10
FS-ISAC Fall Summit Washington Marriott Wardman Park October 13-16, 2014 Washington DC 2014 www.fsisac.com www.fsisac-summit.com Fall Summit FS-ISAC Platinum Sponsors
FS-ISACFall Summit2014 FI
RS
T C
LAS
S
U.S
. Po
STA
ge
PAID
PeR
mIT
No
. 10
SP
eNC
eR, I
N
ReT
UR
N S
eRVI
Ce
ReQ
UeS
TeD
Gold
Spo
nsor
s
1202
0 Su
nris
e Va
lley
Dr.
Suite
230
| R
esto
n, V
A 2
0191
AgariAirWatch by VMwareBattelle Memorial InstituteBioCatchCipherCloudCSG InternationalCXOWARE, Inc.CyberArk
CylanceGuardian AnalyticsImpervaNetskopeNorthrop Grumman CorporationShape SecurityThreatTrack SecurityTriumfantVorstack
gold
silver
platinum
Save 36% to 54% off the registration price!
FS-ISAC Affiliation Early Bird (before or on 9/23/14)
Standard Registration (after 9/23/14)
Premier/Platinum/Gold Member FREE FREE
Non-Member/CNOP Member $895 $1,750
Basic/Core Member $795 $1,500
Standard/BITS Member $795 $1,250
Government $795 $795
Registration includes all sessions, meals and events during the conference.
If you are a Premier, Gold or Platinum FS-ISAC member and have never attended a FS-ISAC event, please contact [email protected] before registering so that you can be set up in the system to receive a complimentary registration.
Conference Registration CancellationsCancellations are subject to a $50 administrative fee. NO REFUNDS will be made for cancellations received after October 1, 2014. Email [email protected] for more information or to cancel.
PLEASE NOTE: The FS-ISAC Fall Summit restricts attendance to actual practitioners in the financial services space. Security marketing and sales staff, consultants and recruiters cannot attend without sponsoring.
Washington Marriott Wardman Hotel2660 Woodley Road NW | Washington, DC, 20008-4106(202) 328-2000 | www.marriott.com/hotels/travel/wasdt-washington-marriott-wardman-park
The FS-ISAC has reserved a block of sleeping rooms at the Washington Marriott Wardman Park at a rate of $259 per night (plus tax). Please make sure to reserve your room before the cut–off date of Saturday, September 20, 2014. To make your reservation please call 877-212-5752 or use the group’s private reservation page: http://tinyurl.com/os4a565. If you are calling in, be sure to mention you are a part of the FS-ISAC 2014 Fall Annual Summit to receive the group rate.
Transportation
The hotel is located about 7 miles northwest of the Ronald Reagan Washington National Airport-DCA ($1.70 subway fee and $30.00 taxi fare) and about 24 miles east of the Washington Dulles International Airport- IAD ($60.00 taxi fare). For more information and driving directions please visit www.marriott.com/hotels/fact-sheet/travel/wasdt-washington-marriott-wardman-park.
regi
stra
tion
loca
tion
Theresa PaytonCybersecurity Authority and Identity Theft Expert, Former White House CIO
Code Red: Protecting Your Enterprise and Securing Your Brand Online
Biography | The specter of a massive cyberattack is the most urgent concern confronting the nation’s information technology infrastructure today, an issue Theresa Payton understands better than anyone. Through the lens of years of experience in high-level private and public IT leadership roles, Payton delivers sought-after solutions that strengthen cyber-security measures and neutralize e-crime offenders.
Payton is one of America’s most respected authorities on Internet security, net crime, fraud mitigation, and technology implementation. As White House Chief Information Officer from
2006 to 2008 -- the first woman ever to hold that position -- she administered the information technology enterprise for the President and 3,000 staff members. Prior to working in federal government, Payton held executive roles in banking technology at Bank of America and Wells Fargo.
As founder of Fortalice, LLC, a security, risk, and fraud consulting company, she now lends her expertise to organizations large and small, helping them improve their information technology systems against emerging, amorphous cyber threats. In 2010, she was named by Security Magazine as one of the top 25 “Most Influential People in Security.” She serves as a cyber expert for the syndicated program America Now and is co-author of Protecting Your Internet Identity: Are You Naked Online?
Payton candidly equips audiences with far-reaching lessons on how to protect the growing millions who use the Internet daily as well as the organizations who are on the front lines of fending off rapidly evolving, infrastructure-crippling cyberattacks.
