website. To learn more, visit our Privacy
CASB is now being deployed by organizations large and small. This session will dig into the features, the leading use cases we see clients successfully using and the requirements needed to make your CASB deployment a successful one.
Identity governance and administration (IGA) is the largest investment that most IAM programs will make. It is also the highest risk IAM technology to deploy. This tutorial presents a vision for how administering user access is best understood as a quality process, requiring transformation of existing processes to improve the effectiveness of IGA while simplifying deployment of the technology.
Identifying the core features to call out to a potential MSSP when scoping the need for an outsourced service is critical for a successful engagement. This session will provide practical examples of how to establish effective requirements and use cases before engaging providers. • What are the key service performance metrics to insist on from an MSSP? • How can you define service customization requirements to ensure additional services charges are managed? • How can you align internal processes with the providers' outputs?
Come learn how AIP, RMS, DLP and CAS can be leveraged to protect your Office 365 data in OneDrive for Business, SharePoint and Teams online. This session will discuss how all of these solutions can work individually or together to help protect your data in the Office 365 cloud. We will talk about administration, configuration, reporting, forensics and how these features integrate or not. We will also discuss third-party options.
Educating business managers on the business value of business continuity management (BCM) is a challenge for many organizations. Often, this challenge arises because business managers don't understand or appreciate the value of availability risk information or their relationship to it. This lack of understanding of how availability risk links to business performance is a leading cause of BCM programs having a great, exciting start, but ending in their long-term demise. In this session, we will discuss the following key issues: 1) What do boards and line-of-business executives want from continuity of operations to maintain corporate performance? 2) How can LPIs and LRIs be used to present a defensible case for the value and effectiveness of BCM to an executive audience? 3) How do you develop an effective BCM LRI catalog?
You are launching a new app for commercial app stores. You need to deploy and manage internal apps to your workforce but also make them available to external contractors. You need to mobilize your legacy apps securely. How do you go about your mobile application security? In this session, we will discuss the best approaches as well as the most interesting technologies to address mobile application security.
Malware protection requires a careful balance between different technologies across networks and endpoints. Different technologies protect against different types of attacks and apply to different attack phases. This session discusses malware protection components and their effectiveness to protect against less and more sophisticated malware.
As long as business is doing well business leaders are applauded and rewarded, but the moment something bad happens the CISO is blamed for not properly protecting business information. How can security and risk management leaders ensure roles and responsibilities are clear? What can be done to ensure ownership of risk is well defined. How much risk should the CISO actually own?
Leaders are exploring options to confront the skills shortage. Outsourcing, lowering expectations, increasing budgets, working with universities — while useful in the short to medium term, these will not develop the skill sets that organizations urgently need, especially as they become more digital in their operations and embark on experiments with the technologies of the future. Security and risk management leaders should consider using cyber ranges as an approach to development of necessary security skill sets and competencies.
IAM is an important component of an overall security and risk management plan and a key enabler of digital business. Attendees will learn how to evolve their IAM approach given current best practices and industry trends. Key issues are: • What are the architectural trends in IAM? • What drivers and best practices are shaping the evolution of IAM in 2018?
Risk management continues to be an area of growing maturity and investment for most organizations, as the risk landscape becomes increasingly complex and interconnected. As a result, new technology solutions are emerging to increase the collaborative nature of risk management to support data-driven decision making, both within and external to an organization. This session explores how integrated risk management (IRM) will help improve risk management practices.
This presentation tells the current story of cloud security, providing an overview of the unique risks of the various forms of public cloud computing, so that the security professional can help the rest of their organization fully understand and address cloud risks. The unique security challenges of IaaS and SaaS are discussed, and viewers are provided with a summary of current- and near-term products and practices that can be used to monitor and control the use of public cloud computing.
DevSecOps is about speed and precision, yet security is often seen by DevOps managers as a training burden or blocking issue. However, many developers are interested in expanding their knowledge of security as part of their professional development. Security and risk management leaders should train these developers to lower the rate of critical and high security coding mistakes in production.
Application security continues to be a significant challenge for many organizations. This session covers the current state of application vulnerabilities and application security programs, as well as the newest developments in application security practices and technologies.
Security markets are growing — but tidal shifts in buyer preferences and needs have led to disruption, forcing vendors to adapt how they create, sell and deliver solutions to maintain relevance. We'll examine those forces and their implications, how vendors can best respond, examine selected market segments in depth and deliver a high-level review of investment and M&A activity in the security markets.
This presentation will discuss the current and future state of business/organizational resilience across multiple management disciplines including business continuity management, information security and more. Using the four layers of culture, people, process and infrastructure, we will address the role of the chief resilience officer and present a framework for developing a business/organizational resilience program in the organization.
SIEM is a mature security solution and often seen as a mandatory component of a security program. However, many organizations struggle to deploy it, and many are looking for alternatives in new technologies, such as UEBA and NTA, and in new services or delivery formats, such as MDR and SaaS SIEM. This session presents an overview of the main challenges around SIEM deployment and utilization and how this technology is evolving to address them.
Digital business challenges the conventions of digital risk and security management. Security and risk management leaders must develop a coherent digital security program based on a clear vision and strategy. This presentation will address: What constitutes an effective vision and strategy? What are the elements of a digital security program? What are the drivers shaping strategy in 2018?
Netskope: Additional Session Details Coming Soon
OneTrust: Additional Session Details Coming Soon
Secureworks: Additional Session Details Coming Soon
Microsoft: Additional Session Details Coming Soon
Bitdefender: Additional Session Details Coming Soon
iboss: Additional Session Details Coming Soon
Forcepoint: Additional Session Details Coming Soon
VMware, Inc.: Additional Session Details Coming Soon
NTT Security: Additional Session Details Coming Soon
Symantec: Additional Session Details Coming Soon
Zscaler: Additional Session Details Coming Soon
More than ever CISOs must be masterful persuaders. Our research takes a fresh and entertaining take on the art of persuasion viewed through the lens of modern neuroscience. We assume persuasion is a natural talent, but it's something even people with engineering brains can master, if they know the right tricks. You will leave this session with skills you can use today.
BitSight Technologies: Additional Session Details Coming Soon
Rsam: Additional Session Details Coming Soon
Qualys: Additional Session Details Coming Soon
Bitglass: Additional Session Details Coming Soon
Cisco: Additional Session Details Coming Soon
Gemalto: Additional Session Details Coming Soon
McAfee: Additional Session Details Coming Soon
Herjavec Group: Additional Session Details Coming Soon
This roundtable will discuss planning approaches, challenges, pitfalls and the first steps taken in developing threat detection and response capabilities. Participants should bring their experiences on the initial phases of their threat detection and response capabilities. Preregistration is required. Seats are limited.
Join peers from the midmarket to discuss challenges, best practices, and experiences around how they manage risk as risk management becomes ever more complex due to digital business. Preregistration is required. Seats are limited.
Data management no longer needs to focus solely on only one of the main uses cases: risk mitigation, analytics, compliance or cost optimization. In this session, learn what your peers are leveraging across functional data management and information governance initiatives to solve multiple business data concerns. Preregistration is required. Seats are limited.
CASB is now being deployed by organizations large and small. What are the features, the successful use cases, and the requirements needed to make your CASB deployment a successful one? Preregistration is required. Seats are limited.
