Gartner Security & Risk Management Summit 2019 26 - 27 August / Mumbai, India

Organizations continue to be plagued (and breached) by malicious emails because they’re using a fragmented approach that is inadequate against evolving attack tactics. Join us for a fresh perspective that will cover: 1. What are the components of an effective security strategy? 2. Why are the advantages of evaluating various email security controls as part of a platform rather than individually. 3. What is the best way to determine which vendors meet your requirements?

Cloud native applications rely heavily on containers and serverless functions to build out event-driven, microservices-based application architectures. Legacy on-premises security patterns won’t work and won’t scale for the needs of cloud native applications. This presentation will discuss the security patterns and best practices for securing cloud-native applications, including container security.

In-app protection is protection provided to the application from the inside. It includes application shielding, RASP and anti-malware techniques and is well-suited to provide a zero-trust approach to applications. This session will highlight ways in which applications can be protected on the inside without requiring external components to be installed on the device.

As complexity continues to grow and risks, threats and vulnerabilities multiply with no end in sight, how can security and risk management leaders move beyond reacting? Attendees will learn how to think differently about their role in value preservation and value creation, and how finding sweet spots in a human to machine continuum can help. This is the security and risk management leaders’ new imperative.

Security and risk management leaders are challenged to continuously adapt their organizations to meet the needs of rapid changes in digital business. This presentation introduces the Gartner Operating Model for the Information Security Function to address this challenge. This operating model represents how it orchestrates its capabilities to deliver against its operational and strategic objectives.

Technical professionals are confronted with attacks that target web applications and APIs, and they struggle to find the appropriate mix of security controls. 1) What are the common attack patterns? 2) What technologies are useful in mitigating each type of attack? 3) What adjustments must be made for cloud-native application development?

In India, organizations engage VAPT consulting service providers, rather than buying their own tools and performing the tests internally. The range of providers also varies from pure-play vendors to professional services firm with no or little differential when it comes to the service. SRM leaders responsible for Security Operations should understand the following:
1. Different objectives of engaging a VAPT service provider
2. Selection criteria for VAPT service provider
3. VAPT market landscape
4. Best practices of a VAPT engagement

After more than 10 years of understanding the need to put cybersecurity and technology risk in a business context, organizations still struggle. The foundation of a mature security function that can offer defined levels of protection at defined cost is a business-centric service catalog. Writing business-centric value statements for risk and security bridges the knowledge gap with executives.

Security and risk management leaders need to develop security strategies that treat data as a pervasive asset (and liability). New data privacy laws and the continued growth of data breaches are increasing business risks. Data security governance is an emerging risk-based framework that will help plan and orchestrate policies across data security products that are siloed and do not integrate.

Cloud service providers may not always be ‘compliant’ with a regulation, although in some cases they do need to step up to specific requirements. The more mature a cloud service provider, the more help they can offer in demonstrating their compatibility with a regulation and in helping their customers understand how to use their offerings in a controlled and compliant way. This session addresses these common questions from risk, security, and procurement leaders. (1) How to contextualize security and privacy considerations for the cloud (2) How to gauge CSP's maturity in supporting compliance obligations (3) What tools to consider to better manage security and privacy compliance activities in the cloud.

The rapid adoption of SaaS applications such as Microsoft’s Office 365, Salesforce and others is driving enterprises to rearchitect their networks, so that remote offices can achieve direct internet access with SD-WAN and other techniques. Enterprises will be purchasing more cloud-based security services and fewer appliances. Here, we will highlight best practices that enable a smooth transition to the adoption of cloud-based security services.

Data, data everywhere and not a drop should leak. Your enterprise data wants to travel as broadly as it can — not only within the enterprise but across a panoply of cloud services and an endless proliferation of endpoints. Who needs heroic levels of DLP? How can you monitor, track and manage something seemingly impossible? What are the best product and service options available today?

Organizations are experimenting with artificial intelligence in security. As evaluation procedures mature, the first disillusions happen. This session will review the state of AI and machine learning usage in various security and risk management areas, and give CISOs recommendations to:
1. Navigate towards AI marketing
2. Define evaluation principle for solutions adding new algorithmic approaches to existing security fields
3. Prepare to avoid or minimize the backlash when results are not up to expectations

Successful Gartner clients often mention a "use-case first" approach to their SIEM deployment, across both internal, co-managed or fully outsourced models. But what is a use case, and how can Security and Risk Management leaders adopt a "use- case first" approach? In this session, we will take an actionable and pragmatic approach to developing security use cases for your SIEM.

