issue, CISOs must work with business and technology leaders to design safety into systems, processes, and people from the start.
Adopting a 'security by design' approach and weaving it into the digital transformation road map helps organizations protect critical information infrastructure defend against cyberthreats.
As organizations move from hybrid to a multi-cloud environment to experience benefits like accommodating peak usage, minimizing downtime, and avoiding vendor lock-in, they also usher in increased security vulnerabilities. How should the cybersecurity arsenal enhance multi-cloud data security and the technologies that can be harnessed to deliver the security promise?
The session will discuss:
Speaker:
Mathan Babu Kasilingam, CISO, Vodafone Idea
We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response.
The session will discuss:
Cybersecurity is a two-sided proposition, requiring both defenses of internal networks and operating effectively in the cyber domain. The first side is to secure the networks that are undoubtedly necessary, organizing budgets, deploying people, processes, and technologies to secure the infrastructure. However, the weakest links in the cybersecurity posture are people and the facilities where the sytems are hosted physically. As you can guess, that is the far or second side of cybersecurity, that the teams should not lose sight of the need to couple the defense of their networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats to secure their overall environment. How do you protect your IoT, OT, and SCADA systems against threats? Is there a strategy to deal with the external threats?
A fireside chat will experts discuss:
Speaker:
Sanjay Tiwari, CISO, India Infoline Group
The biggest challenge for practitioners today is to enable greater flexibility for a remote workforce while being fully compliant and secure. The "zero trust" model can play a critical role, but implementing it is a daunting task, and there's no "one size fits all" approach to making the transition to a zero trust architecture. This session provides a practical approach to adopting zero trust, outlining the strategy, the possibilities for leveraging existing investments and the need for new investments.
This session will also discuss:
The intersection of DevOps and InfoSec is always considered to be a challenge and often raises questions about why security benefits from combining the two. While most security practitioners understand the need to be part of the development cycle, they always struggle to keep pace as DevOps processes mostly occur outside the purview of information security.
It is imperative to have the intersection of DevOps and InfoSec to prevent hacks similar to the recent SolarWinds. The session will discuss:
Micro-segmentation is being considered as it is said to create secure zones and moves security away from identifying IP addresses by granting access to users to relevant applications based on their role. It's a core technology for 'zero trust' to create process-level visibility and provide secure access. How challenging is it to make a segmentation of your network as you see more convergence happening?
This session will discuss:
Third-party risks have been the Achilles' heels for organizations for many years now. The recent SolarWinds incident showed the world the impact third party risks can have on companies globally. With the distributed work environment becoming the new norm, it is no longer practical to have a manual process to manage third parties' risks. Automation is the name of the game when dealing with third-party risks as it enables quicker vendor assessments and selection with less downtime.
Automation also helps in promptly resolving newly identified risks with vendors and enables addressing risks on repeatable processes, allowing humans to focus on the most significant threats.
This session will discuss:
The ongoing challenges to fill mass cybersecurity job vacancies amid the backdrop of a lack of diversity continues to haunt one of the world’s hottest industries.
According to analysts, we are witnessing the ratio of women rising in the cybersecurity industry growing by 11% year on year.
However, the big challenge is how to retain them and bridge the skill gap and empower them. What are the unique challenges women CISOs face in their journey?
The session will discuss:
Speaker:
Jeewapadma Sandagomi, Senior General Manager-Enterprise Risk Management, Mobitel (Sri Lanka)
The telecom sector in Srilanka is going through an overhaul to drive digital transformation due to the ongoing pandemic. As a result, the traditional enterprise security role is also going through this change to meet the new technological, social, and business demands and derivatives. It’s become imperative for enterprise security to protect customer data against growing threats and leaks. Enterprises need to delve into adopting the best risk mitigation strategies and harness technologies in getting the data and networks exposed to vulnerabilities.