Many midsize enterprises are struggling to attract and retain cybersecurity talent. Join us for this peer-driven discussion on how to manage with a small team. How have you successfully overcome these constraints? When is a managed service the answer? What makes the most sense to keep in-house? Preregistration is required. Seats are limited.
As DevOps gains popularity for rapid delivery and innovation of new IT-enabled capabilities, concerns about security and compliance increase. Security and risk management leaders must adapt existing security tools, processes and policies to the DevOps toolchain without slowing the development process. Preregistration is required. Seats are limited.
Whether you are still developing your cloud strategy or already have lessons learned and best practices to share, this facilitated peer-to-peer discussion brings a small group of industry peers together for targeted discussions and learning. Preregistration is required. Seats are limited.
Digital identities for both humans and devices are growing at an exponential rate. What implications does this have on governments and their IAM programs, and how will this impact both government-employee and government-citizen dynamics? How will emerging technologies such as blockchain impact government digital identity? This roundtable kicks off with some common trends in IAM, and focuses on what matters most to governments. Preregistration is required. Seats are limited.
IRM's key to success is the ability to provide a vertically integrated view of risk, starting with an organization's strategy, through to its business operations and ultimately into the enabling technology assets.This integration can be even more successful when IRM extends into markets such as business intelligence and analytics as well as security orchestration, automation and response (SOAR). Learn how IRM fits into this broader business risk solution stack.
CIOs and their teams need to be able to articulate the value of digital business in the form of concrete metrics. This session will provide a framework for identifying value areas (e.g., revenue, cost reduction, margin improvement) and then continue with a way of establishing metrics to help executives track the progress and manage the risk of the digital business journey.
Cloud is not just a synonym for the internet but a whole new way to energize your career. Tired of racking and stacking and patching? Bored with consoles and control panels? Then attend this session. Cloud security upends traditional notions of protecting systems and data. Aspects of cloud security require dabbling in adjacent IT disciplines. Come learn how to develop cloud security skills for yourself and for your organization.
Mobile attacks continue to surface. Do you have all the right mobile security solutions in place? Come learn how to build a defense in-depth strategy for your ever growing mobile workforce. We will also discuss how UEM, MTD, and Mobile OS/HW security solutions continue to improve.
Organizations are allocating funds for blockchain without defining use cases, putting security and risk management leaders in a bind. You need to support the adoption of blockchain, but manage the risks that result from relatively unproven tools. Come learn: ● How to trust distributed identity. ● How to trust unknown cryptographic service providers on blockchain and distributed ledgers. ● Recognize the can't-happen-don't-care state is more important than we think.
This presentation will outline ongoing changes in security operations/policy/organization, technical migrations, shifts in security mindsets, societal changes, and modifications in adversarial tactics that CISOs and their direct reports should monitor. Attendees will learn strategic changes that aren't yet widely recognized but will have broad industry impact and significant potential for disruption. Through 2022, technologies related to these trends will reach a level of maturity that crosses a critical tipping point.
Security is a team sport, no single vendor can solve cybersecurity alone, it requires a full stack of specialized tools. Buying more point solutions leads to more overlaps in some areas of functional coverage, while leaving gapping holes, which is not optimal. The future of cybersecurity tools is in microservices that organizations can easily integrate and plug together. We will look at what is required for this vision to become reality.
Gartner's T&SP security team conducted a follow-up survey to help gain insight into changes in buyer security spending behaviors. This session presents the findings and year-over-year changes in delivery model preferences and budget increases and what is driving the investment.
Incident response retainers are not all the same. Variations in available options and costs can affect a buyer's decision. This session will cover the common types of IR retainers available to buyers, typical options and variations, and factors to consider to aid buyers in choosing the appropriate retainer to match their requirements.
Security and risk management leaders should select AST tools and services and embed them in the SDLC as a critical component of an application security program. In this session, we will illustrate the market and main vendors in the application security testing space.
The EPP MQ is one of the most popular documents on Gartner.com, and clients want to understand what the relative placement really means. This year's lead author, Ian McShane, will take you through the analysis process, the assessment criteria and of course the products themselves. Attendees will get updated information and guidance on how best to use this document when evaluating vendors.
Convergence of IT and OT have led to myriad new and challenging security issues. IT and OT security professionals and CIOs need to plan for these and future challenges. Join us and learn how to best plan and deploy a security strategy that aligns to IoT initiatives and OT-IT convergence.
Facing your board of directors and describing the risks digital business brings to the organization isn't easy. This workshop explores techniques and approaches organizations can use to describe the digital risks faced, the steps the company is taking to mitigate them, and the metrics that can be used to measure progress.
IBM: Additional Session Details Coming Soon
Mimecast: Additional Session Details Coming Soon
Google Cloud: Additional Session Details Coming Soon
ServiceNow, Inc.: Additional Session Details Coming Soon
AT&T: Additional Session Details Coming Soon
Cisco: Additional Session Details Coming Soon
Splunk, Inc.: Additional Session Details Coming Soon
Leidos: Additional Session Details Coming Soon
CyberArk: Additional Session Details Coming Soon
CrowdStrike: Additional Session Details Coming Soon
Transition to cloud can unfold a parallel project of managing compliance in a new ecosystem which may be a combination of SaaS, on-premises, and privately hosted workloads. Partner, customer, and supplier connections and application integrations further complicate the implementation of compliance mandates. Learn about resetting goals and redefining the scope of assessments supporting risk management and compliance initiatives.
Automation in security isn't a new concept, and one could argue that a simple AV product which updates itself is automation. But shifts in market trends are calling for more security solutions to incorporate higher value levels of automation. Buyers who struggle to do threat detection, are strapped for personnel resources and have increased pressure to improve their programs. Successfully applying automation can allow buyers to do more with less. This session discusses this wave of automation in security, what's working today and how to successfully create product value through automation.
It is now common practice for a board of directors to require periodic reporting and event-based updates on the state of IT risk and information security. Risk and security leaders must provide board-relevant and business-aligned content. This presentation discusses what you need to present. Key Issues: • What is the role of the board and what do they care about? • What content do you need to cover? • How should you present this content?
UEBA and NTA are at the peak of inflated expectations in Gartner's Hype Cycle. Why, when and how should an organization use these and security analytics tools? We will present a simple framework based on use cases, analytics and data sources that organizations can use to help them select proper tools for the issues that they are facing.
The technical debt security teams have to deal with today is crushing. New technology often has "technical debt" — security issues that require compensating controls. This session will discuss this issue and also what organizations must do, such as: • Understand the technical debt that comes with acquiring a technology/service. • Manage technical debt at acquisition time. • Leverage technical debt management for risk posture improvement.
Protecting modern web applications requires an appropriate mix of technologies for client-side and server-side components. Microservice design patterns, web API adoption, mobilization and cloud integration increase the complexity further. This session will cover the various protective technologies that are available to organizations and provide recommendations on how to leverage them effectively.
In this session, we will cover different ways we see organizations fitting and integrating application security testing (AST) into the systems development life cycle (SDLC). What characteristics should we be looking for in AST solutions? How do we balance speed and depth when it comes to testing applications? What practices should we consider leveraging to better embed AST in the SDLC?
Security testing, software composition analysis, vulnerability scans, pen testing and other sources of software vulnerability data can quickly overwhelm DevOps teams responsible for ensuring the security and integrity of the apps they deliver. We'll examine emerging approaches that can aid teams in identifying the most critical issues for mitigation, while providing management with a risk-based view of apps.