Who Should Attend?• CISO, CSO, CIO, CTO, or CRO• Head of Threat Intelligence• EVP, SVP, VP, and Director of these areas:
- Security Operations - Fraud - Investigations - Physical Security - Business Continuity- Audit & Compliance- Payment Risk Management- Payment Operations- Payment Line of Business Managers including
Online Banking and Online Treasury Management
Why Should You Attend?• Presentations by over three dozen senior
executive FS-ISAC members• Concrete take-aways including case studies and
best practices• Interactive sessions that allow for strategic and
solution-oriented discussion• Complimentary attendance for Premier and
above members - all meals and events during the conference are included
• Actionable information & sharing designed specifically for financial services institutions
FS-ISACFall Summit
Washington Marriott Wardman ParkOctober 13-16, 2014
Washington DC 2014
FS-IS
AC
2014
Fall
Sum
mit
Was
hing
ton
Mar
riott
War
dman
Par
k | O
ctob
er 1
3-16
, 201
4 | W
ashi
ngto
n DC
ww
w.fs
isac
.com
ww
w.fs
isac
-sum
mit.
com
keyn
ote
For more information, please visit www.fsisac-summit.com/fall-hotel-and-travel
www.fsisac.comwww.fsisac-summit.comFall Summit
FS-ISAC
Platinum Sponsors
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
FS-ISACFall Summit2014
On behalf of the FS-ISAC and the 2014 Fall Summit Planning Committee, I am very pleased to invite you to the 2014 FS-ISAC Fall Summit. Our various roles and responsibilities as professionals in information risk management and cyber security benefit from shared expertise as well as sharing our challenges. The dynamic nature of cyber security issues and solutions makes the connections we have as members of FS-ISAC invaluable. The pace of change – in our business environments, regulatory landscape and technology capabilities, among other things - as well as the need to respond to increasing global threats is supported by our sharing of knowledge, experience and solutions. In fact, I believe it is vital that we continue to share this information with our peers in order to increase our collective success to overcome cyber challenges.
This event would not be possible without support from our sponsors. Their presentations are an important component to this Falls’ Summit. Feedback from prior sessions was considered and all of the sponsor presentations were selected on merit alone – we’ve worked closely with them to ensure the information presented is topical and valuable. We encourage you to spend time with our sponsors in the exhibit hall and throughout the event.
You have continued to provide outstanding feedback on the CISO panels at previous Summits. We will again be including CISO panels with topics that are sure to be of interest to you as you approach 2015 (and beyond) strategic planning or will help you validate that you are focused on the right priorities. As always, member presentations make up the majority of our agenda and you won’t want to miss learning about the latest challenges that your peers are working on. I hope you are able to join me at the 2014 FS-ISAC Fall Summit at the Washington Marriott Wardman Park in our nation’s capital of Washington, D.C. to expand your peer networks and learn the latest, and best, practices to enable you to continue to be a successful information risk and cyber security professional.
Meg AndersonConference Chair for the 2014 FS-ISAC Fall Summit AVP & Chief Information Security Officer, Principal Financial Group
FS-ISAC MISSIon StAteMent The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Learn more at www.fsisac.com.
Register today at:
www.fsisac-summit.com
Monday, October 13, 2014
4:00 - 7:00 PM Member Registration
6:00 - 7:00 PM Opening Welcome Reception
7:00 - 9:00 PM Sponsored Member Dinners (Closed to sponsors)
Tuesday, October 14, 2014
8:00 AM - 9:00 PM Member Registration
8:00 - 9:00 AM Board Breakfast
9:00 - 10:00 AM Board Meeting
9:00 AM - 12:00 PM Members Technical Forum
12:00 - 1:00 PM Board and Members Only Lunch
1:00 - 5:00 PM Members Only Meeting
3:00 - 6:00 PM Sponsor Registration and Exhibit Set-up
5:00 - 6:00 PM Silver Solutions Showcase General Session (closed to non-Silver Sponsors)
6:00 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Taste of Washington Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Wednesday, October 15, 2014
7:00 AM - 7:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 9:00 AM Keynote Session
9:00 - 9:30 AM General Session
9:30 - 10:00 AM Networking Break in Sponsor Hall
10:00 - 11:00 AM Concurrent Breakouts
11:15 AM - 12:15 PM Concurrent Breakouts
12:15 - 1:30 PM Birds of a Feather Lunch
1:30 - 2:30 PM Concurrent Breakouts
2:30 - 3:00 PM Networking Break in Sponsor Hall
3:00 - 4:00 PM Concurrent Breakouts
4:15 - 5:15 PM Silver Solutions Showcase Reception (closed to non-Silver Sponsors)
5:15 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Event Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Thursday, October 16
7:00 AM - 6:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 8:45 AM General Session
8:45 - 9:15 AM General Session
9:30 - 10:30 AM Concurrent Breakouts
10:30 - 11:00 AM Networking Break in Sponsor Hall
11:00 AM - 12:00 PM Concurrent Breakouts
12:00 - 1:15 PM Luncheon
1:15 - 2:15 PM Silver Solutions Showcase Desserts (closed to non-Silver Sponsors)
2:30 - 3:30 PM Concurrent Breakouts
3:30 - 4:00 PM Networking Break in Sponsor Hall
4:00 - 4:45 PM Members Key Topics Closing Panel
4:45 - 5:00 PM Closing Remarks and Conference Wrap Up
5:00 - 6:00 PM Conference Close Reception in Sponsor Hall
7:00 - 9:00 PM Sponsored Member Dinners (Closed to non-Platinum Sponsors)
Agenda subject to change. For an up to date agenda, visit www.fsisac-summit.com/fall-agenda
“ ”this conference is one of the most relevant to my profession.
