2016 FS-ISAC Annual Summit brochure

Transcription

2016 FS-ISAC Annual Summit brochure
www.fsisac-summit.com
www.fsisac.com
On behalf of FS-ISAC and the 2016 Spring Summit Planning Committee, I am
very pleased to welcome you to the 2016 FS-ISAC Annual Summit.
At the end of every year, I reflect that the many challenges facing our sector
continue to be daunting and 2015 was no exception. The boundaries and
the perimeter that were once ours seemed to have evaporated with more
business and IT processes moving to the cloud. We are now faced with the
internet of things as well as petabytes of “big data’ that our business partners
want to leverage, our legal team wants to defensibly delete and our security
teams are tasked with protecting.
The threat landscape, technology innovation and the continued focus on
cyber security as primary and secondary threats continue to be at the core
of our concerns as security professionals. Having the latest information on
threats, sharing of best practices and trends across our sector has become
more important than ever. FS-ISAC plays a vital role in making that happen.
Because there is “strength in sharing”, FS-ISAC continues to push the envelope
when it comes to gathering reliable and timely information from financial
services providers, commercial security firms, federal/national, state and
local government agencies, and other trusted resources and disseminating
that information globally. They have set a high standard for themselves when
it comes to the quality of the information they share, the access to trusted
partners they provide and the content they deliver through their annual
conference.
If you have joined us at previous events, you already know that the FS-ISAC
conferences offer excellent content from industry leaders as well as amazing
venues with ample networking. This year’s Annual Summit, to be held at the
Loews Miami Beach Hotel, once again aims to exceed your expectations with
content covering Governance, Data Protection, Threat Intelligence and cyber
attacks. The FS-ISAC is also delighted to have as keynote Presidential Historian
and Pulitzer Prize-winning Author Doris Kearns Goodwin.
Whether you are representing a global bank, community institution, large or
small insurance company or any company in the financial services sector, we all
have a common goal and that is to protect our company brand and the data
that has been entrusted to us. Come join us as there is “strength in sharing”.
I look forward to personally welcoming you in Miami, Florida, May 2016.
Lynda Fleury
Chief Information Security Office
Unum
Conference Chair
2016 FS-ISAC Annual Summit
FS-ISAC Mission
Statement
The Financial Services
Information Sharing
and Analysis Center
(FS-ISAC) is a non-profit
corporation that was
established in 1999
and is funded by its
member firms. The
FS-ISAC is a memberdriven organization
whose mission is to help
assure the resilience
and continuity of
the global financial
services infrastructure
and individual firms
against acts that could
significantly impact
the sector’s ability to
provide services critical
to the orderly function
of the global economy.
The FS-ISAC shares
threat and vulnerability
information, conducts
coordinated contingency
planning exercises,
manages rapid response
communications for
both cyber and physical
events, conducts
education and training
programs, and fosters
collaborations with
and among other key
sectors and government
agencies.
Learn more at
www.fsisac.com
FS-ISAC Spring Summit 2015 | Loews Miami Beach Hotel
2 • www.fsisac-summit.com
Who Should Attend?
Why You Should Attend
• CEO/Bank Owners, CISO, CSO, CIO, CTO, and CRO
• Presentations by over three dozen Senior
Executive FS-ISAC members
• Head of Threat Intelligence
• Concrete take-aways including case
studies and best practices
• EVP, SVP, VP, and Director of these areas:
- Security Operations
- Business Continuity
- Fraud
- Audit & Compliance
- Investigations
- Payment Risk Management
- Physical Security
- Payment Operations
• Payment Line of Business Managers including:
- Online Banking
• Interactive sessions that allow for strategic
and solution-oriented discussion
• Actionable information & sharing designed
specifically for financial services institutions
• Complimentary attendance for Premier
and above members
- All meals and events during the
conference are included
- Online Treasury Management
Attendance Restrictions
The FS-ISAC Annual Summit restricts attendance to regulated financial services firms, relevant public
sector entities, and country-level banking associations and payments associations. Examiners and those
responsible for informing public policy are not eligible to attend. If you have questions regarding
eligibility contact marketing@fsisac.us.
FS-ISAC Affiliation
registration
Platinum/Gold/Premier Member
Early Bird (ends 4/1) Standard Registration (after 4/1)
COMPLIMENTARY
COMPLIMENTARY
Standard Member
$795
$1,250
Basic/Core Member
$895
$1,500
CNOP (Critical Notification Only Participant)
$895
$1,750
Eligible Partner ISAC/ISAO Member
$895
$1,750
Government
$895
$895
Non-Member (eligible FI only)
$895
$1,750
Guest*
$895
$895
*Guest registration may include spouse, family members, significant others, etc. but does not apply to
colleagues or other practitioners in the financial services community. Guests do not attend sessions, but
only meals and networking events.