Public cloud computing offers the potential for high levels of continuity but operational reliability cannot be taken for granted. Even the most reliable of cloud services requires some level of customer configuration and ongoing administration to enable the highest levels of processing redundancy and data protection. IaaS and SaaS are conceptually similar, but a successful cloud contingency effort must accommodate their unique differences.
For many organizations, digital business services will be supported through a combination of cloud-based applications and internally hosted business data. Sustaining IT service availability, continuity resilience across the underlying hybrid infrastructure is a critical success factor. Outcome-based service levels that support related digital business key performance indicators (KPIs) will be required. This session examines responsibility and accountability alternatives for the delivery of digital business-based outcomes and will use client case study examples to illustrate successful approaches.
As organizations digitize, new security competencies and roles will be required to manage the balance between the need to run the business and the need to protect the business. This presentation will highlight five critical roles that security and risk leaders have to plan for to manage the risks arising from digital business initiatives undertaken by their organization.
This session will explore vendor opportunities in blockchain based browsers and help them evaluate how to partake in a blockchain market Gartner forecasts to be $3.1 trillion by 2030. Key issues covered in this session: • What are the opportunities in consumer blockchain applications that enable stronger privacy and security? • What are the opportunities for blockchain security in the advertising space?
With private cloud, public cloud and SaaS becoming pervasive across enterprises, the relevance of third-party security controls is in question. Infrastructure and application owners ask whether third-party firewalls are necessary to secure business data in these new environments. A single brand of firewall is the best approach to regulating access to — and security within — hybrid networks.
Endpoint and mobility use cases continuously transform business processes and challenge established security best practices. Integrity comes down to personal discretion. We provide IT leaders with a path to introduce agility and tolerance into critical infrastructure. Concerns include technology trends, emerging exploits and the sheer enormity of data protection in an interconnected workplace.
As organizations struggle to deal with the evolving threat landscape, there has been a resurgence in interest on deception techniques. Simple honeypots have evolved into distributed deception platforms and existing security solutions have also started to include deception components. This session provides a look at deception as a technique, with insights into when it's applicable, when most effective and how organizations should introduce it into their environments and security practices.
Email is the most commonly used channel for both opportunistic and targeted attacks, as well as a significant point of egress for sensitive content. Let's discuss what's new in securing this venerable and vulnerable communication medium, including advanced threat defense, clawback and DMARC.
With GDPR leading a rising tide of privacy regulations, security and risk management leaders should include data masking in their compliance plans. This session will explore old and new data masking use cases to address privacy challenges. 1) How do you reduce exposure in DevOps? 2) How do you limit PII exposure to only authorized processes? 3) How can data masking be used to address data subject rights?
Many security leaders think their responsibility ends at their perimeter, but the same criminals who are trying to hack into your systems are also exploiting your brand and customers externally through fake social media accounts, malvertizing, phishing sites and more. Who is responsible for protecting your enterprise against the assaults of cyber-criminals outside the assets that you control? Who protects your customers when they think they are interacting with your organization?
Wandera: Additional Session Details Coming Soon
Dome9 Security: Additional Session Details Coming Soon
Samsung Electronics America: Additional Session Details Coming Soon
GTB Technologies: Additional Session Details Coming Soon
Secureworks: Additional Session Details Coming Soon
Herjavec Group: Additional Session Information Coming Soon
Our current view of capitalism is based on industrial age economic ideas, but mega-platforms such as digital giants eBay, Amazon, Uber and Facebook not only challenge our analogue based business models, but even our assumptions of how markets most efficiently allocate resources. For enterprises to survive and thrive in a world of macro and micro-economic upheaval, a deeper look into how these changes might manifest is essential.
Emerging security concerns will be addressed in the future with a combination of cyber capabilities, unmanned vehicles and drones and special operations forces. In particular, the reach and function of cyber tools will change how we view the world and keep ourselves safe in it. Admiral James Stavridis lays out the future of 21st century security tools that are very untraditional in their reach and application. He describes for audiences how the world of international defense is fundamentally changing before our eyes, and how that will impact business, personal life and the global marketplace.
The foundation of a mature security function that can offer defined levels of protection at defined cost is a business-centric service catalog. Writing business-centric-value statements for risk and security is both challenging and informative. This workshop will help you understand exactly what security does for your organization.
Security and risk management leaders must develop strong incident response (IR) capabilities where personally identifiable information (PII) is compromised. This workshop will use a scenario that highlights the impact of cross-border data flows and privacy management to help validate IR capabilities.
Threat simulation tools may be the newest tool in your security toolkit. Join us and learn about the novel security tool category — threat simulation tools, and how to use these to test and improve your security. Key issues covered: • What are these tools? • Who needs them? • How can you benefit from them?
When it comes to the threat landscape, it can be challenging to predict what's on the horizon. Gartner presents the best predictions on how the threat will change in attacking your enterprise. This session will cover the following areas — the importance of patching, ransomware evolution and state-sponsored attacks.
Now that we are in the “cloud era,” network security professionals need to adapt. Enterprises are re-architecting their networks, and will be purchasing more cloud-based security services and fewer network security appliances. In this session, we will highlight best practices that enable a smooth transition to the adoption of cloud-based security services.
Digital business projects don't lend themselves to conventional security architecture practices. Security and risk management must adopt a bimodal approach to security architecture. This presentation will discuss: What is security architecture? What are the best practices for security architecture in digital business?
Vendors and third parties can create significant risks to business operations and performance. This session will provide an overview of the methods to efficiently reduce residual vendor risks. What are the current best practices for assessing, monitoring, remediating or mitigating vendor risks? What emerging practices are improving the value of vendor risk management programs?
MDR (managed detection and response) is a new and fast-growing area for MSSPs, but there are new business models and competitors to contend with. This presentation providers aspiring MDR providers with a template for creating an MDR service across the people, process and technology considerations.
In 2017, Gartner introduced a strategic approach for information security called Continuous Adaptive Risk and Trust Assessment (CARTA). As a new charter for information security, CARTA embraces the reality of securing a world where our digital business capabilities are accessed anywhere, by anyone from any device and where attackers continue to innovate. This session will explore the significant changes to security organizations and infrastructure required by CARTA.
Midsize enterprises are defined as organizations between $50 million and $1 billion in annual revenue and fewer than 1,000 employees. This roundtable discussion focuses on what's enough network security for midsize enterprises. Preregistration is required. Seats are limited.
This analyst-user roundtable will provide a forum for conference attendees to discuss how they approach recovery tiering for business and IT processes. Preregistration is required. Seats are limited.
Let's talk about exit strategies. Join us for a lively discussion including real-world examples where data—and, even worse, business capabilities—are held hostage due to poorly defined terms in cloud contracts. Be prepared to share your own experiences for this topic and learn from the analyst four mechanisms to avoid being the next "my data is held hostage with my SaaS provider and I can't afford to extract it" story. Preregistration is required. Seats are limited.
In this roundtable, discuss with peers how to get the most out of security training for developers. Should the developers be trained in an effort to make them security experts, or should the focus be more narrow? How will I know if training is successful? What have others found successful? Discuss with your peers what you are doing, how it has worked and hear from them on how they've tackled this problem. Preregistration is required. Seats are limited.
