Western-December

This session will help IT security admins a structured basic approach to have an inventory of the infrastructure. When you keep your inventory up-to date, you are protecting your investment. Awareness of how attacks are happening and the signature with which we can learn, Utilize tools and build an infrastructure that will help secure your interests.

Many organizations believe that by complying with cybersecurity and compliance regulations, they are safe from attacks and data breaches. No organization is safe. And, being compliant doesn’t mean that you are sufficiently protected.  Attackers are smart, stealthy and focused on profiting from your high value information and ransomware payments.  And they’re usually a few steps ahead of you.

How can you reduce complexity and gain better insight into the risk of your strategic business priorities without burdening already taxed InfoSec teams?  You need to see risk differently by taking a different approach!

Join this session and learn how to:

• Gain insight into your risk posture and how risk impacts your business priorities

• Surface unseen risks lurking in the silos, disconnects, and gaps of your InfoSec activities

• Use intelligence and automation to deliver quick wins while freeing  up your team’s’ time

As technology advances and cybersecurity grows in importance, compliance requirements continue to increase. The old way of asking system admins for point-in-time screenshots, multiple times a year, is inefficient and outdated. In order to evolve the security compliance profession, we need a new way of performing compliance activities through continuous automation. This session will spotlight the way forward for compliance teams in today’s ever-evolving cyber risk landscape.

Learning Objectives:
The importance of why we need to evolve security compliance.
Best practices for implementing compliance at code-level.
Examples of how to apply continuous monitoring in your security compliance program.

Authentication is a foundational element of every cybersecurity program. With more than 80% of data breaches and most ransomware incidents stemming from credential-based attacks (e.g., phishing, credential stuffing, RDP brute, etc.), it has become clear that passwords are a fatally flawed authentication method. Unfortunately, many common solutions are “band-aids” on top of passwords and are lacking from both a security and user experience perspective.  Replacing passwords as an authentication factor is finally possible. While eliminating passwords is a critical step in stopping credential-based attacks, it is just a first step on the journey to advanced authentication and access control needed to achieve zero trust.In this talk, we will discuss:

• A brief history of authentication
• Changing requirements in the new work from home(or anywhere) business model and cloud-centric architectures
• Can we gain risk-reduction improvements by converging the traditionally disparate identity and security processes and technologies?
• A case for continuous user authentication
• What is device risk and why is the real-time assessment of endpoint security important

Not all zero trust is created equal.  In this talk, Andy will discuss how organizations are implementing a zero trust framework, and how the importance of data classification applies to implementing the proper level of control in a modern environment.

Email is both a necessary communication medium, and the most vulnerable area for an attack. Year after year, adversaries find success in abusing email to gain a foothold into an organization—deploying malware, leaking valuable data, or stealing millions of dollars.

Unfortunately, email threats are only growing in number. Business email compromise accounts for 35% of all losses to cybercrime, and the Verizon Data Breach Investigations Report holds that phishing remains the top entry point for breaches—a position it has held for years.

Does that mean email is doomed, and we should give up? Quite the opposite. But the shift to cloud email requires one major thing: a shift to cloud email security.

Attend the Abnormal Security session for answers to your most pressing questions, including:
– What are modern email threats, and how are they different from legacy attacks?
– Which email threats are most concerning, and how can we defend against them in the cloud environment?
– Which technical capabilities are required when protecting cloud email?
– How can cloud email security platforms detect the most dangerous attacks?