Conference Registration Cancellation
Cancellations received prior to April 25 will not be subject to a cancellation fee. Cancellations received
on or after April 25 will be subject to a $200 cancellation fee. This applies to all Members at all tiers
as well as Non-Member, Guest, Government, CNOP, and BITS member registration regardless of
registration fee paid. Any member/non-member cancellations must be received via email to summit@
fsisac.us. Registrations are transferable within an organization without penalty.
Online Registration
www.fsisac-summit.com/attendee-registration2
www.fsisac-summit.com • 3
Loews Miami Beach Hotel
1601 Collins Avenue
Miami Beach, Florida, 33139
Phone: (305) 604-1601
Reservations
location
Phone: (877) 563-9762
www.fsisac-summit.com/spring-hotel-travel
When making your reservation, be sure to mention that
you are attending the FS-ISAC Annual Summit so that
you receive FS-ISAC’s discounted group rate of $259
per night. This rate is available until April 15 or once the
block is full, so be sure to make your reservation early to
avoid disappointment.
Airport and Transportation
Miami International Airport (MIA) - 12.8 mi from hotel
Fort Lauderdale Airport (FLL) - 33.4 mi from hotel
Parking
On-site overnight parking fee: $40.00 USD daily
Garage across street parking fee: $16.00 USD daily
What our members are saying about the Annual Summit...
”Great variety of topics…
excellent venues…
keep up the good work...”
FS-ISAC Spring Summit 2015 | Loews Miami Beach Hotel
Doris Kearns Goodwin
World-renowned Presidential Historian | Pulitzer Prize-winning Author
keynote
Goodwin is the author of six critically acclaimed and New York Times best-selling
books, including her most recent, The Bully Pulpit: Theodore Roosevelt, William
Howard Taft, and the Golden Age of Journalism (November, 2013). Winner of the
Carnegie Medal, The Bully Pulpit is a dynamic history of the first decade of the
Progressive era, that tumultuous time when the nation was coming unseamed and
reform was in the air. Steven Spielberg’s DreamWorks Studios has acquired the film
rights to the book.
Well known for her appearances and commentary on television, Goodwin is seen frequently on
television networks NBC, MSNBC, CBS, ABC, FOX, CNN, as well as The Charlie Rose Show and Meet
the Press. Other appearances have included The Daily Show with Jon Stewart, The Colbert Report, The
Late Late Show with Craig Ferguson, The Oprah Winfrey Show, The Tonight Show with Jay Leno, and
many more. Goodwin has served as a consultant and has been interviewed extensively for PBS and
the History Channel’s documentaries on President Lyndon B. Johnson, the Kennedy family, Franklin
Roosevelt, Abraham and Mary Lincoln, and Ken Burns’ The History of Baseball and most recently Burns’
The Roosevelts: An Intimate History.
Among her many honors and awards, Goodwin was awarded the Charles Frankel Prize, given by the
National Endowment for the Humanities, the Sarah Josepha Hale Medal, the New England Book Award,
and most recently the Carl Sandburg Literary Award and the Ohioana Book Award.
4 • www.fsisac-summit.com
platinum
gold
TM
silver
Amazon Web Services
BrandProtect
Carbon Black
Citrix
CrowdStrike
CyberArk
Cybereason
DB Networks
Easy Solutions
Endgame
FourV Systems
Fox-IT
Intel Security
Interset
KnowBe4
LemonFish
NuData Security Inc.
Phantom Cyber
Prelert, Inc.
Prevoty
Shape Security
Synack
TITUS
Waratek
www.fsisac-summit.com • 5
A Case Study of Targeted Destructive Malware
When destructive malware is successful, it can have immediate and long-term impacts. This session
will discuss a recent targeted attack in which hundreds of systems were wiped across multiple sites of
an organization. The attack harnessed the administration infrastructure and then utilized interesting
techniques to possibly thwart investigators. The presentation will cover the attack details, how the
wiper worked, and show the messages left behind; as well as identify areas of weakness to form lessons
learned.
An Inside-Out Approach to Security
Based on our analysis, when employees leak sensitive information outside of an organization, 90% of the
time they are legitimate users who innocently send out data for business purposes. In this presentation,
we will discuss how organizations need to take an inside-out approach to security. This can be achieved
by continuously monitoring, analyzing and building profiles on insiders within organizations, including
employees and third party vendors. This can identify out of the norm behaviors and those abusing
privilege access.