Join this discussion on security vendors that midsize enterprises love. Midsize enterprises are defined as organizations between $50 million and $1 billion in annual revenue and fewer than 1,000 employees. Preregistration is required. Seats are limited.
From Other Transaction Authority (OTA) to CDM (Continuous Diagnostics and Mitigation) acquisition changes to new cybersecurity special item numbers (SINs) on GSA schedules, federal organizations like DIUX or the strategic capabilities office (SCO) are finding new ways to accelerate the federal acquisition of tools and services. Join us for a facilitated peer-to-peer discussion on ideas and best practices. Preregistration is required. Seats are limited.
In line with the trend of Office 365 adoption, a large number of midsize enterprises are considering Microsoft's native security and IAM offerings such as Exchange Online Protection, Advanced Threat Protection, Azure Active Directory, Azure Information Protection and Microsoft Intune. Which of these are you using successfully? What challenges have you encountered? Where have you found the need to supplement or supplant these capabilities with a non-Microsoft product? Join us for a peer-driven discussion to address these and any other questions you may have. Preregistration is required. Seats are limited. Preregistration is required. Seats are limited.
Compliance may be a mature discipline, but Gartner still sees a lot of organizations struggle. Tools can help, but sometimes they make things worse. Come learn what your peers are doing to mature and improve their compliance management programs and how they are leveraging tooling investments to implement continuous improvement. Preregistration is required. Seats are limited.
This user roundtable will include a user-driven discussion on experiences with insider threat detection programs. Some areas we will discuss include; best practices, governance and organization, process, and technology solutions.
McAfee: Additional Session Details Coming Soon
ThreatConnect: Additional Session Details Coming Soon
ThinAir: Additional Session Details Coming Soon
Bomgar Corporation: Additional Session Details Coming Soon
Amazon Web Services, Inc.: Additional Session Details Coming Soon
SecurityScorecard: Additional Session Details Coming Soon
One Identity: Additional Session Details Coming Soon
Darktrace: Additional Session Details Coming Soon
Trend Micro: Additional Session Details Coming Soon
Qualys: Additional Session Details Coming Soon
Bromium: Additional Session Details Coming Soon
Fraud prevention leaders have mastered the art of detecting and preventing fraudulent account activity and payment events in many verticals and use cases, but as customers change the way they interact with each other and their expectations of their service providers, banks, retailers, health care teams and governments, the old ways have failed to evolve.
Gartner will explain the SaaS-based secure internet gateway concept, how this future concept will evolve the delivery of cloud and infrastructure and how providers must plan for this evolution in the security markets.
Massive use of SaaS and mobile technologies and a growing share of encrypted traffic revive the rumors of the death of the perimeter and network security altogether. Building a strong business case to prioritize network security investments is more difficult, due to increasing competition for budget from cloud and endpoint security solutions. This session will review the latest trends in network-based advanced threat defense, including the latest techniques used for anomaly detection, and a high-level framework to decide if TLS decryption is right for your organization.
This presentation outlines the top 10 security projects for 2018, based on a number of criteria: The emerging technologies that support the project are not yet mainstream; the project helps deliver against the CARTA (continuous adaptive risk and trust assessment) approach; and the project has high risk reduction versus resources required as compared to alternatives. Attend this session to get ideas and justification for specific 2018 security projects.
After ample preparation time in anticipation of the GDPR, Gartner has observed a few misconceptions on privacy as well as a number of key functions for a mature privacy management program. We will address the lessons learned and the necessary capabilities to protect privacy, including the role of security, program ownership, and what the market is, and should be, doing.
Gartner has seen an increased interest in virtual CISO offerings from organizations in unregulated industries, with smaller digital business footprints, and small and midsize enterprises. Are you a good candidate for a vCISO? Come find out what you can and should expect from these new service offerings.
Every year Microsoft releases new security features for Office 365. Come learn about all the existing and new Office 365 security features built into the different licensing models. We will discuss all the three-letter acronyms (TLAs) of the security features available within O365 as well as the third-party solutions.
Employee monitoring is one of those topics that most IT leaders don’t like to talk about. Blandishments like “we trust our people” and “we have a culture of openness” are common. Yet, as Mark Twain said, “The difference between a man and a dog is that if you feed a dog and take care of it, it will not bite you.” We examine how employee monitoring contributes not only to prevention and detection of internal malfeasance, but can also be used to safeguard employees and ensure safe working environments.
IBM: Additional Session Details Coming Soon
Come join us for a discussion of four recent high-profile breaches. How did they happen? What was the company response? What worked and what didn't? What should we have learned from the breach?
Sath Inc.: Additional Session Details Coming Soon
Lookout: Additional Session Details Coming Soon
Imperva: Additional Session Details Coming Soon
AT&T: Additional Session Details Coming Soon
Wombat Security: Additional Session Details Coming Soon
Venafi: Additional Session Details Coming Soon
Illusive Networks: Additional Session Details Coming Soon
Guidance Software/OpenText: Additional Session Details Coming Soon
Security awareness and education are critical elements of successful security and risk management programs. Learn how security awareness computer-based training tools can help, are they right for you, and who are the vendors you should evaluate.
By 2020, 60% of large enterprises will use a CASB to govern cloud services, up from less than 10% today. There's a good reason for this expected jump in adoption. Cloud access security brokers have become an essential element of any cloud security strategy, helping organizations govern the use of cloud and protect sensitive data in the cloud. Attend this session to help you align CASB vendors to address specific use-case requirements.
Is threat intelligence its own market, or is it just a feature? This session will discuss the dynamics and trends and viability of TI as a stand-alone market, with examples of different go-to-market approaches. Also, it will discuss the relevance of TI within security controls with examples of integrations.
This session will review the latest Gartner Magic Quadrant for intrusion detection and prevention systems. Attendees will learn about the current market and valuable use cases for this well established network security technology, as well as hear an overview of the vendor landscape.
This session will introduce the concept of a threat intelligence gateway, define it and highlight the benefits that these appliances bring to network defense. Attendees will learn the style of intelligence that moves beyond just threat toward intelligence aware internet filtering. We'll talk through the benefits that some enterprises and security operations centers have seen and we'll cover how security threat intelligence integrations must evolve to make security operations more efficient.
Most prevention techniques rely on having seen the attack before, and fail for evasive attacks. Detection techniques rely on reuse of techniques/tactics or anomalous behavior, and fail for highly evasive attacks. This sessions analyses five core security patterns that security architects can use to protect against highly evasive threats, without relying on detection.
Security and risk management leaders need to develop security strategies that treat data as a pervasive asset (and liability). New data privacy laws and the continued growth of data breaches are increasing business risks. Data security governance is an emerging risk-based framework that will help plan and orchestrate policies across data security products that are siloed and do not integrate.
Security and risk management leaders struggle to hire and retain staff with the right skills, especially in the age of digital business. We discuss the outlook for security talent in digital businesses. What do organizations do to confront this shortage? What can you do to ensure your team's skill sets are developed for a digital world? What does the future of talent look like with technologies such as AI/ML, blockchain, IoT looming?
The world has seen an increase in security incidents. The use of commercial operating systems in industrial control systems means that OT is now susceptible to the same attacks as in the IT world. What should security and risk management leaders do to develop a coherent strategy to protect not just the organization’s information but also the OT? This presentation will address topics like processes, architecture, and controls.