The session discusses:
The issue of balancing ‘Privacy’ with ‘Data Economy’ has once again come to the forefront, triggering a host of debates and petitions by government, human rights activists, CISO, CPO, and legal experts. Some of the challenges the industry is grappling with are fair use of data, the validity of a data privacy consent, balancing security with privacy, use of algorithmic decision making, data sharing with partner entities. It becomes critical to understand how the ‘data protection and privacy framework’, which includes regulation, standards, and policies, can be leveraged to provide privacy assurance to consumers and strike the right balance for the larger public good.
Some of the areas, the panel will deliberate:
With the COVID-19 throwing up enormous challenges at the CISOs, forcing them to take a good, hard look at viable security projects, the one that tops the list is risk-based vulnerability management. This is the “last mile effort” involved in already joint bulk vulnerability assessment and telemetry and bringing in additional information in the form of threat intelligence.
The session will discuss:
While organizations invest a lot in gathering data, more often than not, they are not able to utilize the data intelligently. With enterprises, including large ones, facing increasing attacks, efficient threat intelligence can go a long way in using evidence-based knowledge to determine the risk of the system. Today, all AI research efforts are focused on building a specialized Artificial intelligence that can help identify threats faster than before. The current application of AI provides additional analytics horsepower to already existing technologies. AI thus lends to these applications greater effectiveness and value.
Moreover, with cyber attackers also leveraging AI for attacks, security teams need to be prepared even more to counter such intelligent threats and anticipate what is coming. However, deploying machine learning and AI without preparation and ongoing support may make things worse.
This session will discuss:
Phishing attacks are evolving, increasing in number, and becoming more sophisticated every passing year. Unsurprisingly, phishing attacks were one of the top threats to organizations in the year 2020. Even the world’s largest corporations aren’t immune and experience more than 1,000 phishing attacks a month. Several training attempts have failed to solve email’s fundamental flaw – anyone can send an email using someone else’s identity. Phishing attacks have also been the cause of several data breaches leading to loss of intellectual property and loss of brand reputation. Most enterprises have been trying to introduce a DMARC- Domain-based Message Authentication, Reporting & Conformance policy to establish the email authentication standard that enables senders to gain visibility into how their email domains are used and abused.
However, details of implementing DMARC are not widely understood yet. Though DMARC usage has grown exponentially, most of those who implemented DMARC did not get it right.
This session will include:
The need for enhanced business agility and secure remote access to support digital transformation has led to the adoption of the security access service edge, or SASE, model among enterprises. Some say CISOs now don't have to procure individual discrete security solutions and tie them into the network security layer; instead, they can source from one logical place using the SASE security model.
While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.
While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.
The session will discuss:
As analysts say, after feeling so defenseless in the face of calamity, enterprises are moving to an adaptive era. With the distributed workforce will come the inevitable discomfort of potentially exposing organizations to cyberattacks if the right precautions are not taken to adapt to this new phenomenon.
Should CISOs start making tough decisions when allocating scarce resources for data security? Since there is no limitless budget and no endless resources, what should they prioritize and how ruthless they need to be.The session will discuss:
Speaker:
Manoj Abraham, Additional Director General of Police, Kerala Police
Today's big challenge facing enterprise security is the 'dark web,' an ungoverned and seemingly ungovernable internet area where you can browse and communicate with complete anonymity. Through the use of dark web and crypto currencies, criminals have been able to very successfully run 'crime-as-a-service' model. The business and the security agencies have been able to make very little, if any, impact.
What can be done to make your enterprises' cybercrime - resilient', and how should law enforcement respond to this menace.
The session will discuss:
Speaker:
Vernon Co, Senior PreSales Consultant APAC, EfficientIP
In this ‘zero trust’ era, DNS remains a favorite target and attack vector due it’s criticality for linking users to apps. 79% of organizations suffered DNS attacks, causing severe impacts such as app downtime. But as it sees almost all traffic intent, DNS is ideally placed to be your first line of defense against malware, ransomware and data theft, overcoming limitations of firewalls and IPS.
