Akamai Security Solutions: Protecting Banks Worldwide. Akamai. Carousel. As the digital landscape continues to evolve an
Session Descriptions Monday, October 26 7:30 - 8:30 am FS-ISAC 101 Bill Nelson, FS-ISAC
Viceroy
This session is an interactive workshop on FS-ISAC services. It provides an overview of FS-ISAC, how to use the portal, filter alerts, and participate in appropriate special interest groups.
9:00 - 9:30 am | Members Only Technical Forum* Leveraging Cyber Threat & Intelligence in Proactive Fraud Analytics and Investigations Christopher Mascaro, First Data Corporation
Ballroom Cyber Intelligence
Cyber security and fraud organizations have traditionally been distinct organizations within financial institutions. The increasing sophistication of fraudsters and the focus on cyber-attack vectors to facilitate fraudulent activity, demonstrates the need for cyber security and fraud organizations to work together. This session provides a framework and series of case studies for cyber threat & intelligence support to proactive fraud monitoring and fraud investigations along with examples that illustrate monetary impact of cooperation. More than an ISO: Cyber Risk Management Dennis Lamm, Fidelity Investments
Viceroy Governance
The proliferation of cyber risks (attacks, SOC reports, client audits, regulatory exams, internal audits, vendor reviews, incidents, resiliency events, etc.) are driving organizations to establish a technology risk management program that goes beyond the role of the Information Security Officer (ISO). This session will examine some of the emerging risks and requirements for technology risk management, discuss how in practice it differs from information security, and share best practices for identifying and controlling cyber risks.
9:45 - 10:15 am | Members Only Technical Forum* Behavior-Based Cybersecurity Analytics Justin Christian, Aetna
Ballroom Cyber Intelligence
Technologies have evolved that enable us to create, store, and share digital information, and as result a new security landscape has emerged. Cybersecurity threats are increasingly sophisticated and adversaries are finding ways to exploit an organization’s vulnerabilities. New developments in big data technologies and behavioral analytics will support the transformation of the next generation of cybersecurity capabilities. In this session, the presenters will outline technology trends and innovations that will impact behavior modeling and improved cybersecurity. A Case Study in Building an AppSec Program: 0-60 in 12 Months Robb Reck, Pulte Financial Services
Viceroy Governance
This case study will detail the implementation of an enterprise application security program at a financial software provider. Day 1, the organization had no application security program. Day 365, they had a comprehensive program with controls throughout the SDLC, feedback loops and effective metrics. This case will highlight the controls implemented, resistance encountered and lessons learned.
Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 7
Monday, October 26 continued
10:15 - 10:45 am | Members Only Technical Forum* STIX for Beginners David Eilken, Soltra
Ballroom Cyber Intelligence
If you’ve recently heard of STIX and are new to machine-to-machine intelligence communication, this session is for you. Topics to be covered will include: the basics of the cyber intelligence standards STIX & TAXII, and a brief introduction on the current state and use of the standards in the industry today. No Really...It’s Not You, It’s Me; Why Security Awareness has a Failed Relationship with Security Viceroy Paula Fetterman, T. Rowe Price Governance The definition of insanity is “trying the same thing over and over and expecting a different result.” Across our industry, Security Awareness professionals continuously struggle with how to effectively communicate security principles and secure their organizations. If the goal of most Security Awareness programs is to change behavior and improve security of the “Human O/S”, what are we doing to break from the insanity? What is it that is causing this failed relationship? We will discuss some common break-downs that are happening in the Security Awareness space and suggest tools and techniques that can help Security Awareness programs get on the road to recovery.
11:00 - 11:30 am | Members Only Technical Forum* Effective Exploitation of Shared Threat Data Adam Zollman, Lockheed Martin
Ballroom Cyber Intelligence
Threat Intelligence sharing often emphasizes more and faster intelligence as the solution for effective countermeasures despite lower value and less context. LM-CIRT has developed a system to automatically assess shared threat data within the context of pre-evaluated intelligence to reliably and rapidly apply the high-value intelligence to defenses with low false positive rates. The presenter will share some of the tools and processes they’ve developed to manage this lifecycle and some threat data sharing metrics.
11:00 am - 12:00 pm | Members Only Technical Forum* Report from the Trenches: How are Cybercriminals Bypassing Our Controls? Mauricio Velazco, The Blackstone Group
Viceroy Threats & Attacks
The security industry produces a wide range of products to protect networks, yet cybercriminals are constantly innovating and identifying new methods to bypass these controls. This session will show some of these innovative attacks used by cybercriminals in the wild and analyze how they bypass security solutions. As defenders, we need to understand the limitations of the tools we use and innovate as our enemy does to protect from the new attacks.
11:30 am - 12:00 pm | Members Only Technical Forum* Venezuela and Cuba Latin America’s Security Challenges Jeff Stutzman, Wapack Labs
Ballroom Cyber Intelligence
Venezuela has made several efforts to increase its cyber capabilities. These efforts include a proactive effort for cyber network exploitation and attack capabilities. This session explores resources, frameworks and contemporary cyber risks in response to this trend as well as the cyber relationships being built in Latin America. What impact will this have on the financial services community for Latin America? What cyber risks are implied and can be tracked?
Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 9
Monday, October 26 continued
1:00 - 1:45 pm | Members Only Meetings* Key Concerns for How Technology Firms are Enhancing Security Controls John Carlson, FS-ISAC
Ballroom
A panel of technology firms will discuss their efforts in building security into the foundation of their products.
1:45 - 2:30 pm | Members Only Meetings* State of the Cyber Security Workforce, and What To Do About It Zach Goldman, New York University; Angie Messer, Booz Allen Hamilton
Ballroom
The information and cyber security workforce shortfall is growing year after year, and the primary reason is less about money and more about the insufficient pool of suitable candidates. However, this projected workforce shortfall does not mean hiring will stop. In this panel, the presenters will discuss the results of the 2015 (ISC)2 Global Information Security Workforce study and what approaches companies can take to facerising security workforce shortages.
2:35 - 3:05 pm | Members Only Meetings* FFIEC Cybersecurity Assessment Tool Valerie Abend, Office of the Comptroller of the Currency
Ballroom
This summer, the FFIEC released a Cybersecurity Assessment Tool (Assessment). The presenter will describe the features and benefits of the Assessment that was developed by the regulators for banks and credit unions to identify their inherent risk profile and measure their cybersecurity preparedness.
3:05 - 3:50 pm | Members Only Meetings* Key Concerns for CEOs and Board of Directors John Carlson, FS-ISAC
Ballroom
This is a CEO and Board of Director level session that will explore key concerns of CEOs and the Board as it relates to cybersecurity and resiliency issues and effective strategies for communicating risks and asking for appropriate resources to mitigate the risk.
4:00 - 4:30 pm | Members Only Meetings* Improving Financial Services Response in a National Cyber Crisis Gregory Rattray, JPMorgan Chase
Ballroom
The financial services sector must be prepared for involvement in a national-level cyber crisis. The presentation will describe how the industry conducts sector-level crisis response, coordinates with the government and conducts readiness activities to include drills and exercises. Discussion will focus on areas for future improvement.
4:30 - 5:00 pm | Members Only Meetings* Leveraging the Threat Intelligence Maturity Model to Build an Intel-Driven Security Program Jonathan Couch, iSIGHT Partners
Ballroom
Implementing a comprehensive intelligence driven security program is a multi-faceted effort. In this session, the presenter will present TIMM -- Threat Intelligence Maturity Model. This in depth model will enable attendees to assess their cyber security program’s current state, measure gaps against a desired future maturity level and understand the steps required to get there. Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 11
Monday, October 26 continued
5:00 - 6:00 pm | Solutions Showcases** How to Automatically Incorporate Application Security Requirements to Reduce Risk and Scale Your Security Team Security Compass
Carousel
SD Elements is a software security requirements management solution. Using a short questionnaire, SD Elements automatically generates relevant security requirements for an application, links them to test cases and delivers them into development tools. When building or maintaining a mature application, SD Elements effortlessly integrates with your development tools and processes to ensure your software is secure. It provides prescriptive, secure coding advice based on your project’s application technology, business and compliance drivers. New Integrated View of Cross-Channel Client Activity to Intelligently Assess Fraud Risk Guardian Analytics
Carousel
FraudMAP offers next-generation behavioral analytics for detecting suspicious banking activity. We will share an innovative new approach to analyzing risk across channels and products. We incorporate 3rd party feeds and combining siloed data elements to provide an integrated view of each account holder so that activity in one channel can be analyzed in the context of all activity. This intelligent assessment of risk is essential to detecting cross-channel fraud attacks and preventing losses. Eliminating Malware from Web and Email via Isolation Menlo Security
Carousel
Menlo Security protects organizations from cyberattacks from the Web, email and other critical threat vectors. The company’s patented “Isolation Platform,” isolates and eliminates malware in the cloud, providing users with a completely transparent and safe experience without the need to deploy software to endpoints. Menlo Security is trusted by some of the world’s largest enterprises, including Fortune 500 companies and financial services institutions. They are headquartered in Menlo Park, CA. Security’s Biggest Blind Spot: Third Party Risk SecurityScorecard
Carousel
How do you know your partners’ security posture? Today’s biggest and most invisible data breaches are coming from attacks or vulnerabilities in the partner ecosystem. SecurityScorecard provides non-intrusive and continuous risk awareness so businesses and their partners, suppliers, and vendors can collaboratively predict and mitigate security issues. Our customers are Fortune 1000 leaders in financial services, retail, healthcare, real estate, manufacturing, and other vertical industries. Advanced Malware Remediation and Protection Strategies Malwarebytes
Carousel