Assessing risks well is imperative for organizations moving aggressively to leverage digital business tools and techniques in the safest, most secure and efficient manner possible. This presentation explores the best steps organizations can take to choose the appropriate risk-assessment process for their needs.
The data security and analytics market is full of vastly differing technology and service claims. ML, AI, NLP, analytics, GDPR compliance, classification, data security risk identification — STOP! Offerings have been over-hyped, leaving organizations frustrated. Key issues covered: • How focusing on D&A basics can eliminate the "noise." • Where to turn for sifting through the confusing vendor and technology landscape. • How to regain control of your data security and analytics initiatives.
Bots represent more than half of the traffic to enterprise web applications. While many bots are good for business, malicious bots take down web applications, scrape content and sensitive data, prevent legitimate customers from purchasing goods and services and lay the groundwork for account takeover with credential stuffing attacks. Separating good bots from bad bots, and bots from humans is a critical step to protect your enterprise web, mobile, and IoT applications against fraud and abuse and preserve access to beneficial bots.
Midsize enterprise (MSE) IT leaders face significant security challenges when trying to deliver IT services with small IT teams (usually fewer than 30 people) and limited IT budgets (usually less than $20 million). Join us for a discussion of the top trends that MSE IT leaders responsible for security and risk management should prioritize to stay current and proactive in protecting the organization and managing risk effectively.
Until fairly recently, vendor risk was about vendor viability, credit-worthiness and reputation. While these things are important, the cybersecurity posture of your vendor ecosystem has become more critical. This workshop will provide best-practice advice on negotiating risk and security into vendor agreements.
Cybersecurity and IT risk are business imperatives. Developing an effective message that balances the need to protect with the need to run your midsize enterprise is critical to success. Many of the successful concepts are not obvious, and some of what is obvious is actually not advised. This session describes what to do and what not to do. It presents a slide deck to start and guidance to modify the deck for your specific needs.
Aruba, HPE: Additional Session Details Coming Soon
Cybereason: Additional Session Details Coming Soon
Gigamon: Additional Session Details Coming Soon
Fasoo: Additional Session Details Coming Soon
ForgeRock: Additional Session Details Coming Soon
Carbon Black: Additional Session Details Coming Soon
F-Secure: Additional Session Details Coming Soon
Okta: Additional Session Details Coming Soon
Balbix: Additional Session Details Coming Soon
As an IT leader, your scope has changed. From building back-office and front-office systems, to be in the middle of the digital business. And the next thing is getting clear: the role of your organization in the #digitalsociety. This provocative, fast-paced presentation argues that the Silicon Valley way of creating a better world is short-sighted and misguided. A better understanding of how society works is needed, and every IT leader needs a story here. It is easy to be cynical and "realistic " in today's world, but what we really need is stories of optimism and hope. What will be your story?
Juniper Networks: Additional Session Details Coming Soon
No one can escape the wave of artificial intelligence marketing. The promise of increased security and better automation is appealing to CISOs, but sets the wrong expectations. Being too optimistic about artificial intelligence's impact could hurt the security organization. This session will highlight how artificial intelligence might impact security and risk management, what to expect and how to adapt to the changes.
Keren Elazari, senior researcher at the Balvatnik Interdisciplinary Cyber Research Center In the information age, data is the new currency and access to it is power. With battle cries such as “information wants to be free,” “hack the planet” and “we are legion” in recent years, hackers have risen to infamy. But can we learn anything about innovation from them? The surprising fact is that hacking can, and often does, improve products. It exposes vulnerabilities, encourages innovations, and demonstrates what is possible and how consumers actually want to use technology. In this keynote, attendees will learn how companies that once fought hackers, can now invite them to innovate – and how more organizations are learning to embrace the creative aspects of hacker culture.
The 2018 CIO Agenda highlights the changing role of the CIO. Security and risk management leaders must understand CIO priorities and adjust strategy and messaging accordingly. Key issues: • What are the main elements of the 2018 CIO agenda? • What are their implications for security and risk management leaders? • What must security and risk management leaders do in response?
To better address the needs of global CEOs and senior executives, end-user organizations are shifting focus away from governance, risk and compliance (GRC) to IRM solutions. IRM goes beyond traditional, compliance-driven GRC technology solutions to provide actionable insights that are aligned with business strategies, not just regulatory mandates. Learn how this market is quickly expanding to meet the new demands of the digital business.
I&O leaders are under pressure to support business growth, deliver competitive differentiation and minimize ongoing costs. Delivery of nonresilient infrastructure must be carefully scrutinized to avoid negative cost implications in the medium to long-term. This session will explain that resilience needs to be a key part of infrastructure delivery planning, but devising a pragmatic approach is key to ensuring success in a bimodal, cloud-embracing environment.
CISOs are called on to fill the twin roles of operational expert and strategic planner. Many CISOs struggle when developing a strategy because they have not been exposed to this process. A few pragmatic steps can help ensure that your strategy is useful. This session will address the following: • What are the elements that you must consider? • What pragmatic steps can you take during its development to ensure success? • What safeguards do you need to support successful execution?
Midsize enterprises (MSEs) focus their security budgets on preventative security technologies, leaving them exposed as external threats are increasingly able to get past those controls. This session will help MSE organizations understand the need for detection and response capabilities and how to utilize them through the right combination of people, processes, technologies and services.
Security orchestration, automation and response (SOAR) tools have been growing in popularity as organizations try to introduce automation in their security operations practices. This session defines this emerging technology and presents emerging deployment and operations practices. Questions covered: • What is SOAR • Do I need it? Who does? • How are organizations using SOAR tools? • What are the best practices in deployment and use of SOAR tools?
Almost all successful attacks originate from the public internet. Users who succumb to browser-based attacks and services are at risk from network designs that accept unsolicited connections. Not meant for a complex and interconnected world, traditional browsers and network DMZs are now obsolete. Security leaders can reduce risks using software-defined perimeters, browser isolation and other techniques that isolate users and applications from the internet.
One critical requirement of an organization's risk maturity is an effective organization to manage evolving risks as the organization responds to digital business pressures. This presentation explores the skills, organizational structures and processes needed by an organization to be successful in managing digital risks.
Business requirements drive organizations to connect their IT and OT. This alignment between IT and OT requires organizations to rethink their approach to securing the traditionally separate IT and OT worlds. This session will cover best practices on getting security governance right in an aligned IT/OT world, tips on how to deploy common teams and the role of the digital risk officer.
Windows 10 is getting unprecedented rapid implementation in the enterprise. This session will: • Look at the most significant security improvements in Windows 10. • Compare and contrast optional Windows 10 security features to third-party solutions. • Provide implementation guidance to ensure that the security improvements are getting deployed. • Look a the future of Windows security in the enterprise.
Diversity in tech matters—for innovation, for product development, for revenue/profits, for meeting future workforce demands, and for closing economic and wealth gaps. Despite billions of dollars spent in recent years to increase diversity, biases and barriers exist throughout the tech pipeline from K-12 education through the tech workforce and venture capital. This workshop will address how the tech culture drives out talent, resulting in a revolving door for underrepresented groups.
From the likes of WannaCry, Petya and others, cyberattacks are more frequently and more significantly disrupting business operations. This workshop presents a combination of information security, crisis communication and coordination best practices. It also examines how backup/recovery can be used to remediate an attack. Key issues covered, include 1) The philosophy of resilience. 2) Necessary organizational alignment. 3) Tools that are already available to fend off attacks.