IAM encompasses workforce and customer identities and access, to manage risk, reduce fraud and other losses, and enable desired business outcomes. Digitalization forces IAM leaders to focus on time to value, employee engagement and customer satisfaction.
Key Issues:
What does a successful IAM program look like?
How can IAM quickly deliver real business value and support cyber defense?
How will IAM technology investments evolve?

Identifying the core features to call out to a potential managed security service provider (MSSP) when scoping the need for an outsourced service is critical for a successful engagement. This session will provide practical examples of how to establish effective requirements and use cases before engaging providers:

● What service performance metrics are valuable to receive from an MSSP?

● How can you define service customization requirements to ensure additional service charges are managed?

● How can you align internal processes with the providers’ outputs?

Application security continues to be a significant challenge for many organizations. This session covers the current outlook for application vulnerabilities and application security programs, as well as the newest developments in application security practices and technologies.

Cloud-based secure connectivity options are slowly replacing traditional VPN scenarios. This session will help security and risk management leaders to understand the different data communication solutions for their use cases, including application-centric and demand-driven connections.

SIEM solutions continue to evolve to address a variety of persistent challenges — how to keep up with changing external and internal threats; increases in the volume, velocity and variety of data sources; and how to effectively implement, manage and use the solutions as expertise and resources become more constrained. New entrants have emerged from the UEBA space, and primarily emphasize a user-based approach for monitoring threats, compared to the more traditional approach of event-based monitoring oriented around IP addresses and host names. SIEM technologies are also adopting more advanced incident response capabilities through the addition (either natively, via acquisition or integrations) of functions that add SOAR capabilities. Organizations looking to shorten the deployment cycle and transfer responsibility for managing a SIEM tool's platform are leveraging SaaS or hosted SIEM solution options.

Organizational resilience must evolve with the changing needs of the modern digital world. Gartner offers a three- to five-year outlook and guidelines for security and risk management leaders to advance this discipline and achieve business outcomes. This presentation will discuss how to rollout an organizational resilience program that matches your organizational driving type.

Cloud providers’ focus on offering security features is changing competitive dynamics in the security market. This presentation examines the motivations and strategies of Tier-1 cloud providers in security and analyzes how they affect customer purchasing decisions in security. This presentation will help address the following key issues:
- Are cloud providers emerging as key security vendors for clients?
- Are security vendors threatened by cloud providers' moves in security?
- What scenarios are likely to play out in the next 12-18 months?

This session will highlight the latest trends in network-based advanced threat detection, including new techniques for anomaly detection. We will address challenges such as the growing percentage of encrypted traffic and its impact on threat detection. Attendees will learn about the key vendors in the market.

IGA deployment initiatives are a potential minefield for many organizations that risk costly delays, difficult integration and lower overall value. Gartner has identified common anti-patterns for IGA adoption that range from the planning phase to the actual deployment and integration. Attend this presentation for an overview of the IGA Magic Quadrant and Critical Capabilities that have been published in the past year.In this session, we will illustrate the market and main vendors in the Identity Governance and Administration space.

This session will discuss the advanced security features included in the M365 E5 license suite. We will also discuss licensing then dive into advanced data protection， email protection， conditional access， Azure AD premium P2 and all of the other advanced features. Then we will compare and discuss use cases where third-party solutions can be integrated and if they are required.

Android is ubiquitous in India, with over 99% penetration among mobile users. It is inevitable that organizations in India will need to find ways to officially support Android. This session will illustrate how security and risk management leaders should counter security concerns linked to Android platform fragmentation.

A one-page cybersecurity strategy has been the goal for CISOs forever and the effort always falls short. They are too technical and don't resonate with the business people, or are so 'soft,' technical staff doesn't know what to do with it.
Join us for this engaging workshop on how to craft a simple, easy to use one page strategy to propel your program to success

This session provides insight into the convergence between EDR and EPP and provides end users with deployment best practices in endpoint security.

Security and risk management leaders should select AST tools and services and embed them in the SDLC as a critical component of an application security program. In this session, we will illustrate the market and main vendors in the application security testing space.