Malwarebytes provides anti-malware and anti-exploit software designed to protect businesses and consumers against zeroday threats that consistently escape detection by traditional antivirus solutions. Malwarebytes Anti-Malware earned an “Outstanding” rating by CNET editors, is a PCMag.com Editor’s Choice, and was the only security software to earn a perfect malware remediation score from AV-TEST.org. That’s why more than 50,000 SMBs and Enterprise businesses worldwide trust Malwarebytes to protect their data. Strong Security for Your Weak Link: Implementing People-Centric Security in FSIs Proofpoint
Carousel
The device in your pocket, the network you monitor, and the IT architecture you secure have all changed radically, but one thing has not: your people. With social media and mobile apps joining email as a threat vector, the attack surface for our users has massively grown. This session will delve into the latest in intelligence, process, and technology to protect users, ranging from how cloud-scale graph databases can find sophisticated spear phishing to the new generation of tools that protect social media feeds and identify malicious mobile apps. Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 13
Monday, October 26 | 5:00 - 6:00 pm Solutions Showcases** continued
Hiding in Plain Sight: Protect Against Bad Hashes Tripwire
Carousel
Why check for a hash? Cyber criminals, hacktivists & malware engineers create malicious software disguised with known and expected good filenames. One exploited attack method is to insert malware into patch updates where no integrity check is made of the patch identity. Key Takeaways: • Current attack methods that may use filenames you already trust • How to validate integrity and identity of files and patches in your environment • Identifying indicators of compromise faster Why Application Whitelisting Makes Sense in Financial Services Bit 9 + Carbon Black
Carousel
The Bit9 Security Platform is the most comprehensive and widely deployed advanced endpoint threat protection solution. By continuously monitoring and recording all endpoint activity, Bit9 can prevent, detect, and respond to data breaches caused by cyber threats that evade traditional security defenses. They can provide critical compliance and audit reporting capabilities required by PCI-DSS and other regulatory compliance standards. Bit9’s real-time visibility, cloud-driven reputation, advanced threat indicators and real-time enforcement engine provide organizations with immediate visibility and granular control over all endpoint activity.
Tuesday, October 27 8:15 - 9:00 am | Keynote Cybersecurity, Counterterrorism and National Policy: A Leader Shaping the Debate on America’s Most Urgent Matters Mike Rogers
Ballroom
Cybersecurity, Counterterrorism and National Policy: A Leader Shaping the Debate on America’s Most Urgent Matters
9:00 - 9:45 am | General Session Hot Off the Press: Cloud and Security Finally Become Friends Jerry Brady, Morgan Stanley; Rajiv Gupta Skyhigh Networks
Ballroom
Financial services firms are embracing public cloud services and meeting their numerous security and compliance requirements. Sound too good to be true? Come hear from two industry luminaries as they share strategies to extend critical on-premise application security capabilities to SaaS, PaaS, and IaaS environments. The presenters will discuss common use cases and architectures that go beyond conventional approaches to cloud application security.
10:15 - 11:15 am | Concurrent Sessions Key Outcomes from the Public/Private Initiatives Government Efforts to Improve Cybersecurity Edison John Carlson, FS-ISAC; Deron Mcelroy, DHS; Ed Roback, US Department of Treasury; Governance Ari Schwartz, Venables Before this session, review the key outcomes from the “Hamilton” exercises, including the Request for Technical Assistance and Destructive Malware Task Force. A panel of public and private participants will discuss the work they are doing to enhance cybersecurity.
Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 15
Tuesday, October 27 | 10:15 - 11:15 am Concurrent Sessions continued
Actor Profiling: Methods for Actor Attribution Jeff Bardin, Treadstone71
Regent Cyber Intelligence
There are several frameworks for making an actor attribution. Some of them begin with a general idea of characteristics of people/organizations who might wish to target a given institution and identify matching persons/organizations while others track suspicious persons/groups and extrapolate characteristics of interest to determine who the adversaries are. The session will draw on the experience and recommended best practices of experienced panelists with expertise in actor attribution. Inside Apple Pay: Authentication and Fraud Prevention in the Evolving Payments Landscape Vijay Balasubramaniyan, Pindrop Security; Ray Jones, Wells Fargo
Viceroy Governance
Apple Pay represents the tip of the iceberg of the evolving payments landscape, and it is already a hotbed for fraud. In this presentation, the presenters will lead a live demonstration of real-world hacks that criminals are using to manipulate Apple Pay to avoid complex authentication paths. They will then evaluate the authentication and security measures used by several credit card issuers to deter these attacks, comparing their effectiveness in preventing the use of stolen accounts. Actionable Intelligence to Combat the Latest Malware Threats and Cybercrime Tactics Impacting Financial Institutions Dr. Hugh Thompson, Blue Coat Systems, Inc.
Empress Cyber Intelligence
Defense-in-depth is fundamental to the field of security, but in today’s rapidly changing threat environment, we need to reimagine defense-in-depth for financial institutions. We’ll explore the latest malware evasion and defense-in-depth strategies, along the new ways to deliver, consume and act upon threat intelligence to prevent attacks, rapidly recover from incidents, and anonymously share information that benefits the entire industry.