Assessing Community Bank Risks Using the FFIEC Self-Assessment Tool
In this panel discussion, learn how community institution members are using the automated FFIEC
Cyber-Security Self-Assessment tool to identify their inherent risks and gauge the maturity of their
cyber-security programs.
Beyond Eye Candy: Data Visualization In The SOC
session descriptions
Traditional SOC displays have been a source of tension among competent cybersecurity professionals.
While having the flashiest “pew-pew” graphics may provide eye candy for senior management and
outside regulators, few visualizations stand the test of intelligent questioning around their value to
security operations and the CISO. We will explore several new ideas that strike a balance between
visual pop and actionable, useful information while discussing how analysts can effectively interact with
a centralized display environment.
Big Data, Banking, and Blockchain: Plotting Your Digital Course to Competitive Advantage
Blockchain technology has seen rapid adoption from multiple consumer facing businesses looking to
support their global digital customer base. With increased focus from financial institutions delivering
payment and commerce tools leveraging this underlying capability, Blockchain is set to transform and
disrupt business throughout the coming decade.
For upstarts and mature businesses, Blockchain frameworks will spawn new lines of business that
deliver the ultimate in secure and anonymous transactions for users and payment processors. In the
undercurrent of this transformation, Blockchain technologies present new implications on consumer
acquisition and retention, Big Data strategy, business policy, and security protocols.
Leveraging a panel of industry experts, the moderator will unpack the most critical issues that financial
services and insurance industry executives must know for 2016 and beyond.
Breaches and Boardrooms
Cybersecurity is a topic that has now breached boardrooms. Everyone from the CEO to board members
want to know that the organization they are running is safe from cyber threats. Not properly addressing
a cybersecurity risk could prove costly-- in money, time, reputation, legal and potential lost customers.
This session will discuss proper security posture in which includes; what information, stats, and reports
are important as well as go over what metrics you should care about.
Building a Data Processing Platform to Streamline Threat Intelligence
This session will describe how IT analysts can utilize automation to reduce the amount of time spent
monitoring and searching for relevant information, while improving the overall awareness and security
6 • www.fsisac-summit.com
posture of their organization. It is easier to build an open-source based platform tailored to your organization’s
specific intelligence priorities; one that can ingest massive amounts of any data type or source, which can be
enriched, correlated and contextualized; with little budget and staff.
Citi Cyber Security Fusion Center- One Year Later
Cyber Security Fusion Centers have grown in popularity. Citigroup was one of the first FIs to have a Cyber
Security Fusion Center. With that being said, Citi’s Cyber Security Fusion Center has passed its one year mark.
We recently presented to the Fall Summit 2014 during our grand opening. For this upcoming Summit we will
present on the lessons learned after one year.
Cognitive Security - How to Deal with Polymorphic Cyber Attacks
Hear and see the latest in applying Cognitive Computing to Security, more commonly known as ‘machine
learning’ to see how machine-based learning is used to model access and behavior patterns by mining network
and application data for detection of anomalous, likely-threatening malicious patterns. See how Cognitive
Security is being applied in the Financial Services Sector, including use cases for cognitive security deployed to
address the most sophisticated cyber attacks and how it can be used to detect and protect organizations from
cyber threats today and tomorrow.
Collaborational Threat Intelligence, Beyond Automation and Sharing
Following last year’s “Sharing is Only the Beginning,” we will walk through use cases and tools deployed
to leverage shared information and produce intelligence out of sharing initiatives. This session discusses
the automation efforts to support integration, enrichment and exploitation of technical intelligence, and the
evaluation of sharing initiatives as a source of information.
We will explain the different (non-)technical challenges around collaborational production of threat intelligence
in the context of the CSSA association in Germany.
Community Sized Institutions, Trials and Tribulations of Information & Cyber Security
This will be an interactive panel with the audience to discuss current issues and the creative ways we need to
address them with limited staff and budgets.
Controlling APT Threats Through Cyber Deception
In this session, we will describe the concept and implementation of Cyber Deception, an upcoming trend
predicted by Gartner to be used by 10% of all organizations by 2018. This session will explore the ‘Observe,
Orient, Decide, Act’ methodology, a strategy that limits threat actors’ situational awareness, effectively
controlling where they go once inside your environment as well as how deception technology can affect other
areas in finsec such as anti-fraud.
FS-ISAC Spring Summit 2015 | Loews Miami Beach Hotel
www.fsisac-summit.com • 7
Correlating Threats Using Internet Snapshots
Imagine you had a snapshot of the Internet when performing analysis. The presenting company crawls
millions of digital assets everyday, producing hundreds of data points for analyst to use when researching
threats. This session will highlight on non-traditional datasets like SSL certificates, SSH keys, and page
content as correlation points. Attendees will leave with a deeper understanding of threat infrastructure
analysis and how less well known datasets could be used to surface connections where WHOIS and
passive DNS fail.