Proofpoint: Additional Session Details Coming Soon
Additional Session Details Coming Soon
CenturyLink: Additional Session Details Coming Soon
KnowBe4: Additional Session Details Coming Soon
Verizon: Additional Session Details Coming Soon
WhiteHat Security: Additional Session Details Coming Soon
Trustwave: Additional Session Details Coming Soon
Vectra: Additional Session Details Coming Soon
CA Veracode: Additional Session Details Coming Soon
IoT devices generate a huge amount of data, which may include sensitive personal data. As regulations and awareness of privacy increase, security leaders require a consistent approach with data security and privacy. What are the concerns with IoT security? What are the legal implications of regional privacy laws such as GDPR? What approaches should be considered when embarking on IoT initiatives?
If you are still struggling with getting beyond passwords, better times are coming. The conjunction of increasing online use cases and competition for embedded biometrics in next-generation hardware is propelling opportunities for advanced authentication techniques. This presentation will chart a course for clever, subtle and transparent identity management.
When building a security operation center, or trying to improve the visibility over threats, an abundance of new technologies overwhelm security leaders with too many options. This session will highlight the benefits and compare the use cases for the most useful security analytics tools. Technologies covered in this session include: SIEM, network traffic analysis, user behavior analytics, endpoint detection and response, intrusion detection, full packet capture and SOAR.
Enterprise firewalls, cloud access security brokers and secure web gateways all form important parts of the enterprise perimeter defense. But the common feature sets of these three approaches overlap substantially. In this session, we will address the points of overlap and help you determine when good enough is in fact enough, and when nothing less than best-of-breed functionality will do.
Mobilizing a security champion program gives security and risk management leaders a geographically and organizationally dispersed team of knowledgeable employees whose focus is to reinforce key security messages and enable long-term behavior change, ultimately driving a more security-aware culture. This session will focus on how to: 1) Get executive support for the security champion program by aligning the overall program objectives directly with company objectives. 2) Build a network of champions that is inclusive of all roles and geographies across the enterprise. 3) Present to candidates the role of a champion as a developmental opportunity and integrate it into performance development plans. 4) Allow champions to take creative liberties with the content to better suit their audiences.
This session will present leading endpoint security vendors and will examine the features and strategies that make them attractive. Key issues covered: • What are the features of a market leading endpoint security platform that integrates prevention, detection and response into one combined solution? • Who are the leading endpoint security vendors and why does Gartner consider their solutions "market leading"?
Governance is about getting business stakeholders to be accountable for risk decisions. Understanding your organization's risk appetite is at the core of establishing proper accountability for managing risk. The only way to make that work is to understand, or more accurately help them understand, what their appetite for accepting risk is. In other words, how much risk are THEY willing to accept?
Hackers — worst nightmare or potential ally? The term hacker carries a wide range of connotations. In this session, meet a real-world hacker who will answer questions about what it means to be a hacker. Why do they do it? How do they do it? What are some of the best and worst security strategies they've encountered? How do they go about breaking stuff?
Increasing regulatory and security threats are pushing a lot of security and risk management leaders to start a data classification initiative or revisit a previously unsuccessful one. This session provides a practical approach to implement data classification: 1) What policies and standards do you need? 2) How do you implement data classification successfully? 3) What role do tools play?
Microsoft: Additional Session Details Coming Soon
It is no surprise that the future of cybersecurity is moving toward automation, orchestration and a decentralized security function that rewards "versatilists" and shuns specialists. This is further augmented by the focus on promoting innovative technologies in advanced analytics, blockchain, AI/ML and such. The surprise is where this surge is coming from. Join us in this Maverick session to learn about how you can take advantage of this uprising from nontraditional actors in cybersecurity.
Kenna Security: Additional Session Details Coming Soon
PKWARE: Additional Session Details Coming Soon
Corelight: Additional Session Details Coming Soon
Good information security hygiene is a must, but many organizations lose focus on getting the basics right, leading to an unjustified level of confidence in risk posture. Join us and learn: • What are the key activities, capabilities and practices for organizations? • What are the activities that you can delay or even skip entirely? • Why doing the basics is more important than ever.
Threat hunting (TH) is very hot, but very few organizations actually do it. Attend this session to learn the basics of practical hunting and how to start your TH effort. Key issues covered in this session: • What is TH? • How do you incorporate TH into your SOC processes? • How do you develop a basic TH capability? • Where do you get ideas on what to hunt for? • How do you measure TH successes?
Workplace fraud remains the most common type of fraud faced by organizations, yet only 30% of organizations automating business processes using complex applications for ERP, CRM or EHR have adopted tools for continuous monitoring of risks associated with segregation of duties (SOD) conflicts and access to sensitive information. This session will explore how leading organizations are progressing beyond mere regulatory compliance and managing their security and fraud risks through use of SOD controls monitoring tools.
Security and risk leaders are grappling with how to secure intellectual property and other digital assets in a rapidly-shifting data center. Considering that most networks are still flat, a move to private or public cloud provides opportunity to logically wall off critical assets. This talk examines segmentation decision factors and enumerates best (and worst) segmentation practices.
Emails get spoofed. Sometimes it's a prank but increasingly it's the vector for fraudulent criminal gangs. Impact can be loss of confidential data, actual financial losses through fraud or blackmail and extortion. Email has remained the dominant B2B communication channel for years and is likely to be so for the foreseeable future. Let's look at how we can fix it — not just for ourselves but for our customers, supply partners and employees.
Privacy is considered a human right in most jurisdictions of the world. Yet, with multiple privacy laws globally being strengthened, privacy incidents keep happening. Is there an implied business case to ignore it? Is privacy overrated? Is it dead? Are there benefits to "get it right"? In this analyst debate, we intend to explore the benefits and disadvantages of privacy protection in the employment, government, and commercial interaction environment.
From complying with legislation and executive orders to the reality of constant threats and attacks, learn how federal CIOs do it all. This lively panel discussion, featuring federal CIOs, will address challenges, lessons learned and best practices that you can apply to your own world. It will also discuss the future of cybersecurity in federal agencies.
It seems commonplace for security products of all types to claim "now with machine learning" or other such claims to using analytics. As a provider, how do you successfully integrate analytics techniques to stand out in this noisy marketplace, and create measurable customer value? This session discusses what analytics methods are most useful, how products or solutions can be improved with analytics and how to go to market using analytics as a competitive differentiation.
The EU-GDPR now in effect is very much on the mind of end-user organizations. This session aims to generate a conversation between entities to learn best practices and address overall concerns. Preregistration is required. Seats are limited.
This analyst-user roundtable with provide a forum for conference attendees to discuss how different organizations develop, use and report on BCM program metrics, KPIs and KRIs. Preregistration is required. Seats are limited.
This roundtable will feature a facilitated peer-to-peer discussion on the challenges associated with securing the enterprise against the threats posed by the proliferation of IoT and industrial IoT devices and the ways enterprise security professionals have been successful in implementing security programs around IoT. Preregistration is required. Seats are limited.
If you've had an audit finding that your infrastructure is not protected because you have no visibility and control of unauthorized devices, you know the importance of responding quickly. Participants in this session will share their best practices for mitigating implementation complexity. We’ll also discuss ground rules for access policy to cover most common use cases. Preregistration is required. Seats are limited.