Great organization, great networking, and very well done.2013 AttenDee
Identity As the new Perimeter of Defense: Automating Anonymized Shared trust Intelligence to Reduce Friction and Protect Against third Party Data Breaches and Malware | Recent major data breaches have compromised the identities of tens of millions of Americans and is now threatening financial institutions. ThreatMetrix Chief Products Officer, Alisdair Faulkner, will analyze how stolen identities from data breaches, malware attacks, and compromised devices are being used against financial institutions. Faulkner will:
• Compare account takeover, botnet and malware attack trends across mobile and Web channels. • Use real-life case studies showing how companies have increased security without compromising on privacy. • Learn new use-cases and new ways that financial institutions have reduced friction and step-up challenges for trusted users
through advanced context-based security approaches.
Pursuing Modern-day Dillinger Gangs: the Application of threat Intelligence to Cybercrime Syndicates | During the Great Depression, the Dillinger gang robbed dozens of banks, alluded capture and created fear and distrust in the US banking industry. Today, a new band of thieves is wreaking havoc within the industry – cybercriminals. The speaker will describe the evolution of bank heists in cyberspace and corresponding techniques in money laundering. He will provide proactive guidance on tactics and technologies that can be implemented to mitigate the risk of sophisticated cyberattack and manage reputational risk in 2014. Hear detailed accounts of recent Russian and Brazilian attacks and the lessons that can be drawn from these events.
Advanced threat Detection | To combat today’s cyber-threats you need faster and more accurate threat detection. This session will describe how to reduce the time between actual breach and discovery. Learn how to leverage your system state data to create threat intelligence and answer some fundamental questions:
• Are we prioritizing the high-risk breach alerts for business critical assets?• Are there other events of interest or risky changes to business critical systems? • Are we able to drill-down for root-cause analysis and forensics?• Do we have Threat Intelligence to understand the nature and severity of the breach alerts?
top Five Strategies for Upgrading your Security Posture | Sophisticated cyber-attacks, breaches and disclosures are becoming the norm. Attendees will learn five ways to upgrade their security posture to meet today’s challenges. Our network speeds are increasing, data is migrating to clouds, more data needs to be shared, and employees are bringing devices to work. The bad guys are playing a smarter game and we must transform our behavior. Takeaways include how to:
1. Transform Data into Intelligence2. Subscribe to a Threat Modeling Culture3. Transform to the Next Generation Security Model4. Align Security Initiatives with Business Requirements5. Develop a Culture of Security Inclusion and Accountability
enriching Internet threat Intelligence With Web Scale Data | An underemphasized element of an organization’s security response capability is the value of threat intelligence. Many countermeasures and solutions defend against portions of the threat space, but active attackers are numerous. Effective detection and response against an evolving array of threats requires specific intelligence and data about attacker activity and infrastructure. The SAWG’s Cyber Intelligence Repository (Avalanche) provides a valuable basis for establishing and building upon this intelligence data. This presentation focuses on extending and enriching threat intelligence data by leveraging existing datasets to provide improved threat identification and support incident response.
APIs and Aggregators - How do they Fit together? | We plan to share the current risk landscape between Financial Institutions and Aggregators on how customer data is shared and managed. This will be the output of the Aggregator workgroup that has had multiple FI participation and Aggregators as well. We will be sharing the framework defined by the workgroup how to secure the connection between FI and Aggregator. Also share the checklist what FIs should do to use the framework by using API’s and OAuth standards to secure data transmission. We will be sharing how to make the FIs in total control of credentials and authentication with their customers.
Citi’s Cyber Security Fusion Center | In July 2014, Citi opened the Cyber Security Fusion Center (CSFC) in Warren, NJ. The CSFC is a collaborative work space that includes teams from Citi’s Global Information Security and Citi’s Security & Investigation Services organizations and includes intelligence analysts, investigators, response teams, vulnerability assessors, malware researchers and security incident managers. The CSFC will reduce response time to security incidents, enhance feedback to internal controls, increase awareness of emerging threats and improve understanding of vulnerabilities. The session will describe CSFC goals and objectives, provide a glimpse into lessons learned from the first few months of operation and next steps.
