Insider Threat, Incident Response and More

Transcription

1 Insider Threat, Incident Response and More Wednesday, May 13, :00AM to 4:30PM Presented by: ISACA - Greater Hartford Chapter Sponsored by: varmour, Varonis, Countertack, HIC Networks Security Solutions The ISACA-GHC Members have spoken and we listened! Based on your feedback and requests we have assembled the following topics: Human Side of Data Protection (David Gibson): The most valuable, fastest growing asset a business owns is its humangenerated data: documents, spreadsheets, videos, presentations, and s that people create and share every day. Breaches involving human-generated data happen almost every day. Why? Because employees have far more access than they need, activity is usually not logged or analyzed, and it's difficult to spot abuse. During this presentation you ll hear how there is a way big data analytics can help lock down overexposed data, prevent breaches, reduce excessive permissions, and enable a sustainable data protection strategy in the face of unprecedented data growth. Massive Scale Endpoint Incident Response (Neal Creighton): Security teams and incident responders are challenged to prioritize the alerts they receive from network-based devices. Next-generation endpoint detection and response technology is helping these teams more contextually investigate, and verify incidents for faster, more efficient resolution. This session will provide an overview of how new endpoint technologies bring in stealth data collection, Big Data correlation and behavioral threat analysis to augment and even improve the ROI of other security ops platforms. Insider Threats (David Gibson): The recent spate of highly publicized breaches has drawn attention to one of the issues that keeps security professionals up at night once an attacker is inside the network, their activities are often difficult to spot and recover from. This is true of outside attackers that compromise the credentials and systems of employees, as well as employees that are breaking bad or unwittingly exposing sensitive files. This session will review the anatomy of typical outside-in attacks including infiltration, data gathering, and exfiltration, and then discuss methods and techniques for analyzing file analysis records to spot and stop potentially malicious activity from both insiders and external attackers. Transforming Security Through Distributed Systems and Micro-Segmentation (Colin Ross): With the shift to cloud and mobile computing, security architectures have not kept pace with modern data center architectures. In a world where perimeters have largely disappeared, organizations need to consider security models designed for virtualized and cloud environments. We will discuss how Distributed Systems enable security to scale horizontally, adding capacity dynamically based on need. We will also discuss how Distributed Systems offer a superior architecture for security by providing simplified operations, more effective threat analysis, and better economics. Breaking Down the Cyber Kill Chain (Ryan Wager): The threat landscape continues to evolve faster than the technologies being built to control it. In this discussion we will focus on breaking down the parts of the Cyber Kill chain that occur within today's datacenter perimeter and current security best practices. Specific examples of real attacks will be utilized to illustrate each point.

2 Panel Discussion This panel discussion will look at some of the key issues around cybersecurity, threat detection, managed security, nextgeneration threat modeling and address audience questions on new, innovative ways to effectively counter attackers and eliminate threats. Moderator: Steven Harper, Northeast Regional Sales manager for CounterTack. Steven manages the U.S and Canadian business on the East Coast. He has been in the Internet and Cyber Security industry since 1994 and his background includes companies such as BBN (Bolt, Beranek, and Newman) and Exodus Communications where he was a member of the Cyber Attack Tiger Team. He has worked in the SaaS / Cloud industry, founding Plan 2 Win Software which he sold in Most recently he has worked at Radware and Corero Network Security, focusing on DDoS Prevention and remediation. Prior to working in the Denial of Service arena, he spent time at Still Secure, a Managed Security Service Provider, specializing in PCI Compliance. Panelist #1: Jamie Herman, Information Officer at Ropes & Gray, LLP. Jamie has more than 15 years of experience in information security, risk management and information technology. Currently the Information Security Officer for Ropes & Gray LLP, Jamie's expertise covers a diverse range of areas, including implementing information security programs, data privacy, digital forensics, access control, leading innovation initiatives and leading a global team. His passion for assisting law firms improve their security posture in all facets of business has been a key to his success. Having led vulnerability management plan efforts, security strategy and policy design initiatives, Jamie collaborates with a wide network of public and private industry information security experts to deliver forward-thinking security thought leadership to the legal information security industries. Jamie sits on the LegalSec steering committee and has presented at a multitude of ARMA, ILTA and information security events. Panelist #2: Jeff Stutzman, Co-Founder & CEO of Red Sky Alliance Corporation and Wapack Labs. Jeff served as a Director at the DoD Cyber Crime Center (DC3) where he built and operated the DoD/DIB Collaborative Information Sharing Environment (referred to in the press as the DIB Program ) and the financial community s Government Information Sharing Framework (GISF). Mr. Stutzman is a former US Navy Intelligence Officer and has held positions with Cisco Systems, Northrop Grumman, and the Software Engineering Institute at Carnegie Mellon University, and the DoD Cyber Crime Center. He is a founding member of the Honeynet Project, founded the Healthcare ISAC, and was a first watch stander in SANS GIAC (now the SANS Internet Storm Center). Mr. Stutzman holds a BS in Liberal Sciences from Excelsior College, an MBA from Worcester Polytechnic Institute, and is a Harvard Kennedy School Senior Executive Fellow. Panelist #3: Brad Howden is the Founder and CEO HIC Network Security Solutions, LLC. Brad has more than 15 years of experience working in security and network focused consultancies, as well as managing global, customer facing technical organizations. Howden strategically focused HIC s expertise to lie in both well established and in emerging security technologies designed to address the evolving threat landscape. Howden and HIC have also developed proprietary firewall migration software, HIC RAPIDFIRE, which has been used within a multitude of organizations across many verticals, and in a large number of fortune 500 companies. Prior to co-founding HIC Network Security Solutions LLC., Brad served as Director of Technical Services for IGX Global. He received a B.S. in Computer Science from Rutgers University. Panelist #4: TBD