The session will discuss how client-based domain filtering and threat intelligence created from real-time analysis of DNS traffic:
Enterprises traditionally used on-premises IAM software to manage identity and access policies. With companies adopting cloud services, the process of managing identities is getting more complicated. Therefore, adopting cloud IAM solutions becomes a logical step. However, mapping single sign-on users and IAM roles can become challenging as users can have multiple functions that span several cloud accounts.
The session will discuss:
As organizations continue to view Security as just a technology issue, CISOs must work with business and technology leaders to design safety into systems, processes, and people from the start.
Adopting a 'security by design' approach and weaving it into the digital transformation road map helps organizations protect critical information infrastructure defend against cyberthreats.
As organizations move from hybrid to a multi-cloud environment to experience benefits like accommodating peak usage, minimizing downtime, and avoiding vendor lock-in, they also usher in increased security vulnerabilities. How should the cybersecurity arsenal enhance multi-cloud data security and the technologies that can be harnessed to deliver the security promise?
The session will discuss:
Speaker:
Mathan Babu Kasilingam, CISO, Vodafone Idea
We typically think of supply chain attacks as stealthy attacks on hardware components, such as malware on laptops and network devices. Still, the supply chain attack was an attack on a service provider that cannot be ruled out as it is a significant intrusion of the entire ecosystem. The supply chain attacks ushers in the risk: supplier vulnerabilities which the common cause of compromise. Keeping a watchful eye on suppliers' security status – always knowing the risks they bring in – is an essential part of building resilience and response.
The session will discuss:
Cybersecurity is a two-sided proposition, requiring both defenses of internal networks and operating effectively in the cyber domain. The first side is to secure the networks that are undoubtedly necessary, organizing budgets, deploying people, processes, and technologies to secure the infrastructure. However, the weakest links in the cybersecurity posture are people and the facilities where the sytems are hosted physically. As you can guess, that is the far or second side of cybersecurity, that the teams should not lose sight of the need to couple the defense of their networks with appropriate resources dedicated to combatting criminal, terrorist, and other threats to secure their overall environment. How do you protect your IoT, OT, and SCADA systems against threats? Is there a strategy to deal with the external threats?
A fireside chat will experts discuss:
Speaker:
Sanjay Tiwari, CISO, India Infoline Group
The biggest challenge for practitioners today is to enable greater flexibility for a remote workforce while being fully compliant and secure. The "zero trust" model can play a critical role, but implementing it is a daunting task, and there's no "one size fits all" approach to making the transition to a zero trust architecture. This session provides a practical approach to adopting zero trust, outlining the strategy, the possibilities for leveraging existing investments and the need for new investments.
This session will also discuss:
The intersection of DevOps and InfoSec is always considered to be a challenge and often raises questions about why security benefits from combining the two. While most security practitioners understand the need to be part of the development cycle, they always struggle to keep pace as DevOps processes mostly occur outside the purview of information security.
It is imperative to have the intersection of DevOps and InfoSec to prevent hacks similar to the recent SolarWinds. The session will discuss:
Micro-segmentation is being considered as it is said to create secure zones and moves security away from identifying IP addresses by granting access to users to relevant applications based on their role. It's a core technology for 'zero trust' to create process-level visibility and provide secure access. How challenging is it to make a segmentation of your network as you see more convergence happening?
This session will discuss:
Third-party risks have been the Achilles' heels for organizations for many years now. The recent SolarWinds incident showed the world the impact third party risks can have on companies globally. With the distributed work environment becoming the new norm, it is no longer practical to have a manual process to manage third parties' risks. Automation is the name of the game when dealing with third-party risks as it enables quicker vendor assessments and selection with less downtime.
Automation also helps in promptly resolving newly identified risks with vendors and enables addressing risks on repeatable processes, allowing humans to focus on the most significant threats.
This session will discuss:
The ongoing challenges to fill mass cybersecurity job vacancies amid the backdrop of a lack of diversity continues to haunt one of the world’s hottest industries.
According to analysts, we are witnessing the ratio of women rising in the cybersecurity industry growing by 11% year on year.
