CSO Perspectives Seminar on Defending Against the Pervasive Attacker
 
Wednesday, September 17, 2014
8:00 am - 3:45 pmRegistration Open
8:00 am - 9:00 amContinental Breakfast & Networking
9:00 am - 9:15 amOpening Remarks
Joan Goodchild, Editor, CSO
9:15 am - 10:00 amAdapting to Ever-Changing Attack Patterns
David Billeter, Vice President, Global Security, Privacy and Regulatory Compliance, Staples

Over recent years, and especially over the last year, attack patterns have changed.  Bad actors are finding new and different ways to infiltrate and steal corporate assets.  All of this means that your security policies, procedures and infrastructure need to adapt.  Join us to understand some of today’s best practices and strategies in adaptive security.

10:00 am - 10:30 amThe Path to Real-time, Automated Security Architecture
Derek Brodeur, Professional Services Engineer, ForeScout Technologies
Tom Dolan, Regional VP of Sales, ForeScout Technologies
Joan Goodchild, Editor, CSO

As endpoint computing devices become more mobile and more diverse, traditional security architectures no longer provide sufficient visibility, control, and protection. That¹s why forward leaning enterprises are transitioning to a new architecture that provides visibility to all risks on a network, including mobile and BYOD devices -- and helps multiple security systems from different vendors work together in more collaborative and automated ways. Join us for this discussion as we delve into the characteristics of this new architecture and how it can make a practical difference in your organization¹s IT security.

10:30 am - 11:00 amNetworking Break
11:00 am - 11:30 amCreating an Effective Insider Threat Program: An Executive Interview
Shawn Daley, CSO, MIT Lincoln Laboratory
Michael Woodson, Cyber & Network Security Director, Santander Bank N.A.
Joan Goodchild, Editor, CSO

Why do you need an insider threat program as part of your cybersecurity strategy? How do you convince senior leadership of that, and what are the truly essential components of an effective program?  Join us as we discuss how your organization can effectively prevent, detect, and respond to insider threats.

11:30 am - 12:00 pmAnatomy of a Successful Phishing Attack
Quinn Shamblin, Executive Director & Information Security Officer, Boston University

We all know that the largest weakness in any cyber security program is people.  One of the most effective ways to get around security is to simply ask a person with access to let you in.  Phishing messages have been the opening attack of most of the largest, most publicized and most expensive breaches in our recent history. Join us for this session as we discuss the anatomy of a successful phishing attack and one organization’s incident response management, tactical actions and longer-term strategic plans to try to counter the effectiveness of phishing.  We will also discuss how the organization executed the enterprise-wide roll-out of a modern, easy- to-use multi-factor authentication solution for a client base of tens of thousands in only a few months, including a review of key success factors and lessons learned.

12:00 pm - 1:15 pmNetworking Lunch with Hosted Discussion Tables

Join a discussion table to share strategies and connect with your peers to hear how they're resolving the same issues with which you grapple every day.

  • BYOD and Mobile Security, hosted by ForeScout
  • Cyber Security Incident Response: Are You As Secure As You Think?, hosted by Lancope
  • Blind Spots: Finding the Malware that Defeats the Prevention Tools, hosted by Seculert
  • Endpoint Protection: Securing Workstations, Mobile, and Data Everywhere, hosted by Sophos 
  • NSA, Target, JP Morgan, Home Depot … who’s next?, hosted by Websense
1:15 pm - 2:00 pmCyber Security Confab Sessions
John McCarty, Regional Vice-President, East, Seculert
Dan Schiappa, SVP and General Manager, Sophos End User Security Group, Sophos
Jeff Wells, Director, Business Development, Lancope

You won’t want to miss these short format, rapid-fire presentations from thought leaders who will demonstrate how forward-thinking organizations are preparing for the future.


Cyber Security Incident Response: Understanding the Norm in Your Environment
Presented by Lancope
Organizations of all sizes face a significant threat from information security breaches. It's not a question of if – but when, and how – internet criminals will get into your network.  Join us for this short but informative talk on the power of knowing what is normal in your environment — and how doing so allows you to find and focus on the critical threats you face.

Lancope is pleased to offer a complimentary white paper entitled "Cyber Security Incident Response: Are we as prepared as we think?" Please click here to view.



Why Breach Detection Is Your New Must-Have, Cyber Security Tool
Presented by Seculert
Despite spending millions on firewalls, proxies, web gateways, and breach prevention technologies, many enterprises have come to realize that they will be infected by targeted, advanced malware. Join us for this session as we describe how hybrid cloud malware detection systems can leverage the power of cloud based analytics and on premise protection systems to provide a last line of defense against malware. 



Layers Are for Cakes: Rethinking Security as a Unified System
Presented by Sophos
Advanced threats are designed to exploit the gaps within and between traditional layers of security. To combat our adversaries, we need to treat security as an interconnected system instead of a series of point solutions.  Join us to learn how. 

Sophos is pleased to offer a complimentary white paper entitled "5 Stages of a Web Malware Attack" Please click here to view.



2:00 pm - 2:45 pmProactively Dealing with the Threat of Data Breach
Nick Akerman, Partner, Dorsey & Whitney LLP
Nicholas Bruno, CISO, Continuum Managed IT Services
Quinn Shamblin, Executive Director & Information Security Officer, Boston University
Joan Goodchild, Editor, CSO

The legal requirements for breach notification have gone from historically reactive, starting with the 2003 California Security Breach Notification law, to largely proactive in newer forms of legislation, including recent Massachusetts regulations which require organizations to have a data compliance program in place. What are the advantages and challenges to this new way of staying prepared?  Join us to hear panelists' perspectives on strategies for proactively positioning one's organization for dealing with a data breach.

2:45 pm - 3:45 pmWhat to Do -- and Not to Do -- When Attacked: A Moderated Workshop
Nick Akerman, Partner, Dorsey & Whitney LLP
Joan Goodchild, Editor, CSO

Today’s enterprises have more powerful security resources than a decade ago. Some have been tempted to turn those resources against their attackers in retaliation for the damage they caused. Others are reluctant to work with law enforcement on investigations for fear of exposing a negative incident to the public. In this session, we’ll learn more about what every business should do -- and not do -- when responding to cyber attacks.


3:45 pmRecap, Takeaways and Closing Remarks
Joan Goodchild, Editor, CSO