When Confidentiality is Compromised: Security Protocols Best Practices | Practical exploitation of cryptographic weaknesses is a topic of growing concern for every enterprise. Breakthroughs in the academic crypto community and the lack of proper secure coding practices in widely used projects already proved that a major breakdown of internet’s confidentiality controls is not a matter of “if” but a matter of “when”. This presentation will review some of the most recent cases related to security protocol flaws, best practices, and cryptografic standards that should be proactively phased out. The presentation will conclude with some pragmatic recommendations on how to prepare against future incidents.
Vendor Security Risk Management - How to Handle the new normal | Many financial institutions have significant numbers of relationships with third party service providers. Many of these relationships involve the sharing of sensitive customer information that must be protected. Vendor Security Risk Management is an important program to help companies ensure that all shared data is being protected in an acceptable manner while minimizing the cost impact on service providers. As one who plays both roles, I will share useful Lessons Learned and “ready to implement” ideas about how to improve this process as both a service provider and as the vendor manager.
Real World Case Studies of the Kill Chain Methodology to All Aspects of threat Intelligence | The Kill Chain has been written about and implemented in many large organizations around the world but how has the Financial Sector implemented this methodology and what is it being used for. This session will provide information on Kill Chain implementations from a Financial and an external sector point of view. The session will also give the attendee insight into what is next for the methodology.
Information and Cyber Security: Community Institution Challenges | A discussion on the range of Information and Cybersecurity challenges facing community-sized institutions today and strategy for risk mitigation.
the Brick & Mortar Cyber Attack Vector | Amazon’s EC2 Cloud’s worst downtime experience occurred in July 2012. The cause was failure of components that control the backup generation at one of its major data centers. That center, like all modern buildings, utilizes specialized facility level computer systems to operate building electricity/lighting/HVAC/doors/gates/locks/security cameras, water distribution, elevators, and backup generation. Yet these systems are frequently less secured than their IT counterparts. This session will present specific incidents where building systems were compromised. A cyber attack on a physical model light grid using real automated controllers is demonstrated. Methods for improving security in this area will be outlined.
target: Financial Industry | When targeted adversaries go to work, they develop a “”target package”” on their intended victim(s). This presentation will be offered from an adversarial perspective. We will walk the audience through the process of building a professional, intelligence-driven targeting package on the financial community, starting at a high level, and working down to the planned attack, damage assessment, and metrics of mission effectiveness.
new Financial Domains: the Security threat and opportunities | ICANN, the Internet Corporation for Assigned Names and Numbers, has opened up a new round of top level domains the net result being over 1400 new potential domains. While our industry will operate .bank and .insurance, the many other new financial domains will create customer confusion as well as security concerns. This session will focus on how institutions can position themselves to address this new Internet world. Learn how .bank and .insurance will be designed to serve the global financial industry and the implications of a much broader Internet space.
Strategies for extending Security Controls to the Cloud | Cloud is driving the biggest transformation in IT/Security since the introduction of the personal computer 30 years ago. As more corporate data lives outside of the company, the existing security infrastructure designed to protect the perimeter is increasingly ineffective. At the same time, IT Security is more important than ever. The stakes are higher and the game is harder as attacks are well funded and better organized. This presentation offers one perspective on how to extend your security controls to the cloud so you can enable cloud services while protecting the business and it’s data in the new Cloud era.
the Future of Convergence: Securing the Internet of things | By 2020, the world will be home to 50 billion connected devices and 3.4×10^38 unique IP addresses. The exponential rise of the Internet of Things poses both challenges and opportunities for the convergence of physical and cyber security. With five connected devices per person by 2017, security professionals have the ability to more precisely determine access and movement in campus environments. Specifically, professionals can safely and privately identify electromagnetic signatures from IoT to protect an enterprise’s most important assets –its people. This interactive session will use augmented reality to explore the critical role IoT will play in holistic security management.
Protecting Financial Services in the evolving Global economy | Hear from a panel of experts for their perspectives on:
• Government Policy• Active Defense in the Financial Community
• The Timeline for Action• Legal and Other Frameworks for Managing Risk
Cybercrime - Who is the Cat and who is the Mouse? | Cybercriminals are constantly perfecting attacks and are deploying new tools and techniques that help them take over bank accounts. The security industry on the other hand is fighting back deploying new security solutions – but who is winning this battle? Join this session and cast your vote – who is the cat and who is the mouse? In this session Etay Maor (representing the attacker) and Marc Van Zadelhoff (representing the banks) will battle it out – showcasing multiple attack/defend scenarios the audience will participate and cast their vote.
