Los Angeles, CA

Sometimes just having a SOC isn’t enough to address insider threat issues. Security operations teams are managing massive amounts of data across billions of events from on premises to the cloud. Looking for specific needles like insider threats in this complex haystack has special requirements that encompass both searching historic data and seeing evolving credential behavior changes as they happen.

Whether from downsizing or expanding the business, employees, vendors, contractors, and more are moving in and out of your environment. And often, it is during turbulent times that insider threats go unobserved as everything  changes so quickly. Insider threat initiatives require a new, more focused approach.

This presentation will explore:

• The common scenarios that indicate you need an insider threat team, how to build a mission statement, and tools

• Four attributes of a successful insider threat program
• How behavioral analytics baseline “normal” behavior of users and devices – showing risk faster
• An automated investigation experience that replaces manual routines and effectively guides new insider threat teams

Cybersecurity can be a complex operation, but at its core, it’s made up of two components: people and technology. Although we’ve seen incredible advances in the technology side of things, we need to ensure that that technology acquisition doesn’t amount to another ‘shiny thing’ but empowers the people that operate it. Join Lumu’s Jeffrey Wheat as he shares his vision of what makes up an ideal cybersecurity operation.

There is no magic bullet in security. Yet there are many best practices adopted by enterprises across the globe that have proven to allow organizations to mitigate risk and mature their security posture. During this session you will learn about common trends and challenges in cybersecurity and what organizations are doing to keep up and be ready for the future.

Purpose-built IoT, OT, and network devices that are connected and disallow the installation of EDR software are part of a massive, rapidly growing category of targets that nefarious actors are exploiting. Attackers can use them to evade detection and maintain persistence. Nation-states, cybercriminals, and insiders have discovered that these devices can be easily compromised and used for a wide variety of malicious purposes.

Countries like Russia have developed tools like Fronton that are specifically designed to attack and control these device types. Some common devices from countries like China have even been banned because they ship with malware preinstalled from the manufacturer.

We’ve been researching IoT, OT and network device security for over five years across millions of devices and hundreds of organizations worldwide. This is unique research that isn’t being conducted by any other organization at this scale. This presentation will share several discoveries across device visibility, vulnerabilities, and exploits. The research calls out the most exploited device types, explores multiple war stories, and illustrates methods to mitigate the risks.

These purpose-built devices are being turned against us and becoming a new cybersecurity frontline across the enterprise, smart cities, buildings, and ships, healthcare providers, manufacturing, defense, our homes, and more. Compromises are impacting the physical world by unlocking our doors, shutting down power, and spying with audio and video surveillance. Attackers can use these devices to mine cryptocurrency, conduct DDoS attacks, and engage in ransomware as well as and move laterally to compromise our IT and cloud-based assets.

We don’t know what devices we have, so we don’t know what to fix. Even if we knew what to fix, it would be impossible to do so manually because of the scale. If we did fix it, we don’t have anything in place to ensure things stay fixed. This is leaving our IoT, OT and network devices at risk along with IT and cloud-based assets. These are our devices, and it’s time to take back control from the attackers.

In today’s threat landscape, security leaders must shift their focus to improving their cyber resilience. The ability to anticipate, withstand, recover from, and adapt to the evolving cyber threats will dictate how well-equipped your cybersecurity program is at defending against these threats. However, given the lack of skilled in-house security resources, it can be challenging to balance the number of incoming security alerts with delivering swift response to eliminate known and unknown threats.

In this presentation, join Brent Feller, Director Solutions Architect at eSentire, as they share insights on how you can leverage 24/7 threat detection, investigation, and response capabilities to reduce your cyber risk, build resilience and prevent business disruption.

Key takeaways include:

• How to assess, understand, and quantify your cyber risks
• Why you should shift your focus to building cyber resilience in addition to managing your cyber risks
• How proactive threat hunting, combined with 24/7 threat detection and response, are critical in developing a strong cyber defense strategy

We’ve reached a bit of a post-COVID era plateau, where the new normal is represented by a diverse workforce using multiple devices from an endless variety of locations. The modern organization must be able to provide secure access to applications, infrastructure, and information across the internet from any device or location.

In this talk we will discuss:

› What can a zero trust approach accomplish?

› Real and imagined barriers

› Achieving zero trust project wins

› Getting Started

SecOps groups are challenged more than ever as budgets tighten and cyber-threats continue to rise unabated. Ideally, SecOps should be a way to safely and confidently enable your security group (and your whole organization) to run leaner and more efficiently. Metrics are the foundation for SecOps, but you have to ensure that those metrics tell the real story, rather than keeping your analysts frustrated by chasing meaningless alerts. To do this, you need to assess your detection and response tools and move to a more holistic platform that integrates with your firewall, as an example, and gives you all of the metrics across your attack surface in one pane of glass, detects even the most complex attacks, and presents contextual information about exactly how to respond. And responding to attacks should mean more than locking down assets – when your analysts respond, the platform should enable them to create playbooks so the platform can automatically prevent similar scenarios from having any impact at all. We will cover these ideas in this session and give use case examples of how to succeed.