Agenda | Friday, December 3, 2021 | 9:00 AM - 4:15 PM EST
Timeline (EST) | Session Details |
---|---|
9:00 AM | Welcome & Opening RemarksIsmael Valenzuela, SANS Instructor |
9:15 AM | Zero Trust Access: Steps for Securing the EnterpriseAs much as we’d like to believe that enforcing a Zero Trust security strategy is the silver bullet for all our cyber security woes, most security experts recognize that it is not the be-all end-all solution. However, adopting a Zero Trust “mindset” is a necessity in today’s hybrid world and serves as a critical step on the path to making your organization as secure as it can be. In this session, we will cover the essential steps to implementing Zero Trust from an identity perspective, in order to increase security, while at the same time, enabling the business. Stuart Sharp, VP, Business and Product Strategy, OneLogin, Inc. |
9:50 AM | Delivering the Zero Trust EnterpriseDigital transformation is accelerating due to major shifts like the expansion of the hybrid workforce and the continued migration of applications and data to the cloud. Network security teams now have the opportunity to adopt a modern Zero Trust approach that fits this transformation. But how do you make Zero Trust principles actionable across users, applications and infrastructure? Palo Alto Networks can help you put them into practice, set priorities, and effectively rebuild security for new environments. Learn about the three pillars of Zero Trust: users, applications and infrastructure and how we can help you develop a holistic and consistent approach to Zero Trust that can be made actionable across all three of these key domains. We will also review various use cases across the organization and how we can support you with our unique blend of the highest level of capabilities, an integrated platform, and extensive in-house expertise around Zero Trust. Paul Kaspian, Manager, Palo Alto Networks |
10:25 AM | Our Zero Trust Journey: Lessons for Success & Dodging PitfallsMany vendors are jumping on the Zero Trust bandwagon, touting potential benefits and implementation paths; but how many have implemented the strategy themselves? Stop talking hypotheticals and start talking about real experiences. LogRhythm’s CSO James Carder —who began implementing Zero Trust in 2017 — will give a realistic view of the process, sharing his successes and failures over the past four years. Attend this session and you will discover:
James Carder, CISO, LogRhythm |
11:00 AM | Break |
11:15 AM | Enforcing Least Privilege Access in Cloud Infrastructure with CIEMOrganizations often grant overly permissive privileges to users and services that are often unused. This level of access increases your attack surface, enabling adversaries to hack into the cloud and perform malicious activity. Deep visibility across all cloud entitlements and permissions, as well as a Zero Trust approach to managing cloud permissions with least privilege access are key elements of your cloud security strategy. In this session, we will cover how to:
Alba Ferri, Security Product, Sysdig |
11:50 AM | Reconfiguring OT Networks for Zero TrustThis is a practical guide to reconfiguring OT networks and the procedures that surround them to meet the spirit, as well as the letter, of zero trust guidelines (which, for this talk, we’ll define as NIST 800-207). We will use three case studies to ground this talk:
If there are particular scenarios you want to be sure get covered, please reach out to Ian (ian@dispel.com) in advance to let him know. Ian Schmertzler, President, Dispel |
12:25 PM | Certificate Deployment and Management for IoT DevicesCertificates and PKI are vital for enabling a Zero Trust model, yet for IoT devices and their associated applications many barriers exist in deploying and managing certificates for IoT. There is growing urgency for IoT devices and applications to follow a Zero Trust model, with vulnerabilities aimed at IoT devices on the rise, successful breaches using IoT increasing, and older forms of attacks focused on traditional IT systems (like man-in-the-middle) using IoT devices. This presentation will highlight issues most organizations will encounter in using certificates for IoT, including:
David Nelson-Gal, CTO & CISO, Viakoo |
1:00 PM | Identity Centric Zero Trust for the Win!Zero Trust as a concept for decades but only recently has emerged as a strategic security priority for enterprises. This trend is out of necessity as workloads continue to shift to the cloud, the rise in the number of devices, and a majority of work being done outside of the traditional offices. As organizations embark on the Zero Trust journey, one thing is clear: the role of identity is crucial to success. Frustrated and/or intrigued by all the Zero Trust hype, join us for a session covering the important but also most practical aspects of a Zero Trust strategy drawing on our experience in the large enterprise. We’ll argue for placing identity at the core of your efforts to enable both security and productivity for your employees. And we’ll also cover the other important pillars and integrations of a Zero Trust ecosystem where the rubber meets the road:
Aubrey Turner, Executive Advisor, Ping Identity |
1:35 PM | Break |
1:50 PM | Transforming Your Organization with Zero Trust PrinciplesEmbracing zero trust requires a shift in both mindset and a shift in how you manage capabilities across your environment. At the core of a zero trust approach is the idea that implicit trust in any single component of a complex, interconnected system can create significant security risks. Instead, trust needs to be established via multiple mechanisms and continuously verified. Google has applied a zero trust approach to most aspects of our operations - internally and with our customers. Join this session to learn how you can apply zero trust principles in your organization and understand zero trust architectures for different use cases across secure collaboration, secure analytics, and secure development. Ilya Beynenson, Customer Engineer, Security Specialist, Google Cloud |
2:25 PM | Can You Trust Your Zero-Trust with Only Privilege Access Security?Many organizations that have or are in the process of implementing zero-trust initiatives are dealing with a drastically growing remote workforce while they are already shifting to cloud-hosted infrastructures, applications, and services. Adding to the complexity are encryption initiatives and often blind trust of non-human identities for automation and security. It's quickly apparent that the traditional privilege access security approaches for both endpoint and network security are insufficient. This session will discuss the importance of implementing least-privilege micro-segmentation with continuous network discovery, monitoring, and validation to govern policy, increase visibility to the network edge, and establish a comprehensive zero-trust program. Nick Hunter, Sr. Technical Product Manager, Corelight |
3:00 PM | Securing the Hybrid Workforce: How to Establish Trust in a Zero Trust WorldIt's no longer news that we need to support and secure increasingly distributed organizations. As companies look for long-term solutions for their hybrid and fully remote workforces, one thing is clear - identity is the new perimeter for businesses today. An identity-first approach to security reduces today's cybersecurity risks and provides the foundation for a zero trust security strategy. A modern Identity solution can also help you tie the complexities of protecting people and assets together in a seamless way.
Ryan Terry, Sr. Solutions Product Manager, Okta |
3:35 PM | How to Optimize the SOC with Zero Trust & Insider Threat Intelligence in 30 Days or LessEmployees are NOT the weakest link ~ their activity is simply invisible to most SOC teams. Why? Because firewalls, windows log files, IOCs from EDRs do not capture the meta-data that tells the story of – and verifies - how, when, why and where humans drive interactions with endpoints, servers, data and applications. Join us to explore Zero-Trust, the Next-Gen SOC, and Internal Threat Intelligence. We'll examine and detail:
James Young,
Security Strategist
Splunk, Inc. |
4:10 PM | Wrap-UpIsmael Valenzuela, SANS Instructor |