11:30 am - 12:30 pm | Concurrent Sessions Open Source Security – What Security Testing Tools Miss Mike Pittenger, Black Duck Software
Edison
Static analysis, dynamic analysis, and other testing tools are all essential weapons against adversaries. But for the 80%+ of companies worldwide that use open source software in their application development these tools are ineffective in identifying and mitigating open source security risks . This presentation will cover: • The value of static and dynamic tools, and where they best fit in the Secure Development Lifecycle • Why these tools are not useful in identifying known vulnerabilities in open source components • Controls development and security professionals can deploy to select, detect, manage and monitor open source for existing and newly disclosed vulnerabilities Implementing an Action-Oriented Insider Risk Management Program Guy Filippelli, RedOwl; Jay Leek, Blackstone
Regent Governance
An increasing number of Global 1000 organizations are establishing insider risk management programs, as security executives see the risks that malicious, compromised and negligent insiders have on organizations. This session explores the following elements of an insider risk management program: 1. stakeholder roles and responsibilities 2. workflows among stakeholder groups 3. technical enablers for improving a broad multi-stakeholder insider risk management program Additionally, the presenters will focus on real-world scenarios from Blackstone’s insider risk management program.
Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 17
Tuesday, October 27 | 11:30 am - 12:30 pm Concurrent Sessions continued
Change the Game - Fight Those Who Fight You Ronnie Tokazowski, PhishMe
Viceroy Threats & Attacks
Over the years, attackers of all affiliations have broken into corporations and stolen documents, pilfered bank accounts, or attempted to social engineer our employees. Many forget that the attackers are human too, and are susceptible to the same techniques they are using. Through this session, the presenter will present several use cases and ideas that will make life more difficult for the attackers you are facing. Quality Over Quantity; Separating Quality Cyberthreat Data from the Rest Rod Rasmussen, IID
Empress Cyber Intelligence
With the rise of cyberthreat intelligence, the term “quality data” is being used an awful lot. But how do you identify quality data and separate it from “noise?” IID and the Ponemon Institute will reveal for the first time results of a survey of hundreds of businesses and U.S. government agencies around cyberthreat data. They’ll address what the key characteristics of quality data are, how “bad” data has negatively impacted their organization and much more.
1:45 - 2:45 pm | Concurrent Sessions Evolving Your Threat Intelligence Capabilities: Strategic and Proactive Cyber Defense Saxon Burke & Kyle Davis, Target
Edison Cyber Intelligence
This session will introduce a new way to approach the concept of “threat intelligence” The idea of threat-driven intelligence operations is fairly new, and the presenters want to recommend a further iteration that encompasses strategic and futurefocused intelligence capabilities -- this holistic approach, they believe, will prepare enterprises for the evolving threat landscape rather than constrain us all into reaction-mode in perpetuity. Risk Driven from the Front Line: Using Incident Responders and Threat Assessments to Inform Risk Decisions James Williams, State Farm
Regent Governance
This presentation will review State Farm’s adoption of the FAIR (Factor Analysis of Information Risk) methodology, and how that adoption allowed for the creation of a tactical Threat Assessment process. The presentation will review the assessment deliverable, the aspects of FAIR used to derive the threat values used to calculate risk, and the role the Incident Responders play in completing a threat assessment with a focus on the operational (quick use) tools in use today. Analyzing Advanced Threats: A View from the Inside Simon Crosby, Bromium; Tim Dawson, JP Morgan Chase
Viceroy Threats & Attacks
Banks are under attack. What threats do the largest financial services in the world face and how do they mitigate advanced cyber-attacks? One best practice is threat isolation, which prevents breaches and enables complete analysis of the attack. Join the presenters for a discussion of this best practice and analysis of some of the advanced threats facing financial services. Cyber Resiliency Stephen Russell, PwC
Empress Governance
The Executive Management team should recognize its leadership role in setting the proper tone and structure for enabling cyber resiliency throughout the organization. They should also recognize the importance of mitigating cyber risks as an essential task in maintaining the on-going success of their institution. Cyber resilient organizations are better positioned to keep pace with evolving threats, thereby helping them avoid financial damage, negative publicity, and loss of customers’ trust.
Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 19
Tuesday, October 27 continued
3:00 - 4:00 pm | Concurrent Sessions Enterprise Cyber Risk Management – Why It’s a Game-Changer for Your Company Jason Harrell & Tess Martillano, BNY Mellon
Edison Governance
Historically, there has been a dichotomy between business, technology, and risk at global enterprises. This results in a siloed view of risk and weakens risk management controls and governance. To address these challenges, an enterprise approach to risk management that brings all parties to the table is required. Corporate Senior Information Risk Officers (CSIROs) are charged with this responsibility and are strategically placed in the businesses to provide targeted risk expertise, while representing the Technology, Risk, Compliance, and Legal organizations. This presentation will provide an inside look at the CSIRO program’s structure and progression. We’ll share challenges and successes as well as the program’s continued evolution to help organizations manage the rapidly changing cyber risk landscape. Using Classified Information to Secure Your Company’s Systems Danell Castro, Mastercard; Sean Franklin, American Express; Julia Phillipp, US Treasury; Jason Witty, US Bank
Regent Cyber Intelligence
Who in your company needs a clearance? How will they get classified information? How will they use it without going to jail? We’ve been working with the government to identify ways to improve how we receive classified information and how we use it within our organizations. This panel will discuss lessons learned, products and coming deliverables from the working group. Neighborhood Watch - Collaborate and Educate to Keep Cybercriminals Off of Our Networks Viceroy Jason Brown, Secret Service; Tom Kellermann, Trend Micro Threats & Attacks In this presentation, the speakers detail the evolution of cybercriminal tactics within the financial sector, focusing on how criminals maintain a footprint within our networks through sophisticated evasion techniques. Learn how the Eastern European hacker community has been especially successful at evading current controls and the effect on the industry. Finally, two recent case studies will exemplify how to decrease cybercriminal time on your network and more accurately predict future attacks. What CISOs Need to Know about Cyber Insurance Robert Shaker, Symantec
Empress Governance
CISOs are told to expect that their company will be attacked and compromised. Cyber insurance is poised to help financially bail them out if an attacker is successful. In this session, a former financial CISO, now Global Operations Leader over Incident Response services, will share what he has learned in the trenches that could make your policy better and your premium lower. What do you really need to focus on to get great Cyber Insurance?
4:15 - 5:15 pm | Solutions Showcases** Insights into the Database Infrastructure DB Networks
Carousel
DB Networks offers intelligent continuous monitoring to “shine a light” on your database infrastructure. Through deep protocol analysis, you’ll gain new insights and a situational awareness of your database infrastructure. You can then establish an effective defensive layer to protect your databases. Operating in front of the database servers, the DBN-6300 immediately identifies any undocumented databases, traffic to/from restricted segments, and advanced SQL injection database attacks. Understand Your Fraud Landscape Easy Solutions
Carousel
Learn how to combine the power of DMARC with fraud intelligence to protect your organization and users from threats including phishing, malware, social media attacks and domain abuse. Gain unmatched visibility and control of your email ecosystem, shutdown attacks against your brand and solidify your fraud detection and prevention strategy. Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 21
Tuesday, October 27 | 4:15 - 5:15 pm Solutions Showcases** continued
The Need for Speed: Sharing Threat Intel in Real Time Helps Prevent Breaches BrightPoint Security
Carousel
BrightPoint Security redefines threat intelligence sharing based on granular policy controls that expand on the current industry community model. By extending the sharing model of real context and automation, including repository, tagging, email notification, IT teams can elevate the level of threats and have a better chance to stop attacks before they happen. BrightPoint’s platform reduces the window of exposure and enables the sharing of threat intelligence in real time. Does Your CISO Know Where the SSH Keys are Hidden? CyberArk
Carousel
The average large enterprise can have 1 million SSH keys, which provide privileged, administrative access to critical systems and sensitive financial data. While 51% of enterprises have already experienced an SSH key-related compromise, most organizations have not secured these keys because they are incredibly difficult to find, much less control and manage. Learn how CyberArk can help you discover, secure and manage privileged SSH keys, to better protect your critical systems from cyber-attacks. Why 6 of the Top Global Banks Use Agari to Secure Their Email Agari
Carousel
Email has never been secure. Today, anyone can spoof your brand and we don’t think that’s ok. Customers trust your brand as best-in-class and cybercriminals use that trust to attack your customers. Hear from Agari Field CTO on how Agari secures the email channel for 6 of the top 10 global banks. With Agari, you can see attacks as they originate, protect your customers and proactively eliminate future threats. When you secure your email, you secure your revenue, build customer confidence and reduce service costs. Learn How Multi-Vector Detection and Asset Context Provide Insight to Threat Defense and Remediation Cyphort
Carousel
Join the presenters for a brief product demonstration to show you how Cyphort’s Advanced Threat Protection solution delivers complete defense against current and emerging Threats, targeted attacks, and zero day vulnerabilities. In just 15 minutes, you will see how Cyphort’s platform can detect and correlate threats from Web and Email sources, as well as internal threats (lateral spread) generated from compromised hosts. They’ll demonstrate how dynamic context for each threat plays a key role in prioritizing Incident Response and how integration with existing protection solutions can provide immediate protection. Proactive Security: The Optimal Pairing of Man & Machine Synack
Carousel
Synack’s Crowd Security Intelligence™ platform applies an adversarial approach to exploitation discovery to show the enterprise where their vulnerabilities are and how they can be used against them. Synack combines the human ingenuity of the private and vetted Synack Red Team with the scalability of Hydra, our self-learning security platform, to continuously discover exploitable vulnerabilities across client’s mobile applications, web applications, and host-based infrastructure. Orchestration Changes Everything Invotas
Carousel
CSG Invotas provides orchestration and automation solutions for real-time and cost-efficient management of large security ecosystems. Invotas builds upon CSG’s proven solutions and expertise to support the mitigation and eradication of cyberattacks across complex enterprise environments. CSG Invotas allows organizations to mature their automation capability and fundamentally change how they do security.
Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 23
Wednesday, October 28 8:15 - 8:45 am | General Session Offense, Defense and Special Teams – What are We Learning and Sharing Across Functions? Sandy Bird, IBM
Ballroom
In this session, we will look at current threats, financial malware trends, and real behind the scenes use cases to derive meaningful security intelligence during such a rapid pace of change. While working with leading financial institutions exploring big data and analytics, we will share key lessons learned from operationalizing such programs and see how firms can optimize security information sharing and deliver the capabilities needed to proactively stop advanced threats and protect critical assets, and firm and client data.
8:45 - 9:15 am | General Session Threat Intelligence Comes of Age: Market Dynamics, Use Cases and New Technologies for Financial Services Joe Pizzo, Norse
Ballroom
Threat intelligence helps Financial CISOs use their security, spend more efficiently and combat adversaries more effectively. However, the market remains nascent and fragmented and most of the integration burden still rests with the SOC. With that being said, TI services from different vendors are not easily compared. In this session, the presenter will map out the TI marketplace, including all the top vendors and major classes of offerings, to help CISOs understand the ecosystem and determine which providers fit their needs.
9:45 - 10:45 am | Concurrent Sessions Understanding the Eurasian Cyber Threat Luke Dembosky, US Department of Justice; Jake Jacobson, United States Secret Service; James Katavolos, Citigroup; Brett Leatherman, Federal Bureau of Investigation
Edison Threats & Attacks
A panel of experts from the government and the industry with experience in combating cybercrime and the nation state threats emanating from Eurasia, will discuss their view of the threat from each of their distinct perspectives. Implementing .bank: Experiences and Opportunities Doug Johnson, American Bankers Association
Regent Governance
The .bank top level domain has been operational since May 2015, providing a more secure, identifiable space for banks and bank customers to transact business online. This session will focus on the experience of bankers in implementing the domain to take advantage of this opportunity. User Behavior Analytics - Fraud, Insider Threat & Access Misuse Brian Johnson, PayPal; Saryu Nayyar, Gurucul
Viceroy Threats & Attacks
PayPal leverages User Behavior Analytics (UBA) to address cases of fraud, access misuse and insider threats. This is geared specifically towards fraud. Behavior analytics are a key component for account security and detecting customer account takeovers. The ability to use predictive analysis based on identity enhances PayPal defenses to proactively protect customers. Identity and access intelligence is also leveraged to detect misuse for identity’s and their access. From an internal perspective, the third use case looks for insider threats and employee account takeovers.
Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 25
Wednesday, October 28 | 9:45 - 10:45 am Concurrent Sessions continued
It’s Time to Embrace the Cloud to Secure the Cloud Jay Chaudhry, Zscaler; Chris Finnecy, Barclays
Empress
Zscaler protects your employees from malware, viruses, advanced persistent threats and other risks and can also stop inadvertent or malicious leaks of your company’s sensitive data. Our security services scan and filter every byte of your network traffic, including SSL-encrypted sessions, as it passes to and from the internet. Give your executives instant insight into threats and get real-time recommendations on how to improve your security posture.
11:00 am - 12:00 pm | Concurrent Sessions Soltra Edge: STIX Vacuum Aharon Chernin, Soltra
Edison Cyber Intelligence
The next step for machine-to-machine collaboration with STIX goes further than just sharing indicators of compromise. Soltra Edge gives your organization the ability to bring in multiple sources of intelligence into a single interface so that it can be acted upon. To facilitate this, we are demoing several new ways to collect, find, and convert data into STIX format so that it can be consumed into your intelligence processes. The Future of Cyber Crime: More Targeted and Elusive Attacks, Less Collateral Damage Regent Elias Manousos, RiskIQ Threats & Attacks Attacks against individuals have proven to be effective for stealing personal and financial information. With that being said, no method is more dangerous than malicious digital advertising (malvertising). Using the ad ecosystem, a threat actor can infect millions with a single ad on any device, from any website, with little collateral damage. This presentation will look into the malvertising ecosystem and offer best practices that financial services firms can use to lower the risks these attacks pose to their customers. Securing Security: Architecture Considerations for Financial Services Security Systems Bryan Smith, Endgame
Viceroy Governance
Distinguishing an ambitious employee from a malicious impostor in time to prevent damage and loss requires scalable data, compute, and connectivity resources. This presentation presents an architecture that provides this scalability and addresses the security considerations necessary for implementation and portability across multiple cloud deployment options. The presenter will discuss how organizations can maintain data security by anonymizing customer identifiers, protecting data at rest through encryption, controlling data retention and destruction, and quickly recovering infrastructure during compromise. Applied Security Analytics - Case Studies and Use Cases From the Battlefields Igor Baikalov, Securonix
Empress Threats & Attacks
This session will focus on how applying advanced security analytics models can address sophisticated use cases, and promote rapid detection of advanced attacks and threats in their environments. Learn how the latest innovations in security analytics transformed the way organizations approach security.