Midsize enterprises are defined as organizations between $50 million and $1 billion in annual revenue and fewer than 1,000 employees. This roundtable discussion focuses on practical data security options for the midmarket. Preregistration is required. Seats are limited.
Participants in this end-user roundtable will compare notes on the best practice for the care and feeding of SaaS. We will discuss shadow IT, integration with identity services, the use of CASB, backup and recovery options. Can policy and planning actually reduce the pain and cost of SaaS, or is the situation permanently out of control? Preregistration is required. Seats are limited.
This workshop discusses real-world experiences on solving the challenges associated with identifying users and devices in a mobile landscape. It also discusses the convergence of enterprise mobility management (EMM) and IAM technologies and the implications this poses to an organization. Key Issues: • Do I need to implement mobile identity? • If so, how? • What are the best practices in deploying it?
Security metrics are hard to do. A credible security metrics dashboard must inform management about the security posture of the organization in relevant business terms and preferably show how the security team is supporting business outcomes. It is possible to achieve this. Key Issues: • What are the basic building blocks of a balanced scorecard for information security? • How do I go about building one? • What does a sample scorecard look like?
Fortinet: Additional Session Details Coming Soon
Sophos: Additional Session Details Coming Soon
Digital Guardian: Additional Session Details Coming Soon
ReliaQuest: Additional Session Details Coming Soon
Hitachi ID: Additional Session Details Coming Soon
PhishMe: Additional Session Details Coming Soon
AlienVault: Additional Session Details Coming Soon
CheckPoint: Additional Session Details Coming Soon
Varonis: Additional Session Details Coming Soon
In today's increasingly interconnected world, insuring resilient infrastructure extends beyond the core data center. In this session, we will look at key points that have tripped up many companies when unexpected failures have occurred in seemingly innocuous or uncorrelated systems and how Site Reliability Engineering practices can be used to help identify where the next big outage may cascade from.
Cloud access security broker (CASB) is the new Swiss Army knife for the cloud, come see all the different use cases this new four-letter word will help secure in your cloud services. CASB is to SaaS as the firewall is to corpnet. Come learn how to take advantage of CASBs as your business continues to migrate more services to the cloud. We will discuss the different use cases and best practices on how to deploy CASB.
Governance, risk and compliance management served an important purpose in the first decade of the 21st century by focusing organizations on key business concerns that threaten their performance. However, its effectiveness in raising awareness of cross-domain concerns in risk management has not been realized. Integrated risk management attempts to address cross-domain concerns that digital transformation initiatives bring to organizations to ensure safe and secure business.
The OT infrastructure is undergoing profound and rapid evolution, driven by IoT and increased penetration and dependence on technologies. However, organizational cultures change slower than technologies and infrastructure, while allowing for misconceptions and false beliefs to take root. Misconceptions and false beliefs create a barrier to better security postures. This high energy presentation will analyze the most common and harmful myths and provide actionable recommendations for security and risk management leaders, enabling better organizational security postures.
With cloud becoming a must-have or can't-avoid for many organizations, security teams are increasingly concerned with advanced attacks and regulatory requirements around data confidentiality and privacy. This session first covers basic encryption and key management in the cloud, and then examines other techniques — including emerging hardware-based approaches — that increase the trustworthiness of cloud-based infrastructure-as-a-service (IaaS).
We must quantify our risks! So says everybody. But what if we are wrong? Risk communication has long focused on quantifying financial impacts over poorly-defined scales and time. Years of cognitive research tell us that emotions are frequently at the core of decision making. What is risk sentiment? Do you know how risk sentiment impacts your decision makers? How can SRM leaders leverage risk sentiment to guide better decision making in your environment?
If your infrastructure has been taken down by a DDoS attack, you know how painful it can be. In this session, we will analyze strategies for mitigating DDoS attacks and provide guidance for finding a solution and what enterprises and providers alike should be doing to protect themselves from becoming imminent victims.
The data security ecosystem is one of, if not, the largest in security. End users have so many products to choose and no shortage of vendors to choose them from. It may be time to redefine, merge and rebuild. This session aims to reshape how the data security landscape needs to evolve between technologies and existing capabilities.
We can't prevent all threats, but it doesn't mean people working on security monitoring and operations can't start detecting and responding. But how do you do it without breaking the bank? How should you start with detection and response? This workshop will go through a structured approach to find out: 1) What are the basic processes and tools to get right? 2) How do you succeed with a small team? 3) How do you use third parties gracefully and effectively?
Many midsize enterprise IT leaders responsible for security and risk management struggle to understand how to develop their strategy because they have not been exposed to this process. In this workshop, we discuss some of the elements and get you started on your own strategy.
Organizations are regularly adopting agile development methodologies and DevOps initiatives. Application security process and technology best practices are abundant, but not all of them fit in the world of rapid application development and delivery. This session will highlight some of the areas of opportunity for security automation as well as pitfalls that may inhibit application releases.
The pressure is growing for senior executives, such as CFOs, to become more engaged in the governance and implications of security and risk management. That's why it is imperative for security and risk management leaders to identify the issues that CFOs care about, which is what this session will cover.
Offering a broader scope of services — and a much wider range of talent — than traditional penetration testing services, crowdsourced security testing platform vendors are enjoying increased acceptance and market growth. We'll examine why buyers are opting for these programs, what issues might hold back adoption and offer a high-level competitive landscape of principal vendors.
This session will provide an update on the latest techniques, tools and process that security practitioners can use to detect attacks and enhance protection at the edge, at the endpoint and address internal threats that have breached the edge of their network perimeters. This session will also cover the reason deception is a key ingredient to a mature security program and why this technology can change the game of defense.
It’s not your IT anymore. Whatever you think you know to maintain information security integrity after forfeiting your infrastructure is already obsolete. This presentation will show you ways to adapt to the extreme fragmentation through application of UEM concepts and a spectrum of risk-versus-trust choices.
New technologies like blockchain and smart contracts are rapidly gaining mainstream acceptance and may fundamentally alter the way business is conducted. Even today, we are placing mission-critical trust (and millions of dollars) into smart contracts. How do security leaders ensure business suitability in the event of an incident? What can we do to avoid some of the pitfalls of new technology?
This session will review the components of an IT disaster recovery management program. Assessing maturity for both processes and technologies is required to enable organizations to have effective and successful programs. The six domains that will be discussed include: governance, recovery objectives, recovery strategies & capabilities, plans, exercises, and program management.
IT buyers just want to fix today's problem. But it’s time for you to think like an investor, and not get burned over the next technology shift. Learn how to make a strategic security roadmap, using Gartner's hype cycle and other predictors. Consider the long- and short-term behavior of vendors, their influence on your business integrity, and decide when it’s time for new partnerships.
Gartner research shows that success in the digital business revolution requires material culture changes inside and outside of IT. Organizations are limiting themselves through fear of technology, while the line between technology and business outcomes is disappearing. Non-IT executives treat security like a cost center and do not understand how to accept technology risks. A risk-aware culture must be developed and mature. Come hear about this ground-breaking research that links digital business success to culture and risk.