Creating a Large-Scale Threat Intelligence Database
With the shear volume of malware and feeds, it’s hard for responders to keep up. This session will
cover creating your own threat intelligence database of not only current threats, but past threats
making it possible to correlate attacks backwards to months...even years. Using open-source tools and
specific techniques, it becomes possible to mine indicators to respond to threats quicker. Adversarial
counterintelligence techniques to this tracking will also be discussed.
Creating and Maintaning a Cyber Threat Management Organization
This presentation will focus on both of the speakers’ experience as the leads for their companies, and
how they create and maintain this group, that consist of the following teams: Cyber Threat Intelligence,
Security Operations Center and Countermeasures.
CryptoWall v3
CryptoWall is one of the most lucrative and broad reaching ransomware campaigns on the Internet
today. Ransomware encrypts a victim’s files and demands payment in return for the key that can decrypt
said files. Ransomware will target files that may contain financial data, business records, databases,
family photos and movies. This presentation will provide an in-depth look at the inner workings of one
of the most lucrative malware schemes in operation today.
session descriptions
Cyber Fraud and Bitcoin Exchange
Bitcoin exchanges have become the commodity of rapid exchange for a number of physical and cyber
venues. This affects many parts of the business cycle and process from the ransom funds for executives,
key data, and bandwidth to extortion and blackmail. This presentation will explore the Internet of
Bitcoins as it pertains to cyber actors and operations to maintain an anonymous currency.
Cyber Risk Insurance: A Buyer’s Guide
The presenter will discuss the important elements to be aware of in cyber insurance from a buyer’s
perspective, based on an initiative from the FSSCC.
Cybersecurity Governance CEO Panel
The panelists will discuss:
• Top cyber security concerns of CEOs and boards of directors;
• Changes that CEOs and their leadership teams have made in response to cyber risks (and future
plans if this is something that the CEOs are comfortable discussing);
• Successful (or unsuccessful) tactics CISOs and CIOs use to secure additional resources from CEOs;
• Top regulatory compliance challenges and concerns; and
• Actions that individual firms, key players in the financial sector, key players in other sectors, and
U.S. foreign government agencies must take to mitigate cyber risks.
Cybersecurity Risk and Resilience: How the Hunted Become the Hunters
Information stored by Financial Services companies are ‘big game’ to cybercriminals, but what happens
when the hunters become the hunted? This session will provide strategies and tactics for developing an
8 • www.fsisac-summit.com
advanced persistent response to gain greater cyber situational awareness and manage the actions of cyber intruders
in real-time. Attendees will also learn steps for developing a cyber resilience program (CRP), combining advanced
threat protection, detection techniques, and training to more effectively protect against sophisticated attacks.
Cybersecurity: Why Are We Failing?
The threats are continually evolving! Despite the increased investments in technology, we continue to see highimpact breaches. Clearly, something’s amiss!
This presentation will look at evidence from real breaches, and understand why technology-only approaches to
protecting our key assets are failing us. We can learn a lot from the military’s approach to effective intelligence
gathering, human conditioning, and how to operationalize them. This talk will endeavor to translate these
lessons to the realm of cybersecurity.
Designing a Cyber Playbook that Works
In this presentation, the presenters will discuss Synchrony Financial’s process, judged during a recent meeting
of underwriters at Lloyd’s of London that was “best in class,” for discovering, mitigating and responding to
data incidents. The presentation will describe how Synchrony’s cyber and physical security response teams are
integrated into an enterprise-wide playbook, and how the playbook is regularly refreshed to ensure ongoing
relevance in a swiftly changing operating environment.
Developing Effective Encryption Strategies (Case Study & Lessons Learned)
Data protection is at the center of a mature organizational information security strategy - and encryption plays
an important role in that strategy. Encryption can effectively protect data, even after other control factors. By
using this methodology, organizations can work through the complicating factors of deciding when, where and
how to deploy encryption to protect data. This presentation will walk through a real world engagement that was
conducted by former Big4 cyber security consultants.
Everyone has a Plan - Until They Get Punched in the Mouth
Effective incident response requires good planning, and a solid response plan to follow. But incidents are
unpredictable in how they unfold, and any incident response planning efforts need to take into account the
need for executive decision making to handle the unexpected. The panel will discuss how best to achieve the
balance between the need to plan and the need to give executives the freedom to respond to unanticipated
events during an incident.