Developer-friendly Strategies to Ban Avoidable open Source Risk | Are your AppSec practices prepared to scale with your development practices? With agile development comes a dramatic increase in the use of open-source components to fuel innovation and speed development. Unfortunately, components with known vulnerabilities continue to be used long after a fix is released. Why? Join this session to gain insight from a four-year study on AppSec practices related to open source development. Learn what Aetna and others are doing to address security at the heart of their software development lifecycle to maintain accurate application bill-of-materials, help developers make informed decisions, and implement developer-friendly governance to quickly address defects.
SpearPhishing Hackers: tables turned | An average enterprise generates more than 10,000 security related events per day and up to 150,000 (Dambella). Yet 50% of breaches take MONTHS or longer to discover (Verizon). At any time in an enterprise, more than half are still undiscovered. Organizations are accepting the fact that despite their best efforts security breaches are unavoidable (Breach Level Index). This presentation proposes a new paradigm where hackers start looking over their shoulders. This paradigm draws from the body of knowledge developed through intelligence and defense, and applies them to stop the unknown and undetected threats.
Proactive Fraud Prevention that Actually Improves the User experience | Transaction monitoring and anomaly detection force financial institutions to depend on reactive fraud detection that relies solely on symptoms of suspected fraud. A conclusive understanding of the hygiene of the endpoint and a continuous frictionless authentication of the end user allows institutions to instead employ a proactive fraud prevention system that enables decisions to be made on the session even before the user has fully entered their credentials. The conclusiveness and continuity of this fraud prevention approach allows for the optimal user experience, ensures security, and minimizes reliance on invasive authentication methods.
More Malware, Less Malware | This highly technical talk will explore the in-depth functionality of malware leveraged by attackers over the last twelve months to penetrate networks, escalate privileges, maintain persistence, establish command and control channels, and harvest data and ultimately exfiltrate data. This talk will also explore malicious activity perpetrated by attackers without the use of malware.
Four Cyber Security Innovations to Give You Courage | I will discuss and present four cyber security innovations that not only work but will fundamentally change how we will all do our jobs in the future. Some in our community are leaning forward with these ideas and showing us the way. They are teaching us how to transform our tactical Incident Response teams into strategic intelligence organizations. They are changing our old-school thinking of deploying tactical defenses into modern Kill-Chain and Indicators-of-Compromise methodology. They are breaking new ground on how to share threat information. Finally, they are adopting next generation security technology to replace the very old last generation.
the Hidden Value in Spear-phishing email Content | When attempting to automate the analysis of attachments and analyze URLs, our engineers naturally focus on finding malware, while at the same time attackers look for new and clever ways to obfuscate the
malware. While we may be thinking that we are incrementally building a better mouse trap, perhaps we’ve been running on a hamster wheel. This presentation will focus on the cost the attacker bears to pull off a spear-phishing attack and examine the email story used to lure its victims. Perhaps we can use the attackers’ lack of creativity against them?
Cross Channel, Cross enterprise Fraud and the need for Collaboration | Account takeover fraud is increasing as organized fraudsters use a combination of phone and online tools to setup and execute attacks. Fraudsters move between the online and phone worlds, calling both call centers and consumers. Furthermore, they’re working across institutions, with reconnaissance and attacks on multiple targets. In this panel, fraud and security leaders from Bank of America, E*Trade and TD Ameritrade will discuss the technical and organizational changes and the collaboration required to stem cross-channel and cross-institution attacks. Issues include regulatory and privacy concerns of data sharing, logistics, tools already in place such as CYFIN and how they work.
Case Study - Uncovering Beyond Just the Malware | Threats are evolving on a continuous basis. In this presentation, Symantec will share a case study of a threat that has recently been gaining traction in specific markets, and holds the potential of impacting a large number of users and steal information which leads to monetary loss. During this talk we will showcase the MO behind operating the threat, the malware’s details, possible attribution of actors involved, infrastructure used, and share potential impact to victims.se
ssio
ns
Applying Math to Security to Stop Advanced Persistent threats
Authenticating the Mind
Blitzkrieg email Attacks: Criminals are evading email Security and How to Stop It
BluVector Cyber Intelligence Platform
Countering DDoS: Banking on a Solution that Works
Detecting and Remedying What others Can’t: Intro to triumfant’s endpoint Solution and Memory Process Scanner
Discover, Protect, Monitor your Sensitive Data in the Cloud
How Much Less Risk Will We Have If...?