3 ABOUT YOUR SPEAKERS David Gibson is the VP of Marketing at Varonis, and is a year technology industry veteran, specializing in Data Governance and Collaboration. Neal Creighton, Chief Executive Officer at CounterTack, Neal has more than a decade of experience in IT system security, identity verification, and Web authentication markets. As cofounder, president and CEO of GeoTrust, Neal was responsible for providing the leadership, strategic direction and management for the company. Neal spearheaded GeoTrust strategically and positioned the company for rapid growth. Neal led the efforts to raise $24 million in venture financing and sold GeoTrust to VeriSign (NASDAQ: VRSN) for $125 million in September In addition, Creighton led the spin-off of ChosenSecurity from GeoTrust, which was acquired by PGP, Corp. (now Symantec). Neal was also co-founder and executive chairman of AffirmTrust LLC, which was acquired by a Trend Micro in 2011, and co-founder of RatePoint, Inc., which was named MITX 2010 Social Media Company of the Year for New England. He serves on the advisory board of OneID ( and was formerly a technical advisory board member at PGP Corp. He is also the Chairman of Robly ( Neal Creighton is a graduate of the United States Military Academy at West Point and holds a Juris Doctorate and Master of Business Administration from Northwestern University. He is also the co-inventor of the domain control authentication patent granted in 2006 which is the primary method for the distribution of SSL encryption credentials on the Internet (the lock symbol in your browser whenever you enter your credit card or password securely). Neal was a Massachusetts High Tech All Star 2010, 40 Under 40 award in New England, three-time Ernst & Young Entrepreneur of the Year finalist and 2007 Sale Side Deal of the Year winner for New England from Mass High Tech. Creighton is a US Army Ranger School graduate and serves on the Advisory Board of the Army Cyber Institute at West Point. Colin Ross, Senior Systems Engineer at varmour Networks is a technology professional with over 23 years experience. His security focused career includes: The Royal Air Force, Nortel Networks, Crossbeam Systems, and Plexxi. Colin spent many years designing automation systems for security products, and was featured in Test and Measurement World magazine: Testing Toward Secure Networks" Ryan Wager, Head of Threat Strategy for varmour, the data center security company, is a technology professional with over 17 years in the industry. He's worked on the threat and analytics platforms for Cisco's cloud based websecurity platform, RSA's Web Threat Detection suite, and now at varmour, is helping develop the company s data center threat visualization and analytics platform.

4 This seminar has limited seating. SIGN-UP FAST!!!! Attendees are encouraged to send in questions for our Panelist. Send your questions to WHO SHOULD ATTEND CIO, CTOs, CISO, Directors of IT, Financial and IT Auditors, System Managers, Database Managers, Help Desk Managers Information Technology and Security Professionals CPE CREDITS This all day session qualifies for 7 CPE credits. To receive CPE credit, ISACA Greater Hartford Chapter (GHC) requires that participants sign-in on the GHC Sign-in Sheet provided at registration. CPE certificates will be provided after participant completion of the Session Evaluation Form that will be distributed at the end of the program. This event is sponsored by the following companies:

5 Location: CT-CPA Education Center 716 Brook Street, Suite 100 Rocky Hill, CT (860) Directions: Take Interstate 91 North or South to Exit 23 If you are heading North on I-91, take Exit 23 and turn left at the end of the ramp. As you approach the third traffic light, get into the middle or left lane and, at the traffic light, turn LEFT onto Cromwell Avenue, also known as "The Shunpike." If you are heading South on I-91, take Exit 23 and turn right at the end of the exit ramp. Go straight through the next traffic light. As you approach the second traffic light, get into the middle or left lane and, at that traffic light, turn left onto Cromwell Avenue, also known as "The Shunpike." Go to the third traffic light and turn left onto Brook Street. The entrance to 716 Brook Street is on your right; follow around to back of the building marked suite 100 and look for the CTCPA awning. Cost: ISACA members - $10.00 Non-members - $20.00 (Includes continental breakfast and lunch) MasterCard, VISA, Discover with online registration. Only Check is accepted at the door. No cash or credit. REGISTRATION: To register automatically, it is easiest to use the link provided in your invitation. Otherwise, register at by entering ISACA-CT in the Search box on the top of the page. Once completed, a registration confirmation will be sent automatically. Registration questions via using registration@isacact.org Register and pay online on or before Monday, May 11, 2015 (Walk-ins accepted only if space is available.) At the door, please make checks payable to: Greater Hartford Chapter of ISACA Old State House Station P.O. Box Hartford, CT REFUND POLICY: All registrants are required to pay for ISACA-GHC session fees. Full refunds will only be given for a cancellation completed 24 hours prior to the start of the seminar. Cancellations must be completed online using your registration confirmation number or by notification to registration@isacact.org prior to the above deadline. Registrants cancelling reservations after the deadline date will be billed. SESSION SCHEDULE*: 8:00am 8:30am: Registration & Continental Breakfast 8:30am 12:00pm: Seminar (with 15 minute break) 12:00pm 1:00pm: Lunch 1:00pm 4:30pm: Seminar (with 15 minute break) *Schedule may shift slightly based on the length of Q&A during sessions. NOTE: ISACA GHC will make every effort to hold events at the times and locations specified. However, ISACA GHC holds the right to cancel and/or change event times and locations under certain conditions (e.g., inclement weather). Special consideration is given to those members who are unemployed. Send an to registration@isacact.org explaining your circumstances and the Board will consider adjusting or waiving the session cost.