Employing Automation, Standards, and Threat Intelligence I
Facebook X LinkedIn

Employing Automation, Standards, and Threat Intelligence I

Combined Session
Tuesday, October 08, 2019 15:45—16:45
Location: Holeman Lounge

Rethinking the Future of Identity with Zero Trust

As companies continue to move to the cloud and house more and more data online, the number of vulnerable endpoints for cybercriminals to target has expanded exponentially. We need a paradigm shift in cybersecurity, and that’s doable through a Zero Trust security approach, supported by machine learning and AI.

In this session, Corey Williams will discuss the importance of Zero Trust security, backed by cutting edge AI and machine learning technology to make security postures truly watertight. Governments, private businesses, and other organizations need to get ahead of the curve and adopt Zero Trust security, today.

As companies continue to move to the cloud and house more and more data online, the number of vulnerable endpoints for cybercriminals to target has expanded exponentially. The cybersecurity industry has seen tremendous growth over the last decade – it's estimated that companies spent more than $120 billion on cybersecurity in 2018 to prevent attacks. But it's no longer just about technology and individual solutions. We need a paradigm shift in cybersecurity, and that's doable through a Zero Trust security approach, supported by machine learning and AI.

Today, 81% of data breaches occur as a result of compromised credentials, making Zero Trust the best way to prevent against attacks. While there's a lot of diversity in the IAM space regarding technology and product offerings, there's one issue where experts are starting to agree – the future of identity lies with a Zero Trust approach to security, and needs to be backed by automation and AI to preempt security vulnerabilities. Vendors, consultants, and IT professionals are all singing the praises of Zero Trust, and what was once a buzzword is slowly moving from hype to reality.

But what does that all mean for CISO? In this session, Idaptive VP of Strategy Corey Williams discusses the pillars of Zero Trust, and why it's so important for individuals, companies, and other entities to adopt a Zero Trust security approach. Corey will discuss some cutting-edge technologies from around the industry that're making Zero Trust possible – from machine learning to advanced cloud-based analytics.

Corey will walk through several case studies of Zero Trust in practice, describing how companies have taken big steps across an entire organization to holistically defend against breaches. Corey will pay special attention to healthcare and finance industries, who are typically more vulnerable, given they safeguard troves of sensitive user data. But the steps they've taken to secure that data represents a shift in approach towards never trusting and always verifying, on the heels of massive consumer data breaches over the last five years.

Corey Williams, armed with 20 years in the industry and backed up by recent industry data and analyst reports, will make the case for Zero Trust, and what's next in the cybersecurity industry in the coming decade. Ultimately, Corey will demonstrate how, for public and private organizations, Zero Trust security is becoming a real, tangible concept.

Key take-aways:

Rethinking the Future of Identity with Zero Trust
Presentation deck
Rethinking the Future of Identity with Zero Trust
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Corey Williams
Corey Williams
Idaptive
Corey is the Vice President of Strategy and lead evangelist for Idaptive, leading provider of Next-Gen Access which protects organizations from breaches through a Zero Trust approach. Corey served...

Security Automation and Adaptive Cyber Defense Strategies for Success - Experiences from the Financial Sector

This presentation will examine the findings of a doctoral study into the strategies cybersecurity professionals need to reduce the gap between the attacker's time to compromise and the defender's time to detect and respond. This is an opportunity to learn from the experiences of cybersecurity professionals within the financial services industry who have implemented or are implementing security automation.

The session will cover strategies to ensure success, challenges faced, use cases implemented, and benefits from security automation and adaptive defense methods. The conceptual framework for this doctoral study proposed using automation and intelligence sharing to speed the detection of and response to cyber attacks while using deception and adaptive defense methods to slow the attack. It was determined that defenders must address both sides of the equation to narrow the gap between the attackers time to compromise and the defenders time to respond.

This presentation examines findings of a doctoral study into the strategies cybersecurity professionals need to reduce the gap between the attacker's time to compromise and the defender's time to detect and respond. This is an opportunity to learn from the experiences of cybersecurity professionals within the financial services industry who have implemented or are implementing security automation. The exploratory qualitative study used semi-structured interviews to collect information from 10 participants with cybersecurity experience in the financial services sector, including analysts, engineers, senior management, and CISOs. An iterative open-coding process was used to analyze the data, from which the following six themes emerged: (a) use of automation in security operations, (b) benefits of security automation, (c) requirements for successful security automation, (d) use of intelligence sharing in security operations, (e) minimal use of deception and automated response, and (f) impediments to effective intelligence sharing.

Cyber defenders must improve detection and response times to help counter the increasing cyber threats. Recent advances and research into security orchestration and adaptive cyber defenses seek to lessen the advantage enjoyed by the attackers. The leading research addresses the problem through three major concepts: (a) community sharing of security intelligence, (b) automation and orchestration of security responses, and (c) the use of adaptive cyber defenses. This study explored the strategies that cybersecurity professionals within the financial services industry can employ to improve cyber defenses using automation, intelligence sharing, deception, and adaptive response.

Cyber attackers enjoy a significant advantage over the defenders in cyber conflict. The attackers' advantage stems from multiple issues, including the asymmetry of cyber conflict, the increased sophistication of cyber attacks, the speed and number of attacks, and a global shortage of cybersecurity talent. Current human-centered cyber defense practices cannot keep pace with the threats targeting financial services organizations. Cyber defenders must address both sides of the equation to narrow the gap between the attackers' time to compromise and the defenders' time to respond. An integrated approach involving security orchestration, automated response, information sharing, and advanced defense methods can reduce the competitive gap between attackers and defenders. The conceptual framework for this study proposed using automation and intelligence sharing to speed the detection of and response to cyber attacks while using deception and adaptive defense methods to slow the attack. By addressing both sides of the equation (the speed of defense and the speed of attack), the framework sought to decrease the attacker's advantage.

The study identified several strategies that cybersecurity professionals in the financial sector could employ. These strategies include focusing on quick wins when implementing security automation, using automation to mitigate data quality and relevancy concerns with intelligence sharing, and developing trust in automated response methods. The findings of this study support the need for and benefits of security automation. There are many use cases for security automation in the financial sector. Further, the financial sector can derive significant benefits from automation.

The findings show that financial institutions actively participate in intelligence sharing; however, several impediments to effective intelligence sharing exist. The main concerns with intelligence feeds relate to the quality of the data, the relevance of the data, and the recency or currency of the indicators. Cybersecurity professionals in the financial services industry could use a security automation strategy to help address each of these impediments to effective intelligence sharing. The findings suggest that the use of deception and automated response methods may not be prevalent within the financial sector. However, there is a strong interest in the future use of deception and automated response methods. The most significant challenge to overcome related to automated responses is developing trust and support by demonstrating that the automation is taking the correct action. Also, cybersecurity professionals need to consider how to counter or undo incorrect actions taken by automation.

Key take-aways:

Security Automation and Adaptive Cyber Defense Strategies for Success - Experiences from the Financial Sector
Presentation deck
Security Automation and Adaptive Cyber Defense Strategies for Success - Experiences from the Financial Sector
Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.
Dr. Donnie Wendt
Dr. Donnie Wendt
Mastercard
Dr. Donnie Wendt is a Principal Security Researcher for Mastercard. In this role, Donnie researches the latest security threats, technologies, products, services, and innovations to drive the...
Subscribe for updates
Please provide your email address