Agenda
Timeline (EDT) | Description |
---|---|
11:00 AM | Opening RemarksConceptualized and intended for security and risk leaders tasked with managing the growing insider risk challenge. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the cultural, operational and security challenges associated with a hybrid workforce, employee anxiety and turnover, increasing social espionage and insider recruitment and user behavior monitoring against the rising demand for privacy. Attendees will gain valuable lessons on how to design, build and operationalize insider risk management programs to detect malicious and compromised insiders, prevent data loss, monitor servers and packaged applications, and enrich SOC operations with ‘Indicators of Intent’ that improve accuracy and mean time to event resolution. Jake Williams, SANS Instructor |
11:15 AM | Optimizing the SOC with Zero Trust & Insider Threat IntelligenceEmployees are NOT the weakest link - their activity is simply invisible to most SOC teams. Why? Because firewalls, windows log files, IOCs from EDRs do not capture the meta-data that tells the story of - and verifies - how, when, why and where humans drive interactions with endpoints, servers, data and applications. Join James Young, Security Strategist with Splunk as he explores Zero-Trust, the Next-Gen SOC, and Internal Threat Intelligence. Specifically James will examine and detail:
James Young, Security Strategist, Splunk, Inc. |
11:45 AM | Practitioners Panel: Defending Critical Infrastructure & Operations from Insider RisksThere is strength in numbers. Insider Risks, Remote Worker Protection, Compromised Credentials are risks facing every practitioner, cyber leader, organization, and industry. The more we can learn from each other, the stronger and more secure we will be. Listen as your peers from leading financial services, pharmaceutical, retail and utility enterprises discuss their experience designing, implementing, and managing an insider risk program including the politics, the relationships, the coordination, the processes and yes, the technology. Moderator: Panelists: |
12:30 PM | Break |
12:45 PM | Insider Protection: How a Formula 1 Racing Team Wins with a Remote WorkforceRemote working is new to a lot of organizations, but not to Williams F1 Racing. Like all Formula 1 race teams, Williams Racing employs dozens of engineers and mechanics who travel with the cars to events. These are the people jumping the wall in pit lane, refueling the cars, changing tires, and making adjustments. However, most of the team is not on the track. Williams employs over 650 people who contribute to the team’s success. And Williams does more than just win races. Williams develops proprietary technology through Williams Advanced Engineering that is sold to manufacturers of commercial and personal vehicles. Williams’ innovation applies Formula 1 technology to hybrid supercars, including the world’s largest hydrogen powered mine truck. Join Graeme Hackland, CIO with Williams F1, to learn how Williams has applied Insider Risk Intelligence technology to keep its employees, equipment and IP safe as they travel the globe and work remotely. Specifically, you’ll learn:
Graeme Hackland, Chief Information Officer, Williams Racing |
1:15 PM | MITRE: Remote-Worker Cyber Indicators of Malicious Insider Threat: A Live Experiment in Employees Stealing InformationRecognizing a lack of behavior-based data to understand escalating insider threats, coupled with an over-reliance on cyber indicators derived from limited case studies, members of the Australian Cyber Collaboration Centre (A3C) – MITRE and DTEX – partnered to conduct a data-driven study of the modern Insider Threat landscape. The challenge lies in identifying characteristics of malicious users, determining which characteristics differentiate malicious from benign users (validated indicators) and identifying automated detectors of those indicators. This research explored how remote-working employees search, collect and exfiltrate real data on a live corporate network and how their behavior was affected by their Intention (malicious vs. benign intent) and Technical Expertise (expertise agnostic vs. advanced technical expertise). In this presentation, insider threat researchers and practitioners will share the data-driven validated cyber indicators of real malicious remote-workers searching, collecting and removing data from a live corporate network. It will also present the reusable methodology for evaluating insider threat cyber technologies, red-teaming insider risk programs, and highlight the importance of leveraging the behavioral sciences to build more effective insider risk detection capabilities. Dr. Deanna Caputo from The MITRE Corporation will brief select Five Eyes Critical Infrastructure organizations headquartered in the Five Eyes countries on the findings of this unique study beginning in July through September 2021. Dr. Deanna Caputo, Chief Scientist for Behavioral Sciences and Cyber Security, The MITRE Corporation |
2:15 PM | The State of Insider Risk - What’s Working, What’s Not and Why?A challenge every organization face is protecting their sensitive information from insider threats while not infringing on employees’ privacy in the workplace. In this session, Larry Ponemon and Rajan Koo will review findings from the 2021 Workforce Privacy & Risk Report which surveyed 1,249 IT and IT security practitioners in North America, Western Europe and Australia/New Zealand familiar with their organizations’ approach to securing sensitive information and reducing workforce risks. Larry and Rajan will reveal the report’s findings specific to insider risk detection programs and responsibilities, technology efficacy and monitoring techniques as well as practitioners’ intelligence on why insider risks continue to plaque organizations with mature cyber-security infrastructures. The session will conclude with an overview of the Insider Threat Kill Chain and ‘left of boom’ activities that signal an emerging threat. Dr. Larry Ponemon, President & Principal Analyst, The Ponemon Institute |
2:45 PM | Closing RemarksJake Williams, SANS Instructor |