Evolving Social Engineering Trends, Tactics and Techniques
Today, most Financial Institutions and organizations that conduct business online have either a vendor or an
internal security team to monitor, detect, and respond to online cyber attacks. (Phishing/Malware) The response
time to these types of attacks has decreased dramatically reducing their effectiveness. This has resulted in
Cyber Criminals developing new Social Engineering techniques that are more clever and advanced.
Financial Data Manipulation - The Next Cyber Battleground?
Today, everyone makes purchases online, from shopping carts to connected banking and emerging FinTech
companies. What actually happens when a consumer clicks “pay” and a bad guy manipulates the system to
their advantage? Today, it’s not just hackers - it’s people with industry expertise and financial know-hows that
are helping hackers to steal, delete and increasingly manipulate data to capitalize on it. Emails with insider
information can be used to manipulate stock markets and mess with data, altering it before it gets processed,
and changing it back when the transaction is complete.
With the rise of criminal groups attacking financial systems, stealing passwords for financial gain, and increasing
actual manipulating data - whether it’s financial or health - has everyone from the CTO, to the CEO and the
Board are looking for insight on how to use offensive tactics as opposed to relying on traditional cyber defenses.
The speaker will be discussing how the rise in digital connectivity and digital banking is becoming a hackers
playground for cyber manipulation and the steps necessary for financial services to react and become offensive
players against the next cyber battleground – Data manipulation.
www.fsisac-summit.com • 9
Fraud & Cybersecurity Controls from Scratch
The Fraud and Security teams will demonstrate how they went about building bank level controls,
alerting, and processes in Splunk that exceeded several of the vendor controls we could have used. We
will showcase the control types and methodology as well as how to join the cybersecurity analysts and
fraud analysts together to create proactive and reactive alerting to fraud.
How New York Life is Making Cloud a Strategic Advantage, Safely
New York Life, one of the world’s most venerable institutions, is making the cloud a strategic advantage.
With a board-level mandate to migrate key functions to the cloud, the organization is enabling some
of the most innovative SaaS tools for the business. NYL has a lot to gain, but also a lot to lose if
the initiative is not executed safely. Join the speakers for an interactive discussion about NYL’s best
practices for safely onboarding and standardizing on SaaS.
How to Get Control of Third Party Risk
Vendor risk management (VRM) is no longer emerging; it is here. Bank of the West, part of BNP Paribas,
has a robust vendor risk management program with best practices to share. Join the speakers to learn
how to deal with the evolving regulatory challenges, identify and address vendor risk management
gaps, and see where the financial services VRM landscape is heading.
In the Heart of a Breach: Lessons from Financial Services Cyber Attacks
Despite being early adopters of cyber security technology and investing millions on digital security,
breaches in the financial sector continue to occur at an alarming pace. This panel will deliberate how
the industry can better prepare for inevitable breaches, reduce costly mistakes and institute stronger
security measures across the enterprise. Panelists will share their expertise on reducing the attack
surface, assessing and managing risks from third-party vendors and improving cyber security literacy in
the C-suite.
session descriptions
Intelligence Collection Management in a Commercial Setting
Demo our collection management system that selects and evaluates intelligence vendors for use within
PNC. This session will also allow you to demo the collection matrix that informs our senior leadership
on intelligence collection coverage, gaps, and efforts to fill those shortfalls. This matrix is also used to
evaluate and align intelligence support to the specific defensive needs of the presenting company. We
will showcase this construct as an achievable model that all FIs can quickly implement to effectively
track their intelligence operations.
Introducing the FS-ISAC Threat Actor Wiki
Representatives from the FS-ISAC as well as other companies will present on the FS-ISAC Threat Actor
Wiki. The primary objectives of this Wiki are to: 1) Present information contained within the portal
regarding specific cyber threat actors in an easy-to-digest and consistent manner; 2) Provide members
the opportunity to contribute their knowledge and information to this Wiki for the benefit of the sector;
3) Raise the membership’s awareness/understanding of the threats to the financial sector.
Leveraging Threat Intelligence to Strengthen the Third Party Risk Management Process
Estimates for 2015 cite 888 data breaches world-wide with 63% of them related to third party providers
being exploited by threat actors. This presentation will discuss how this member is leveraging intelligence
to strengthen the third party risk assessment program by preparing auditors with actionable intelligence
to help identify any potential gaps in the third party questionnaire process.
Living on the Edge of 3.0
Soltra has been leading the open standards effort for security consumers everywhere. Come and join
us to look into the future of cyber intelligence automation as Soltra takes you to the Edge with Edge 3.
