A SecurityWeek Event

A VIRTUAL EVENT FOR 2022

An Exclusive Executive Forum Focused on
Information Security Leadership and Strategy

September 13-14, 2022

2021 CISO Forum Presented by

https://www.cisoforum.com/wp-content/uploads/2021/08/Cisco-Secure-Logo.png

2021 Diamond Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/Synack_Logo-300x76-1.jpeg
https://www.cisoforum.com/wp-content/uploads/2020/09/Palo_Alto-Networks-logo.png

2021 Platinum Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/Okta_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Recorded_Future-Logo-wide.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Beyond_Identity-logo-320x144.png

2021 Gold Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/Proofpoint-Logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Eclypsium_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/synopsys_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Corel_logo.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Abnormal-Security.png
https://www.cisoforum.com/wp-content/uploads/2021/08/Cymulate_Logo.jpg
https://www.cisoforum.com/wp-content/uploads/2021/08/ReversingLabs_logo.png

Silver Sponsors

https://www.cisoforum.com/wp-content/uploads/2021/08/VirusTotal.png

2021 CISO Forum

SecurityWeek’s CISO Forum takes place annually at the beautiful Ritz-Carlton, Half Moon Bay, which has served as the venue of the forum since 2014.

Given the global situation resulting from the COVID-19 pandemic, SecurityWeek’s 2021 CISO Forum, Presented by Cisco, will take place virtually. Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, specific zones & sponsor booths.

This  event is designed for security leaders to discuss, share and learn information security strategies. (Register)

Visit Here for the Latest Event Updates for the Virtual Edition

An Exclusive Executive Forum Focused on Cybersecurity Leadership and Strategy

September 14-15, 2021
Virtual Event – View Event Website

Throughout this two-day virtual event, sessions will have a strong focus on participation from CISOs in panel discussions along with talks from industry experts, analysts and other end users, and thought leadership, strategy and technical sessions.

Topics Include:

  • Fireside Chat: Adrian Stone: VP, CISO at Peloton
  • Winning Hearts and Minds on the Board
  • Designing and Architecting Security for a Hybrid World
  • CISO Panel: Navigating SBOMs and Supply Chain Security Transparency
  • Panel: CISO’s Guide to Building a Security Dream Team
  • Panel: The Top 5 Priorities of the Modern CISO
  • Defenders Playbook for Attack Simulation and Security Posture Validation
  • Virtual Expo and Networking
  • Identity-Focused Security for Your Zero Trust Journey
  • Winning Hearts and Minds on the Board
  • Securing Our Cloud Environment Against Hackers
  • Key Insights to Prevent Never-Before-Seen Cyber Attacks
  • SASE Industry Trends
  • Measuring Security and Building Trust with Leadership: Enabling Transformation Through Testing
  • How DevOps Can Make AppSec Testing Seamless
  • Addressing Sophisticated Supply Chain Attacks Head On with No Source Code Required
  • Much more! – Add to Calendar

Through a cutting-edge platform, attendees will be able to interact with speakers and sponsors, and visit networking lounges, subject-specific discussion areas, and sponsor booths in a virtual expo hall.

Adrian Stone

Adrian Stone

Peloton
VP, CISO

Anne Marie Zettlemoyer

Anne Marie Zettlemoyer

Mastercard
VP, Security Engineering

Caleb Sima

Caleb Sima

Robinhood
CISO

Allan Friedman

Allan Friedman (Invited)

Cybersecurity and Infrastructure Security Agency (CISA)
SBOM Champion

Summer Craze Fowler

Summer Craze Fowler

Argo AI
CISO/CIO

Fredrick Lee

Fredrick ‘Flee’ Lee

Gusto
Chief Security Officer

Shaila Shankar

Shaila Shankar

Cisco
SVP and General Manager of Cisco Cloud Network and Security

Jonathan Jaffe

Jonathan Jaffe

Lemonade
CISO

Aanchal Gupta

Aanchal Gupta

Microsoft
VP, Azure Security

Lena Smart

Lena Smart

MongoDB
CISO

Sounil Yu

Sounil Yu

JupiterOne
CISO

Theresa Payton

Theresa Payton

Former White House CIO
Star of CBS TV series, “Hunted”, and Leading Cybersecurity Expert

https://www.cisoforum.com/wp-content/uploads/2015/12/halfmoonbay.jpeg

HALF MOON BAY, CA

Ritz-Carlton

September 24-26, 2019

Address

1 Miramontes Point Rd, Half Moon Bay, CA 94019

Phone

+ 1 (650) 712-7000

CISO Survey Shows Importance of Threat Hunting in the Finance Sector

05/22/2018 0

Attackers Hide in Plain Sight as Threat Hunting Lags

(Kevin Townsend – SecurityWeek) – The finance sector has one of the most robust cybersecurity postures in industry. It is heavily regulated, frequently attacked, and well-resourced — but not immune to cybercriminals. Ninety percent of financial institutions were targeted by ransomware alone in the past 12 months.