Raytheon: Additional Session Details Coming Soon
Synack: Additional Session Details Coming Soon
ForeScout: Additional Session Details Coming Soon
Centrify: Additional Session Details Coming Soon
SailPoint: Additional Session Details Coming Soon
ESET: Additional Session Details Coming Soon
Cyxtera: Additional Session Details Coming Soon
Tanium: Additional Session Details Coming Soon
Most organizations are strewn with myriad epitaphs for failed data security, data governance programs, compliance by tagging — the list never ends. Why? Because the most critical and centralized component is an afterthought. Is classification finally ready for "prime time," including effective ML and AI? What are data hubs and why are they critical for effective classification? How do we make sure that we are not just writing the next grand classification program eulogy?
Application control (or whitelisting) technologies have a well-deserved reputation for being difficult to implement and burdensome to manage. Managing reporting, application onboarding, and the exception handling process all contribute to lowering the value of this approach, but it doesn't have to be that way. In this session, we will explore ways to blunt the administrative impact of application whitelisting in your enterprise.
This session addresses the challenges of managing and securing mobile devices for midsize enterprises (MSEs). Midsize organizations often have similar requirements to large enterprises but the solutions to these problems can be radically different. This session will address the following questions: • What are the differences for MSEs when securing mobile devices? • What can MSEs do to limit risk with less resources?
IT resilience is a frequently used, yet often misunderstood, term. Identifying the relevant management disciplines, scope of deployment, success metrics and compelling business cases are all critical success factors. Experience and lessons learned from ITScore for business continuity and IT disaster recovery, as well as industry best practices, will be leveraged in the presentation of a step-by-step process for creating a viable and sustainable IT resilience program as well as a self-assessment scorecard.
With the advent of wide-scale attacks on the financial ecosystem and other key industries, today's information security leaders must respond effectively. Attend this session to explore the answers to the following questions: What should information security leaders do? How should they communicate with executive management that a successful attack is not only likely, but inevitable? What key tactics should they implement? How should they energize their team and how should they communicate with their stakeholders?
Hybrid cloud will be the reality for the vast majority of enterprises for at least the next five years. Rather than create silos of security tools and processes for on premises infrastructure and cloud services, we recommend a strategy for a "single pane of glass" for visibility and control of hybrid cloud infrastructures. This presentation will explore technologies and processes to make this possible including cloud workload protection platforms and security configuration assessments.
The vendor landscape for integrated risk management (IRM) solution is dynamic. This session will provide an overview of the current state of the IRM solution provider landscape and recommendations on how vendors can deliver differentiation to their solution.
As the external threat landscape becomes more hostile, compliance and regulatory requirements become more common and information security resources become increasingly scarce, organizations will be forced to rely more on service providers to deliver threat detection and incident response capabilities. This session will address issues such as: 1) What services are available on the market? 2) What should you look for from services providers? 3) What future opportunities will exist?
Using the Senate Testimony of former Equifax CEO Richard Smith, Gartner presents a timeline of events and a current analysis of factors that put senior non-IT executives at risk following a cybersecurity event. Learn how defensibility and corporate culture are key attributes when developing a cybersecurity program that balances the need to protect with the need to run your business.
This session will cover five use cases that people need to be considering for their IDS/IPS, but probably aren't today. These are: Virtual patching, public/hybrid cloud, flat internal networks, UEBA, and retrospective analysis of network traffic. Attendees will learn the pros and cons for addressing these often overlooked use cases. Key issues covered: 1) What are these five use cases? 2) Why they are helpful for a security operations/monitoring program. 3) How are they implemented?
Good security policy is a fundamental component to a sound information security posture, but security and risk management leaders may struggle to write effective policy documents, resulting in inflexible policies that can do more harm than good. What are the five biggest mistakes made? How can you avoid these mistakes and improve your policy by avoiding these common mistakes?
Blockchain has become a much-hyped technology. As such, security and risk leaders must understand what this technology is and isn't. This session aims to provide a "blockchain 101" presentation and answers to some common questions about this new technology. Is blockchain the next new best thing? What are the implications of blockchain for security and risk management leaders? What's hype versus reality?
Tier-1 cloud providers have spent an increasing amount of resources building out security features on their platforms over the past 18 to 24 months. Their direct competition with security vendors in many segments and desire to partner impacts competitive dynamics across the security market. This presentation analyzes the impact of cloud providers becoming security vendors.
Security information and event management (SIEM) technologies have been around for almost two decades, and have evolved and adapted as use cases and the external landscape have changed over time. SIEM tools are far from dead, but change is happening. This session will cover how SIEM technologies are evolving and what the future of SIEM solutions will look like.
Digital business transformation has brought about a new set of risks — digital risk. The digital risk management (DRM) solution market has emerged to help organizations integrate the management of risks associated with digital business components, such as cloud, mobile, social, big data, third-party technology, and OT/IoT. This session will provide an overview of the DRM solution market and how organizations should manage digital risks.
Users seem to be connecting to everything but their enterprise gateway these days and secure communications are in flux. Enterprises have lost integrity and control over endpoint communications. This presentation reviews your options for secure communications when the cloud has turned your network upside down, and considers several forms of mitigation including new uses for CASBs.
Bots are a growing menace to web applications and APIs. Some bots are obviously bad but some are well-intended and yet have a detrimental effect. This sessions covers various types of bots, techniques for identifying them, controls to deal with bad behavior, and the technologies that implement them. Also covered is the overlap of bot mitigation with denial-of-service and attack prevention.
Enterprises have had a wake-up call over the last few years as their data assets have been increasingly plundered, with increasing financial liabilities. Users need access to data to do their jobs, but not all data. Data-centric audit and protection tools must be applied to detect potential malicious activity before it results in a breach.
This session will present a decision framework for selecting your organization's solution set for the BCM program software ecosystem. A choice between pure play and suite vendors is dependent upon your current ecosystem and where the gaps are.
Ever-increasing cybersecurity threats result in organizations trying to grow their digital security teams. However, this also means that the existing shortage in qualified, experienced security people is increasing. This presentation, based on case studies, will share how taking a "lean" approach to staffing the security team can help alleviate this challenge.
By recognizing the respective roles and cumulative impact of data management and security practices, security and risk management leaders will get more efficient and regain control of their unstructured data within their organization. Attend this session to address these key issues: 1) How do data management and security best practices contribute? 2) How do you enlist data owners in managing access to data? 3) How important is continuous monitoring?
Digital business opportunities have led to an explosion in new web applications, leveraging the latest progresses in development methodology, scalable architecture, and continuous integration tools. These applications are built on communication APIs that require a different approach to security than the traditional web applications. This session describes available solutions to protect web APIs and suggests a framework to initiate an API security program.
Solutions and services to support vendor risk and security efforts continue to emerge. These solutions include integrated risk management (IRM) and security rating services (SRS). This session will provide an overview of the market and recommendations for their use. What are the emerging services and solutions best suited for vendor risk management?
User and entity behavior analytics (UEBA) based on machine learning is not just a tool for smarter offline analysis. Machine learning can now support real-time automated data-driven access decisions. Organizations are starting to use machine learning tools and techniques to provide intelligent adaptive access management to meet the usability and security demands of modern digital business.
Intuitive approaches to role management at an enterprise scale lead to the adoption of simplistic models that are usually ineffective and often counterproductive. IAM leaders should use Gartner's two-layer enterprise role framework to organize and scope role management across an entire organization with their IGA solutions. Key issues include: 1) Why is role management so difficult at an enterprise scale? 2) How should IAM leaders be thinking about enterprise role management? 3) What are the essential elements of a two-layer enterprise role management framework?