10 • www.fsisac-summit.com
Managing the Threat Within: How Firms are Establishing Effective Insider Threat Programs
In today’s environment, firms need to effectively manage the risks that a malicious insider may pose. While
once considered bleeding edge, insider threat programs are now being established at firms of all sizes and, in
the not to distant future, will become the norm. Hear from a panel of experts who overcame the challenges of
establishing a program within their firm and what steps should be taken to establish and run one within your
firm.
Managing Third Party Risk: Building a Vendor Risk Management and Optimization Strategy Considering Risk,
Architectural Synergies and Business Logic
More than half of all security breaches originate from a third-party breach. With that being said, how can you
extend your internal security practices to your vendors and help reduce your organization’s risk? This session
will detail a proven, scalable five-step process that any organization can use to effectively manage vendor risk.
Attendees will hear case study examples and learn what does and doesn’t work in the real world.
Maturity Models in the Cyber Intelligence Space
As the field of Cybersecurity continues to grow and expand, maturity models are being examined as a means
of measuring against a standard. A number of them have been developed, some overlaping one another, some
examining different dimensions of our business, and sometimes crossing sectors. This panel discussion will
compare and contrast some of these models as presented by those that have worked with or developed them.
Measuring and Managing our Security Posture using the Cyber Defense Matrix
Last year, we unveiled the Cyber Defense Matrix (see the “Understanding the Security Vendor Landscape”
briefing from May 2015). This year, we’ll showcase several more use cases of the Cyber Defense Matrix, including
how we track our controls, new initiatives, emerging threats and requirements, audit issues, design patterns,
and the overall technology portfolio.
No Operating System Found: Lessons from Actual Destructive Malware Attacks
A panel of three senior individuals in which include one each from Sony Pictures Entertainment (DM attack in
2014), The Las Vegas Sands Casino (DM attack in 2014), and Saudi Aramco (DM attack in 2012) will discuss what
a destructive malware attack really looks like and the challenges associated with working through it.
PCRE Workshop
Interactive workshop for developing PCREs.
Revealing the Top 10 Most Wanted FI Phone Scammers
Every day your customers are being targeted by phone scammers and impersonating financial institutions
to steal identities. New research from the presenting company shows that more than 50 percent of these
fraudulent robocalls come from just a few criminals. In this session, attendees will learn what we know about the
top 10 most prolific scammers, including audio recordings, phone numbers and techniques, and how FIs can
work with law to enforcement protect their customers and reputations.
Staying Ahead of Fraud: Using Analytics to Identify Emerging Fraudulent Schemes and Limit Losses
The diversity of payment types available has led to an increasing interest on behalf of cybercriminals to evolve
how they exploit payment systems for financial gain. Building on a presentation given at the Fall 2015 summit,
this session will explore how intelligence gleaned from the Darkweb can be combined with big data analytics
to identify new methods of fraud and develop the appropriate controls before significant losses are realized.
Success Stories from Intelligence-Driven Big Data Analytics for Cyber Security
DTCC has been leveraging machine learning (ML) driven Big Data analytics (BDA) as a potential complement to
the existing Cyber Security measures to combat cyber security threats. This presentation will discuss the lessons
learned from DTCC’s critical initiatives in operationalizing its BDA. It will include an overview of some successful
www.fsisac-summit.com • 11
use-case solutions and a detailed case study describing the application of ML algorithms to detect
network anomalies – where existing measures are incapable of detecting such anomalies.
The Co-Dependency Theory - Harmonized Approach to Security and Fraud
Security and fraud issues are often handled in silos. This results in conflicting priorities among business,
IT, security, fraud and compliance teams and missed opportunities. This presentation, through the
use of case studies, will make the case for a harmonized approach that will bring all the different
stakeholders together to address a common problem.
The Cyber Threat Landscape: How Financial Services Firms can Better Integrate Cybersecurity with
Fraud, ABAC, AML and Sanctions
Current landscape: financial crime is a top agenda item for the White House, regulators, and both the
boards and CEOs of major financial institutions. The future of cybersecurity, with cyberattacks on the
rise, is expected by experts to increase in security across industries.
Operational efficiency and regulations: how can organizations better integrate cybersecurity with the
financial crime pillars of fraud, anti-money laundering, sanctions and anti-bribery/anti-corruption?
The Quality of Your Security is No Secret
You can measure the information security quality of any company just by looking at it with no hacking,
no insider information, and no laws broken. The art is in knowing where to look and how to read what
you see. We’ll discuss how this is done and we’ll use the techniques to tour five big companies and
read about their security.
Third Party Economics
session descriptions
The cost of third party questionnaires, assessments, and follow ups impact all sectors when making sure
those who handle data have the appropriate control standards in place. This presentation will share
how to mature from process to risk profiling and provide a clear understanding on what risk mitigation
is necessary to mitigate vulnerabilities impacting industry landscapes.