Mapping Dark Web Communities
new techniques to Block Aggregators and Bots
Securing and enabling Mobility for Financial Institutions
Privileged threat Analytics: Analyze the Right Data, not All the Data
Protecting Your Institution from Unauthorized Access with Behavioral Analytics
Shadow It Doesn’t Have to Be Shady; Cloud Security You Can Bank on
the need for Speed
Under Cyber Fire – Defending Financial Firms from Advanced Cyber threats
Unlock threat Intelligence Value with Automation and Collaborationsilv
er s
olut
ions
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
FS-ISACFall Summit2014 FI
RS
T C
LAS
S
U.S
. Po
STA
ge
PAID
PeR
mIT
No
. 10
SP
eNC
eR, I
N
ReT
UR
N S
eRVI
Ce
ReQ
UeS
TeD
Gold
Spo
nsor
s
1202
0 Su
nris
e Va
lley
Dr.
Suite
230
| R
esto
n, V
A 2
0191
AgariAirWatch by VMwareBattelle Memorial InstituteBioCatchCipherCloudCSG InternationalCXOWARE, Inc.CyberArk
CylanceGuardian AnalyticsImpervaNetskopeNorthrop Grumman CorporationShape SecurityThreatTrack SecurityTriumfantVorstack
gold
silver
platinum
Save 36% to 54% off the registration price!
FS-ISAC Affiliation Early Bird (before or on 9/23/14)
Standard Registration (after 9/23/14)
Premier/Platinum/Gold Member FREE FREE
Non-Member/CNOP Member $895 $1,750
Basic/Core Member $795 $1,500
Standard/BITS Member $795 $1,250
Government $795 $795
Registration includes all sessions, meals and events during the conference.
If you are a Premier, Gold or Platinum FS-ISAC member and have never attended a FS-ISAC event, please contact [email protected] before registering so that you can be set up in the system to receive a complimentary registration.
Conference Registration CancellationsCancellations are subject to a $50 administrative fee. NO REFUNDS will be made for cancellations received after October 1, 2014. Email [email protected] for more information or to cancel.
PLEASE NOTE: The FS-ISAC Fall Summit restricts attendance to actual practitioners in the financial services space. Security marketing and sales staff, consultants and recruiters cannot attend without sponsoring.
Washington Marriott Wardman Hotel2660 Woodley Road NW | Washington, DC, 20008-4106(202) 328-2000 | www.marriott.com/hotels/travel/wasdt-washington-marriott-wardman-park
The FS-ISAC has reserved a block of sleeping rooms at the Washington Marriott Wardman Park at a rate of $259 per night (plus tax). Please make sure to reserve your room before the cut–off date of Saturday, September 20, 2014. To make your reservation please call 877-212-5752 or use the group’s private reservation page: http://tinyurl.com/os4a565. If you are calling in, be sure to mention you are a part of the FS-ISAC 2014 Fall Annual Summit to receive the group rate.
Transportation
The hotel is located about 7 miles northwest of the Ronald Reagan Washington National Airport-DCA ($1.70 subway fee and $30.00 taxi fare) and about 24 miles east of the Washington Dulles International Airport- IAD ($60.00 taxi fare). For more information and driving directions please visit www.marriott.com/hotels/fact-sheet/travel/wasdt-washington-marriott-wardman-park.
regi
stra
tion
loca
tion
Theresa PaytonCybersecurity Authority and Identity Theft Expert, Former White House CIO
Code Red: Protecting Your Enterprise and Securing Your Brand Online
Biography | The specter of a massive cyberattack is the most urgent concern confronting the nation’s information technology infrastructure today, an issue Theresa Payton understands better than anyone. Through the lens of years of experience in high-level private and public IT leadership roles, Payton delivers sought-after solutions that strengthen cyber-security measures and neutralize e-crime offenders.
Payton is one of America’s most respected authorities on Internet security, net crime, fraud mitigation, and technology implementation. As White House Chief Information Officer from
2006 to 2008 -- the first woman ever to hold that position -- she administered the information technology enterprise for the President and 3,000 staff members. Prior to working in federal government, Payton held executive roles in banking technology at Bank of America and Wells Fargo.
As founder of Fortalice, LLC, a security, risk, and fraud consulting company, she now lends her expertise to organizations large and small, helping them improve their information technology systems against emerging, amorphous cyber threats. In 2010, she was named by Security Magazine as one of the top 25 “Most Influential People in Security.” She serves as a cyber expert for the syndicated program America Now and is co-author of Protecting Your Internet Identity: Are You Naked Online?
Payton candidly equips audiences with far-reaching lessons on how to protect the growing millions who use the Internet daily as well as the organizations who are on the front lines of fending off rapidly evolving, infrastructure-crippling cyberattacks.