However, the big challenge is how to retain them and bridge the skill gap and empower them. What are the unique challenges women CISOs face in their journey?
The session will discuss:
Speaker:
Jeewapadma Sandagomi, Senior General Manager-Enterprise Risk Management, Mobitel (Sri Lanka)
The telecom sector in Srilanka is going through an overhaul to drive digital transformation due to the ongoing pandemic. As a result, the traditional enterprise security role is also going through this change to meet the new technological, social, and business demands and derivatives. It’s become imperative for enterprise security to protect customer data against growing threats and leaks. Enterprises need to delve into adopting the best risk mitigation strategies and harness technologies in getting the data and networks exposed to vulnerabilities.
The session discusses:
The issue of balancing ‘Privacy’ with ‘Data Economy’ has once again come to the forefront, triggering a host of debates and petitions by government, human rights activists, CISO, CPO, and legal experts. Some of the challenges the industry is grappling with are fair use of data, the validity of a data privacy consent, balancing security with privacy, use of algorithmic decision making, data sharing with partner entities. It becomes critical to understand how the ‘data protection and privacy framework’, which includes regulation, standards, and policies, can be leveraged to provide privacy assurance to consumers and strike the right balance for the larger public good.
Some of the areas, the panel will deliberate:
With the COVID-19 throwing up enormous challenges at the CISOs, forcing them to take a good, hard look at viable security projects, the one that tops the list is risk-based vulnerability management. This is the “last mile effort” involved in already joint bulk vulnerability assessment and telemetry and bringing in additional information in the form of threat intelligence.
The session will discuss:
While organizations invest a lot in gathering data, more often than not, they are not able to utilize the data intelligently. With enterprises, including large ones, facing increasing attacks, efficient threat intelligence can go a long way in using evidence-based knowledge to determine the risk of the system. Today, all AI research efforts are focused on building a specialized Artificial intelligence that can help identify threats faster than before. The current application of AI provides additional analytics horsepower to already existing technologies. AI thus lends to these applications greater effectiveness and value.
Moreover, with cyber attackers also leveraging AI for attacks, security teams need to be prepared even more to counter such intelligent threats and anticipate what is coming. However, deploying machine learning and AI without preparation and ongoing support may make things worse.
This session will discuss:
Phishing attacks are evolving, increasing in number, and becoming more sophisticated every passing year. Unsurprisingly, phishing attacks were one of the top threats to organizations in the year 2020. Even the world’s largest corporations aren’t immune and experience more than 1,000 phishing attacks a month. Several training attempts have failed to solve email’s fundamental flaw – anyone can send an email using someone else’s identity. Phishing attacks have also been the cause of several data breaches leading to loss of intellectual property and loss of brand reputation. Most enterprises have been trying to introduce a DMARC- Domain-based Message Authentication, Reporting & Conformance policy to establish the email authentication standard that enables senders to gain visibility into how their email domains are used and abused.
However, details of implementing DMARC are not widely understood yet. Though DMARC usage has grown exponentially, most of those who implemented DMARC did not get it right.
This session will include:
The need for enhanced business agility and secure remote access to support digital transformation has led to the adoption of the security access service edge, or SASE, model among enterprises. Some say CISOs now don't have to procure individual discrete security solutions and tie them into the network security layer; instead, they can source from one logical place using the SASE security model.
While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.
While most organizations have well understood the importance of SASE, not many are clear on how to go about its implementation.
The session will discuss:
View sessions, chat with speakers and technology experts in our Interactive Exhibit & Networking Experience, and browse our Resource Center to download educational assets to review post-summit.
If you miss any live sessions, feel free to log in and view on demand at your own pace. Session recordings will be available in our virtual environment after the agenda has ended.
ISMG Virtual Summit Attendee Guide
For more information please download our ISMG Virtual Summit Attendee Guide.
To earn CPE credits, hear from industry influencers, join ISMG’s global community and meet with leaders of technology register today.