Threat Hunting 101
Cyber attacks are becoming increasingly frequent as well as sophisticated and the traditional, reactive,
security monitoring approach has failed to keep up with them. There is a need for a change, a proactive
approach that allows cyber defense teams to engage and hunt for attackers hiding in the network. In
this session, the speaker will share experiences on implementing a cyber threat hunting program and
also recommendations on how to implement one.
Threats and Attacks: New Techniques for Detection and Mitigation (How Does it Work?)
Endpoint threat detection and monitoring:
1. Before (historical opportunities and challenges, geography, distributed sites)
2. During (mid deployment benefits, challenges, experiences, immediate benefits gained)
3. After (post-deployment organizational improvements, visibility enhancements, forensic capabilities,
infections over time, software blocking, hunting skills)
4. Lessons learned (design, implementation, operations, forensics, IR and overall visibility to reduce
risk, what surprises did we encounter?, what would we do differently?)
Training Like You Fight: How to Take an Adversary-Driven Approach to Testing the Business
Conventional technology asset security assessment methodologies and technologies have been utilized
during much of the past decade. They have been and remain dependent on technologies and principles
which fail to innovate at the pace of the adversary and do not contemplate the value of technology
as a business asset, or the nature of the business itself. While automated tools exist, common place
12 • www.fsisac-summit.com
assessment methodologies play an important part of the vulnerability assessment cycle, more controversial assetrisk and intelligence-driven security assessments are better at hitting home at the real business consequences of
technical deficiencies and must play a key role in today’s financial services organizations.
This session will discuss the fundamental framework for such a methodology and the role that adversary
intelligence plays in not just identification of threats within a SOC environment, but the identification of
potentially previously unforeseen, highly consequential threats to business. Further, the presenters will discuss
experiences implementing such methodologies within complex financial services organizations.
“Trust But Verify” - Building an Effective Internal Pen-Testing Function
Many organizations have built internal red-teams focused on performing penetration testing and vulnerability
assessments. However, by simply recreating the processes used by third party assessors, many miss out on the
vast array of opportunities these teams can afford an organization. In this presentation, we will walk through some
of the opportunities and approaches for building a results based, metrics-driven internal penetration testing team.
Using the FFIEC Cybersecurity Assessment Tool to Update Security Strategy
FS-ISAC Members will present a practical approach to using the FFIEC Cybersecurity Assessment tool to update
and communicate security program needs to the Board. The session will focus on using the tool’s modern
capability descriptions to assess needs, communicate maturity gaps and obtain support for improvements.
Why is Email Still the #1 Vector for Cyber-Criminals? It’s Time for a Holistic Approach to Securing Email
Despite the growing investment in cyber security technology, 2016 again promises to be the year of the email
cyber-criminal. Phishing campaigns that targeted consumers cost financial institutions over $4.5B last year with no
end in sight. Join the speakers as they share experiences and lessons learned in the ongoing battle for secured
trust in the email channel, and explain how technology is evolving to allow a holistic approach to email security.
Why Your Current Data Protection Program Isn’t Sufficient
To maintain compliance with increasingly complex regulations (SOX, GLBA, PCI 3.0 and many more), organizations
are adopting data protection solutions like Data Loss Prevention, Format Preserving Encryption, Data Classification,
and Database Activity Monitoring. However these solutions have limited uses, require extensive resources to
configure, deploy and operate, and fail to address the dynamic nature of data in which include:
• How to build a sustainable data protection program
• How to engage business leads
• What “analytics” really means
* We apologize to all Affiliate Members, Affiliate Board Advisors, and Sponsors who are not permitted
to attend members only and technical forum sessions, which will be announced at a future date.
FS-ISAC Spring Summit 2015 | Loews Miami Beach Hotel
www.fsisac-summit.com • 13
Join us for complimentary snacks and refreshments, and a technology showcase where the
latest technical innovations in cyber-awareness, proactive security and defense will be on
display. In this relaxed setting, attendees may select up to three solutions they’d like to see.
These information-packed 15 minute sessions will be presented by technology experts from
our solution providers, will be use-case driven and will be tailored to the unique needs of
FS-ISAC members.
Advanced Malware Remediation and Protection Strategies | Malwarebytes
An Evolving Security Landscape – Security Patterns in the Cloud | Amazon Web Services
Banks vs. Bots: Deflecting Automated Attacks on Websites | Shape Security
BrandProtect: How Programmatic Cyber Threat Correlation Increases Cyber Security Effectiveness |
BrandProtect
Compromised Credentials and Insider Threats in the Data Tier | DB Networks
Cyber Risk: Quantification, Analysis, and Reporting | FourV Systems
Don’t Just Stop Fraud: Improve Customer Experience with Behavioral Biometrics | NuData Security Inc.