Who Should Attend?• CISO, CSO, CIO, CTO, or CRO• Head of Threat Intelligence• EVP, SVP, VP, and Director of these areas:
- Security Operations - Fraud - Investigations - Physical Security - Business Continuity- Audit & Compliance- Payment Risk Management- Payment Operations- Payment Line of Business Managers including
Online Banking and Online Treasury Management
Why Should You Attend?• Presentations by over three dozen senior
executive FS-ISAC members• Concrete take-aways including case studies and
best practices• Interactive sessions that allow for strategic and
solution-oriented discussion• Complimentary attendance for Premier and
above members - all meals and events during the conference are included
• Actionable information & sharing designed specifically for financial services institutions
FS-ISACFall Summit
Washington Marriott Wardman ParkOctober 13-16, 2014
Washington DC 2014
FS-IS
AC
2014
Fall
Sum
mit
Was
hing
ton
Mar
riott
War
dman
Par
k | O
ctob
er 1
3-16
, 201
4 | W
ashi
ngto
n DC
ww
w.fs
isac
.com
ww
w.fs
isac
-sum
mit.
com
keyn
ote
For more information, please visit www.fsisac-summit.com/fall-hotel-and-travel
www.fsisac.comwww.fsisac-summit.comFall Summit
FS-ISAC
Platinum Sponsors
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
FS-ISACFall Summit2014 FI
RS
T C
LAS
S
U.S
. Po
STA
ge
PAID
PeR
mIT
No
. 10
SP
eNC
eR, I
N
ReT
UR
N S
eRVI
Ce
ReQ
UeS
TeD
Gold
Spo
nsor
s
1202
0 Su
nris
e Va
lley
Dr.
Suite
230
| R
esto
n, V
A 2
0191
AgariAirWatch by VMwareBattelle Memorial InstituteBioCatchCipherCloudCSG InternationalCXOWARE, Inc.CyberArk
CylanceGuardian AnalyticsImpervaNetskopeNorthrop Grumman CorporationShape SecurityThreatTrack SecurityTriumfantVorstack
gold
silver
platinum
Save 36% to 54% off the registration price!
FS-ISAC Affiliation Early Bird (before or on 9/23/14)
Standard Registration (after 9/23/14)
Premier/Platinum/Gold Member FREE FREE
Non-Member/CNOP Member $895 $1,750
Basic/Core Member $795 $1,500
Standard/BITS Member $795 $1,250
Government $795 $795
Registration includes all sessions, meals and events during the conference.
If you are a Premier, Gold or Platinum FS-ISAC member and have never attended a FS-ISAC event, please contact [email protected] before registering so that you can be set up in the system to receive a complimentary registration.
Conference Registration CancellationsCancellations are subject to a $50 administrative fee. NO REFUNDS will be made for cancellations received after October 1, 2014. Email [email protected] for more information or to cancel.
PLEASE NOTE: The FS-ISAC Fall Summit restricts attendance to actual practitioners in the financial services space. Security marketing and sales staff, consultants and recruiters cannot attend without sponsoring.
Washington Marriott Wardman Hotel2660 Woodley Road NW | Washington, DC, 20008-4106(202) 328-2000 | www.marriott.com/hotels/travel/wasdt-washington-marriott-wardman-park
The FS-ISAC has reserved a block of sleeping rooms at the Washington Marriott Wardman Park at a rate of $259 per night (plus tax). Please make sure to reserve your room before the cut–off date of Saturday, September 20, 2014. To make your reservation please call 877-212-5752 or use the group’s private reservation page: http://tinyurl.com/os4a565. If you are calling in, be sure to mention you are a part of the FS-ISAC 2014 Fall Annual Summit to receive the group rate.
Transportation
The hotel is located about 7 miles northwest of the Ronald Reagan Washington National Airport-DCA ($1.70 subway fee and $30.00 taxi fare) and about 24 miles east of the Washington Dulles International Airport- IAD ($60.00 taxi fare). For more information and driving directions please visit www.marriott.com/hotels/fact-sheet/travel/wasdt-washington-marriott-wardman-park.
regi
stra
tion
loca
tion
Theresa PaytonCybersecurity Authority and Identity Theft Expert, Former White House CIO
Code Red: Protecting Your Enterprise and Securing Your Brand Online
Biography | The specter of a massive cyberattack is the most urgent concern confronting the nation’s information technology infrastructure today, an issue Theresa Payton understands better than anyone. Through the lens of years of experience in high-level private and public IT leadership roles, Payton delivers sought-after solutions that strengthen cyber-security measures and neutralize e-crime offenders.