Endpoint protection firm Carbon Black surveyed the CISOs of 40 major financial institutions during April 2018 to understand how the finance sector is attacked and what concerns its defenders. Two things most stand out: nearly half (44%) of financial institutions are concerned about the security posture of their technology service providers (TSPs — the supply chain); and despite their resources, only 37% have established threat hunting teams.

Concern over the supply chain is not surprising. Cybercriminals are increasingly attacking third-parties (who may be less well-protected or have their own security issues) to gain access to the primary target. The Federal Deposit Insurance Corporation (FDIC) is also concerned about the supply chain, and has developed an examination process that includes reviewing public information about the TSPs and their software.

One of the areas that concerns the FDIC is consolidation within the service provider industry. “For example,” it notes, “a flawed acquisition strategy may weaken the financial condition of the acquirer, or a poorly planned integration could heighten operational or security risk.”

Carbon Black recommends that this potential risk be countered by hunt teams and defenders closely assessing their TSP security posture. But, it adds, “Given that 63% of financial institutions have yet to establish threat hunting teams, there should be concern regarding limited visibility into exposure created by TSPs.”

But it also considers threat hunting to be important in detecting direct attacks. There are two primary reasons. The first is the increasing tendency for attackers to use fileless attacks that are not easily detected by standard technology; and the second is a growing willingness for attackers to engage in counter-countermeasures; that is, to counter the defender’s incident response.

Fileless attacks are increasing across all industry sectors. A typical attack might involve a Flash vulnerability. Flash invokes PowerShell, feeding instructions via the command line. PowerShell then connects to a stealth C&C server, from where it downloads a more extensive PowerShell script that performs the attack. All of this is done in memory — no malware file is downloaded and there is nothing for traditional technology defenses to detect.

“Active threat hunting,” says Carbon Black, “puts defenders ‘on the offensive’ rather than simply reacting to the deluge of daily alerts.” It “aims to find abnormal activity on servers and endpoints that may be signs of compromise, intrusion or exfiltration of data. Though the concept of threat hunting isn’t new, for many organizations the very idea of threat hunting is.”

But the need for threat hunting goes beyond simple detection of intrusion. “Attackers are able to go off their scripts while defenders are sticking to manual and automated playbooks,” warns Carbon Black. “These playbooks are generally based off simple indicators of compromise (IoCs). As a result, security teams are often left thinking they have disrupted the attacker but, with counter incident response, attackers maintain the upper hand.”

Compounding this, attackers are beginning to incorporate a secondary command and control in case one is discovered or disrupted. Carbon Black notes that this tactic has already been found in 10% of victims, and predicts it is a tactic that will grow in future months. The principal is that an attacker’s ability to improvise and change directions at speed is best countered by a human defender rather than simply a pre-programmed set of incident response steps.

“Financial institutions,” suggests Carbon Black, “should aim to improve situational awareness and visibility into the more advanced attacker movements post breach. This must be accompanied with a tactical paradigm shift from prevention to detection. The increasing attack surface, coupled with the utilization of advanced tactics, has allowed attackers to become invisible. Decreasing dwell time is the true return on investment for any cybersecurity program.”

In reality, of course, this does not just apply to the finance sector. The same evolving methodology is being used by attackers across all industry sectors. The need for threat hunting is not limited to finance. “All sectors should take heed,” Carbon Black chief cybersecurity officer Tom Kellerman told SecurityWeek. “Generally speaking, financial services tend to be the most secure as they’ve come under attack with high-profile attack campaigns in recent years.” The implication is that if the finance sector is slow to switch to active threat hunting, other sectors will be slower.

In April 2018, Carbon Black filed an S-1 registration statement with the U.S. Securities and Exchange Commission (SEC) for a proposed initial public offering (IPO) of its common stock. Shares of the company (NASDAQ: CBLK) jumped 26% on its first day of trading on May 4. The company has a market capitalization of nearly $1.6 billion at the time of publishing. The company emerged in its current form after its purchase by Bit9 in February 2014.


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe for Event News