Endpoint Security: Protecting Financial Institutions’ Crown Jewels | Carbon Black
Following Criminals Down the Fraud Funnel | Fox-IT
If Your DLP failed, Would You Know It? | LemonFish
Making the Best Use of Your Incident Responders | Cybereason
Mobility Predictions for 2016 and Beyond…And the Related Security Implications | Citrix
solutions showcases
Modern, Scalable Fraud-centric Case Management | Easy Solutions
Next Generation Endpoint Security - The Next Security Frontier | CrowdStrike
Operationalizing Behavior Analytics in Financial Services for Cyberattack Detection and Prevention |
Interset
Protect Your King: The Key to Maintaining Control of Your Business | CyberArk
Protecting Sensitive Data -- from Desktop to Mobile to Cloud | TITUS
Runtime Application Self Protection (RASP): Accurate and Effective Security with No Application
Downtime | Waratek
Security Automation & Orchestration | Phantom Cyber
Speedy Detection of DNS-based Data Exfiltration Using Behavioral Analytics | Prelert, Inc.
The A,B,C’s of Runtime Language Security | Prevoty
“The Big Data Problem” – Dissecting the Anatomy of One of the World’s Largest Attacks on the
FinServ Industry | Intel Security
The Hunt is On: Automating the Hunt for Committed Cyber Adversaries | Endgame
The Synack Approach: Where Security Meets Reality | Synack
Turning Employee Worst Cyber Security Practices into Best Practices | KnowBe4
14 • www.fsisac-summit.com
* The Silver Solution Showcase is closed to non-Silver Sponsors.
agenda
Agenda is subject to change. For an up-to-date agenda, visit www.fsisac-summit.com/spring-agenda
Sunday, May 1
12:00 - 5:00 pm
4:00 - 6:00 pm
6:00 - 7:00 pm
7:00 - 9:00 pm
Monday, May 2
8:00 am - 9:00 pm
8:00 - 9:00 am
8:30 - 10:00 am
9:00 am - 12:00 pm
12:00 - 1:00 pm
1:00 - 4:30 pm
3:00 - 6:00 pm
5:00 - 6:00 pm
6:00 - 7:00 pm
7:00 - 9:00 pm
9:00 - 11:00 pm
Tuesday, May 3
7:00 am - 7:00 pm
7:00 - 8:00 am
8:00 - 8:15 am
8:15 - 9:00 am
9:00 - 9:30 am
9:30 - 10:15 am
10:15 - 11:15 am
11:30 am - 12:30 pm
12:30 - 1:45 pm
1:45 - 2:45 pm
3:00 - 4:00 pm
4:15 - 5:15 pm
5:15 - 6:15 pm
6:15 - 9:00 pm
Wednesday, May 4
7:00 am - 5:30 pm
7:00 - 8:00 am
8:00 - 8:15 am
8:15 - 8:45 am
8:45 - 9:15 am
9:30 - 10:30 am
10:30 - 11:00 am
11:00 am - 12:00 pm
11:00 am - 5:00 pm
12:00 - 1:00 pm
1:00 - 2:00 pm
2:15 - 3:15 pm
3:30 - 4:00 pm
4:00 - 5:30 pm
7:00 - 9:00 pm
Poolside Cabanas
Early Registration
Opening Welcome Reception
Sponsored Member Dinners*
Member Registration
Board and Member Breakfast*
Board Meeting*
Members Only Technical Forum*
Members Only Lunch*
Members Only Meeting*
Sponsor Registration and Sponsor Hall Set-up
Solutions Showcase*
Networking Reception in Sponsor Hall
Beach Blast Dinner
After Hours Dessert Hospitality Suite
Registration
Breakfast
Opening Remarks
Keynote Session
General Session
Networking Break in Sponsor Hall
Concurrent Breakouts
Concurrent Breakouts
Birds of a Feather Lunch
Concurrent Breakouts
Concurrent Breakouts
Solutions Showcase*
Networking Reception in Sponsor Hall
Sponsor Dine Around
Registration
Breakfast
Opening Remarks
General Session
General Session
Concurrent Breakouts
Networking Break in Sponsor Hall
Concurrent Breakouts
Sponsor Hall Teardown
Luncheon
Solutions Showcase*
Concurrent Breakouts
General Session
Closing Jeopardy Reception
Sponsored Member Dinners (closed to all non platinum sponsors)
*closed to Sponsor Attendees with the exception of companies approved for presenting at the event
www.fsisac-summit.com • 15