1:00 - 2:00 pm | Solutions Showcases** Speedy Detection of DNS-Based Data Exfiltration Prelert
Carousel
Modern attack software often communicates with remote systems through a Command and Control channel hiding within various data fields of the DNS protocol. DNS must be allowed through firewalls and due to its varying data fields, is difficult to inspect. In this demonstration, see how Anomaly Detective® uses machine learning to automatically baseline normal DNS behaviors by analyzing DNS logs and precisely identifying actual DNS Tunneling activity initiated by malware associated with real data breaches. Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 27
Wednesday, October 28 | 1:00 - 2:00 pm Solutions Showcases** continued
Techniques for Mitigating Security Risks Rapid7
Carousel
Experts agree, it’s not if—but when—you’re going to be subject to a successful attack. Solving this challenge is not obvious: attackers stay undetected on networks for 229 days; teams receive thousands of false positives; and investigating events is time and labor intensive. This showcase will cover the techniques security professionals can implement to mitigate risks including: Combatting the #1 attack vector—compromised credentials; eliminating dangerous alert fatigue; leveraging intruder analytics for faster detection and investigation. New Outside Cyber Threats Expand Your Attack Surface – What You Need To Know BrandProtect
Carousel
According to Gartner Research, new generations of threats against institutions are evolving rapidly – outside cyber threats. These threats never touch the firewall; but they can have devastating impacts on customers and employees. They are often the threat vector for malicious, breach-enabling payloads. During this vendor showcase the BrandProtect General Manager will share his perspectives on Gartner intel, on outside cyber threats, and on how CISOs are adapting to meet these new digital adversaries. Vulnerability Triage at Broadridge Financial with NetSPI’s CorrelatedVM NetSPI
Carousel
Security plays a critical role in a company’s reputation and success. Without automated workflows to manage security concerns or support collaboration among developers, application security staff, and senior management; organizations would waste an immense amount of time and resources on vulnerability testing and analysis. The CISO for Broadridge Financial Solutions discusses how CorrelatedVM™ (CVM) from NetSPI streamlines VM processes to provide a highly effective one-stop-shop for the company’s mission-critical “vulnerability triage.” Checkmarx PCI-DSS Compliance Without the Hassle Checkmarx
Carousel
PCI has become a stamp of trust in the financial industry, however ongoing maintenance is required to stay compliant with changes deriving from software or compliance updates. Checkmarx simplifies compliance while delivering additional security. Checkmarx will: prove that proper application security can enforce compliance as an ongoing process, explain how to handle PCI requirements from the start and tick off a complete section of PCI while getting developers (willingly) involved in secure code methodologies. Combine SAST+RASP to Find and Fix Application Flaws Automatically Waratek
Carousel
Keeping pace with the firehose volume of vulnerabilities detected by security application testing tools (SAST) such as HP Fortify, Veracode and Checkmarx, using manual remediation efforts is unfeasible, costly and leaves financial services organizations at risk for long periods. This session will present a new approach that integrates SAST with Runtime Application Self-Protection (RASP) to automate the complete lifecycle of vulnerability detection, remediation (via RASP generated security rules) and validation of the virtual patch’s efficacy. Improve Situational Awareness to Counter the Risk Posed by Advanced and Evasive Threats Dell SecureWorks
Carousel
Reduce time-to-detection and decrease time-to-respond and level of response. Unified network and endpoint visibility provides greater assurances that teams can detect and respond to a cyber-threat sooner. Advanced threat detection capabilities both on the network and endpoints provide the greatest opportunity for both CISOs and security practitioners to counter the risk posed by advanced threat actors. Dell Secureworks shares insights from actual incident response experiences proving the value of these defense capabilities working in tandem.
Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 29
Wednesday, October 28 | 1:00 - 2:00 pm Solutions Showcases** continued
Akamai Security Solutions: Protecting Banks Worldwide Akamai
Carousel
As the digital landscape continues to evolve and enable new opportunities, with it comes a corresponding explosion in the number, type, magnitude, and cost of attacks that target the vulnerabilities of financial service institutions. Join this session to learn about the evolving attack landscape, defense mechanisms and strategies, and real attack types seen on financial institutions.