This session will cover the different types of insider threat scenarios, and how you should incorporate these scenarios in your incident response plan and processes. We will define insider threat personas, how to begin building scenarios for these personas, and discuss some best practices for success.

It is now common practice, and in certain cases mandated by regulation, for a board of directors to require periodic reporting and event-based updates on the state of security and risk management in an enterprise. Developing and communicating an effective message that balances the need to protect with the need to run your business is critical to success. However, in many cases, Security and Risk Leaders are left frustrated and/or unable to answer elementary questions that the Board asks. This presentation will discuss: 1) What is the role of the board and what do they care about?
2) What are some of the most common questions that Board Members Ask? (and a talk track for these questions)
3) How can Security and Risk Leaders flip the conversation to educate the Board on issues that they need to know about?

APIs are used to enable partners to interact directly with your digital business platform, as well as being the building-blocks of mobile, web and VPA applications. However, APIs, by their nature, enable access to data and application functionality which otherwise would be locked away. Therefore, they must be secured. In this session, we examine the current state of API security.

As traditional perimeters drop, the endpoint is becoming the last line of defense against breaches. This session will explore the changing nature of the endpoint and endpoint workloads as well as defensive strategies. This session will explore:
The changing nature of the workload on endpoints from Win32 to cloud applications and the changing form factors from mobile to VDI.
Attacker tradecraft from targeted nation-state tools to mass-propagated automated attack kits.
The changing endpoint defensive strategies from detection and response to proactive hardening.

The world has seen an increase in security incidents. The use of commercial operating systems in industrial control systems means that OT is now susceptible to the same attacks as in the IT world. What should security and risk management leaders do to develop a coherent strategy to protect not just the organization’s information but also the OT? This presentation will address topics like processes, architecture and controls.

Organizations must balance growing investment opportunities against growing financial risks for data. Let's review 3 steps (1) investigate how Infonomics can be used to assess these financial risks caused by security, compliance or accidental events (2) use the risk assessment to categorize and prioritise each dataset for action and (3) develop financial investment strategies to manage the different data risk categories and apply appropriate investment, management or security actions

Fraud has historically been seen as a separate problem from information security and IT security. Yet for some time, its been clear that serious and organised fraud rings are using the same tricks as seen in advanced hacking attempts. Security and Risk management leaders attending this will benefit from learning how to align their fraud, risk and technical security resources and how improved intelligence can assist in this complex task.

The threat landscape is a moving target. Attack campaigns might hit multiple organizations, but each enterprise should analyze its own threat landscape. Security and risk management leaders should gain baseline knowledge on:
1. Future trends more than statistics about the past
2. Potential threats more than attack patterns
3. Response options more than defense technologies

Products and services lacking consideration for privacy represent a clear liability to organizations that process personal information. Over the course of this session, we will outline how to embrace Privacy Engineering and transform your privacy program from a forced to an organic change. We will look at lessons learned from the mad rush to the GDPR and how small, strategic changes to the way you plan, design and acquire can make compliance a natural step in your progression.

Educating business managers on the value of organizational resilience is a challenge for many organizations. Often, this challenge arises because business managers don't understand or appreciate the value of availability and resilience risk information or their relationship to it, leading to no change in the level of resilience for the organization. This session will introduce how to craft risk-adjusted LPIs that will measure the organization's level of resilience.

As more security vendors target your hybrid and cloud SaaS, IaaS and PaaS solutions, we are getting lost in too many acronyms. This session will help decipher the acronym soup and provide prescriptive guidance on what your organization needs to protect your cloud infrastructure and applications. We will also discuss best practices on implementations and how to evaluate and build shortlist for your vendor selections.

Modern security operations are evolving. They heavily rely on foundational technologies such as SIEM to accomplish their mission, and also adopt various analytics approaches. They struggle with more automation — of both thinking and acting — that promises to relieve humans from the routine tasks, but sometimes adding more work to the overworked security teams. This session will address these key issues: (1) What defines best-in-class security operations of 2018? (2) What trends are affecting security operations? (3) What will the future bring?

Is your organization in need of a Privileged Access Management (PAM) solution? If so, this session will serve as a good primer on the technology.
Key issues covered include:
* Introduction to privileged access management
* The PAM maturity model
* An overview of PAM tools
*Best Practices to use PAM tools

Security and risk management leaders looking for tools to build or expand their threat detection and response function should include deception tools in their stack. This session will throw light on the key use cases these tools can be used for.