Insider Risk Management Solutions Forum

Conceptualized and intended for security and risk leaders tasked with managing the growing insider risk challenge. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the cultural, operational and security challenges associated with a hybrid workforce, employee anxiety and turnover, increasing social espionage and insider recruitment and user behavior monitoring against the rising demand for privacy.

Attendees will gain valuable lessons on how to design, build and operationalize insider risk management programs to detect malicious and compromised insiders, prevent data loss, monitor servers and packaged applications, and enrich SOC operations with ‘Indicators of Intent’ that improve accuracy and mean time to event resolution.

Insider_Risk_Management_Solutions_Forum.jpg

Sponsor

DTEX_NewLogo_Positive_RGB.png

Agenda

Timeline (EDT)

Description

11:00 AM
Opening Remarks

Conceptualized and intended for security and risk leaders tasked with managing the growing insider risk challenge. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the cultural, operational and security challenges associated with a hybrid workforce, employee anxiety and turnover, increasing social espionage and insider recruitment and user behavior monitoring against the rising demand for privacy.

Attendees will gain valuable lessons on how to design, build and operationalize insider risk management programs to detect malicious and compromised insiders, prevent data loss, monitor servers and packaged applications, and enrich SOC operations with ‘Indicators of Intent’ that improve accuracy and mean time to event resolution.

Jake Williams, SANS Instructor

11:15 AM
Optimizing the SOC with Zero Trust & Insider Threat Intelligence

Employees are NOT the weakest link - their activity is simply invisible to most SOC teams. Why? Because firewalls, windows log files, IOCs from EDRs do not capture the meta-data that tells the story of - and verifies - how, when, why and where humans drive interactions with endpoints, servers, data and applications.

Join James Young, Security Strategist with Splunk as he explores Zero-Trust, the Next-Gen SOC, and Internal Threat Intelligence. Specifically James will examine and detail:

  • Zero-Trust & SOC Transformation
  • SOC enrichment use cases such as anomaly detection, peer group profiling automation, user logic correlation and behavioral risk scoring

James Young, Security Strategist, Splunk, Inc. 

11:45 AM

Practitioners Panel: Defending Critical Infrastructure & Operations from Insider Risks

There is strength in numbers. Insider Risks, Remote Worker Protection, Compromised Credentials are risks facing every practitioner, cyber leader, organization, and industry. The more we can learn from each other, the stronger and more secure we will be.

Listen as your peers from leading financial services, pharmaceutical, retail and utility enterprises discuss their experience designing, implementing, and managing an insider risk program including the politics, the relationships, the coordination, the processes and yes, the technology.

Moderator:
Mohan Koo, Co-Founder & CTO, Dtex

Panelists:
Scott Rossi, Head of IT Security Engineering, Gilead Sciences
Jason Koler, Sr. Manager, Cyber Security Incident Response Team, Eaton Corporation
Jack Sinclair, Intelligence Capability Lead, NBN Australia
Jake Williams
, SANS Instructor

12:30 PM

Break

12:45 PM

Insider Protection: How a Formula 1 Racing Team Wins with a Remote Workforce

Remote working is new to a lot of organizations, but not to Williams F1 Racing. Like all Formula 1 race teams, Williams Racing employs dozens of engineers and mechanics who travel with the cars to events. These are the people jumping the wall in pit lane, refueling the cars, changing tires, and making adjustments. However, most of the team is not on the track. Williams employs over 650 people who contribute to the team’s success.

And Williams does more than just win races. Williams develops proprietary technology through Williams Advanced Engineering that is sold to manufacturers of commercial and personal vehicles. Williams’ innovation applies Formula 1 technology to hybrid supercars, including the world’s largest hydrogen powered mine truck.

Join Graeme Hackland, CIO with Williams F1, to learn how Williams has applied Insider Risk Intelligence technology to keep its employees, equipment and IP safe as they travel the globe and work remotely.

Specifically, you’ll learn:

  • How Williams has baselined employee activities, discovered anomalies, and prevented data loss and IP theft
  • Best Practices you can use to assess your organizations current insider threat and employee monitoring capabilities.

Graeme Hackland, Chief Information Officer, Williams Racing

1:15 PM

MITRE: Remote-Worker Cyber Indicators of Malicious Insider Threat: A Live Experiment in Employees Stealing Information

Recognizing a lack of behavior-based data to understand escalating insider threats, coupled with an over-reliance on cyber indicators derived from limited case studies, members of the Australian Cyber Collaboration Centre (A3C) – MITRE and DTEX – partnered to conduct a data-driven study of the modern Insider Threat landscape. The challenge lies in identifying characteristics of malicious users, determining which characteristics differentiate malicious from benign users (validated indicators) and identifying automated detectors of those indicators. This research explored how remote-working employees search, collect and exfiltrate real data on a live corporate network and how their behavior was affected by their Intention (malicious vs. benign intent) and Technical Expertise (expertise agnostic vs. advanced technical expertise).

In this presentation, insider threat researchers and practitioners will share the data-driven validated cyber indicators of real malicious remote-workers searching, collecting and removing data from a live corporate network. It will also present the reusable methodology for evaluating insider threat cyber technologies, red-teaming insider risk programs, and highlight the importance of leveraging the behavioral sciences to build more effective insider risk detection capabilities.

Dr. Deanna Caputo from The MITRE Corporation will brief select Five Eyes Critical Infrastructure organizations headquartered in the Five Eyes countries on the findings of this unique study beginning in July through September 2021.

Dr. Deanna Caputo, Chief Scientist for Behavioral Sciences and Cyber Security, The MITRE Corporation

2:15 PM

The State of Insider Risk - What’s Working, What’s Not and Why?

A challenge every organization face is protecting their sensitive information from insider threats while not infringing on employees’ privacy in the workplace. In this session, Larry Ponemon and Rajan Koo will review findings from the 2021 Workforce Privacy & Risk Report which surveyed 1,249 IT and IT security practitioners in North America, Western Europe and Australia/New Zealand familiar with their organizations’ approach to securing sensitive information and reducing workforce risks.

Larry and Rajan will reveal the report’s findings specific to insider risk detection programs and responsibilities, technology efficacy and monitoring techniques as well as practitioners’ intelligence on why insider risks continue to plaque organizations with mature cyber-security infrastructures. The session will conclude with an overview of the Insider Threat Kill Chain and ‘left of boom’ activities that signal an emerging threat.

Dr. Larry Ponemon, President & Principal Analyst, The Ponemon Institute
Rajan Koo
, SVP of Customer Engineering, Dtex

2:45 PM

Closing Remarks

Jake Williams, SANS Instructor