2:15 - 3:15 pm | Concurrent Sessions Presenting Cyber Risk to Your Board of Directors Nicholas Shevelyov, Silicon Valley Bank
Edison Governance
The Board of Directors are more engaged on Cyber Security issues than ever before. Attend this session to learn about tools, techniques and languages that translate cyber security issues into broader enterprise risk matters and get the attention of your organization’s executives and board members. Attendees will take away three tools that they can apply in their next board presentation. Third-Party Governance Done Right Brenda Ward, Aetna
Regent Governance
This session will feature a mature 3rd party security governance process implemented for Aetna that adds risk-based security controls to a robust compliance program that address the risks of third parties hosting member health information and providing web portal access or mobile access. The Global Information Security Director for the 3rd Party Security Governance program has implemented five security specific controls across hundreds of third parties that address things like software security maturity and risks, authentication of users, encryption of data in transit and at rest, using frameworks from the financial services industry. They lead a vendor ISAC community to share cyber security intelligence and best practices with the vendors to improve their cyber resiliency. A Walk Through Your Corporate Airspace: Understanding the IoT Chris Rouland, Bastille
Viceroy
This interactive session will explore the known, unknown and ‘ghost’ devices found on a walk through your corporate airspace from DC to 10Ghz. The convergence of the Internet of Things devices, the absence of visibility in the network, and the future impact on the enterprise will be presented comprehensively. Attendees will leave with an awareness of the infiltration of devices in the network, as well as techniques for discovery and defense. Quantifying Cloud Risk for Your Firms’ Leadership Jamie Barnett, Netskope; Bala Rajagopalan, BlueMountain Capital Management
Empress Governance
Your firm is adopting the cloud in a big way. Beyond people using their favorite productivity apps, your leaders are using the cloud for critical business processes across virtually every function. Whether those cloud services are sanctioned or shadowed, your fellow executives are asking questions like “Is our cloud usage safe and compliant?” and “Are there files containing PCI or PII in the cloud?” Learn key trends and data about quantifying enterprise cloud risks through this presentation.
3:30 - 4:30 pm | Concurrent Sessions Cryptocurrency and the Dark Web: Exploring the New Criminal Underground Wes Spencer, FNB Bank, Inc.
Edison
Two years after the invention and the release of the Bitcoin, the world’s most popular cryptocurrency, cyber criminals managed to exploit the technology for a multitude of crimes. In this session, the presenters will explore the creation of the Silk Road beginning in 2011 to its fall in 2013. They will explore the criminal underground since the Silk Road’s demise and see how criminals buy and sell illegal goods and trade stolen credentials, laundering millions of dollars. Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
www.fsisac-summit.com | 31
Wednesday, October 28 | 3:30 - 4:30 pm Concurrent Sessions continued
Financial Services for Technical Security Professionals Kristi Horton FS-ISAC
Regent
Many financial institutions hire information security professionals from other sectors or grow them as new professionals. In order for information security professionals to properly prioritize threats, incidents, and implement of security controls, it’s imperative that they understand the business of financial services and the environment in which that business operates. Each line of business has a unique threat landscape distinct from the others. Business leaders can offer their perspective on what is most important to them. Vendor Risk Assurance, Data Breach and Business Impact Cathy Rees, Comcast Cable; Ryan Stolte, Bay Dynamics
Viceroy Governance
The vendor community is critical to business operations and success. Organizations issue vendor user accounts and access to key organizational resources. However, recent data breaches can be attributed to their untethered access. Comcast Cable, a global leader in media/technology, manages thousands of vendor accounts with internal access to a broad range of critical information. Learn how Comcast tackles this challenge with an innovative vendor risk assurance program that combats data breaches and effectively manages business/security risks. Lessons Learned From A Cloud Data Breach Tomer Schwartz, Adallom
Empress
Several financial service organizations are reluctant to adopt cloud services due to fears related to overstated risks on cloud application usage. To help facilitate informed decision-making, the speaker will present the only documented demonstration of a cloud-based attack and explain how when using advanced detection and heuristic capabilities, organizations adopting cloud technologies can protect themselves from attacks while addressing financial services security compliance requirements.
Soltra Lounge Soltra Edge, the free threat intelligence sharing platform from FS-ISAC and DTCC now has over 2,000 users and continues to evolve. Come see brand new demos of cyber security solutions that are leveraging STIX and TAXII and integrating with Soltra Edge. Monday, October 26 | Reception 6:00 - 7:00 pm Tuesday, October 27 | 7:00 am - 7:00 pm Wednesday, October 28 | 7:00 am - 5:00 pm
Birds of a Feather Lunch FS-ISAC’s Birds of a Feather Lunch is a great way to connect and interact with your direct peers. Join us on Tuesday, October 27, from 12:30 - 1:45 pm on the Windsor Lawn for lunch and discussion. The tables will be labeled as follows: Associations Banks Brokerage and Securities Business Resiliency Canada Card Companies
Clearing Houses and Exchanges Community Institutions Insurance LS-ISAO Payment Processors Asset Managers
Session Tracks: Cyber Intelligence, Governance, Threats & Attacks *Closed to all Affiliate Members, Affiliate Board Advisors, and Sponsors. **Closed to non-Silver Sponsors
Big Security Data Credit Bureaus Payment Risk Council SAWG Retirement Funds Soltra www.fsisac-summit.com | 33