Payton is one of America’s most respected authorities on Internet security, net crime, fraud mitigation, and technology implementation. As White House Chief Information Officer from
2006 to 2008 -- the first woman ever to hold that position -- she administered the information technology enterprise for the President and 3,000 staff members. Prior to working in federal government, Payton held executive roles in banking technology at Bank of America and Wells Fargo.
As founder of Fortalice, LLC, a security, risk, and fraud consulting company, she now lends her expertise to organizations large and small, helping them improve their information technology systems against emerging, amorphous cyber threats. In 2010, she was named by Security Magazine as one of the top 25 “Most Influential People in Security.” She serves as a cyber expert for the syndicated program America Now and is co-author of Protecting Your Internet Identity: Are You Naked Online?
Payton candidly equips audiences with far-reaching lessons on how to protect the growing millions who use the Internet daily as well as the organizations who are on the front lines of fending off rapidly evolving, infrastructure-crippling cyberattacks.
Who Should Attend?• CISO, CSO, CIO, CTO, or CRO• Head of Threat Intelligence• EVP, SVP, VP, and Director of these areas:
- Security Operations - Fraud - Investigations - Physical Security - Business Continuity- Audit & Compliance- Payment Risk Management- Payment Operations- Payment Line of Business Managers including
Online Banking and Online Treasury Management
Why Should You Attend?• Presentations by over three dozen senior
executive FS-ISAC members• Concrete take-aways including case studies and
best practices• Interactive sessions that allow for strategic and
solution-oriented discussion• Complimentary attendance for Premier and
above members - all meals and events during the conference are included
• Actionable information & sharing designed specifically for financial services institutions
FS-ISACFall Summit
Washington Marriott Wardman ParkOctober 13-16, 2014
Washington DC 2014
FS-IS
AC
2014
Fall
Sum
mit
Was
hing
ton
Mar
riott
War
dman
Par
k | O
ctob
er 1
3-16
, 201
4 | W
ashi
ngto
n DC
ww
w.fs
isac
.com
ww
w.fs
isac
-sum
mit.
com
keyn
ote
For more information, please visit www.fsisac-summit.com/fall-hotel-and-travel
www.fsisac.comwww.fsisac-summit.comFall Summit
FS-ISAC
Platinum Sponsors
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
FS-ISACFall Summit2014 FI
RS
T C
LAS
S
U.S
. Po
STA
ge
PAID
PeR
mIT
No
. 10
SP
eNC
eR, I
N
ReT
UR
N S
eRVI
Ce
ReQ
UeS
TeD
Gold
Spo
nsor
s
1202
0 Su
nris
e Va
lley
Dr.
Suite
230
| R
esto
n, V
A 2
0191
AgariAirWatch by VMwareBattelle Memorial InstituteBioCatchCipherCloudCSG InternationalCXOWARE, Inc.CyberArk
CylanceGuardian AnalyticsImpervaNetskopeNorthrop Grumman CorporationShape SecurityThreatTrack SecurityTriumfantVorstack
gold
silver
platinum
Save 36% to 54% off the registration price!
FS-ISAC Affiliation Early Bird (before or on 9/23/14)
Standard Registration (after 9/23/14)
Premier/Platinum/Gold Member FREE FREE
Non-Member/CNOP Member $895 $1,750
Basic/Core Member $795 $1,500
Standard/BITS Member $795 $1,250
Government $795 $795
Registration includes all sessions, meals and events during the conference.
If you are a Premier, Gold or Platinum FS-ISAC member and have never attended a FS-ISAC event, please contact [email protected] before registering so that you can be set up in the system to receive a complimentary registration.
Conference Registration CancellationsCancellations are subject to a $50 administrative fee. NO REFUNDS will be made for cancellations received after October 1, 2014. Email [email protected] for more information or to cancel.
PLEASE NOTE: The FS-ISAC Fall Summit restricts attendance to actual practitioners in the financial services space. Security marketing and sales staff, consultants and recruiters cannot attend without sponsoring.
Washington Marriott Wardman Hotel2660 Woodley Road NW | Washington, DC, 20008-4106(202) 328-2000 | www.marriott.com/hotels/travel/wasdt-washington-marriott-wardman-park
The FS-ISAC has reserved a block of sleeping rooms at the Washington Marriott Wardman Park at a rate of $259 per night (plus tax). Please make sure to reserve your room before the cut–off date of Saturday, September 20, 2014. To make your reservation please call 877-212-5752 or use the group’s private reservation page: http://tinyurl.com/os4a565. If you are calling in, be sure to mention you are a part of the FS-ISAC 2014 Fall Annual Summit to receive the group rate.
Transportation
The hotel is located about 7 miles northwest of the Ronald Reagan Washington National Airport-DCA ($1.70 subway fee and $30.00 taxi fare) and about 24 miles east of the Washington Dulles International Airport- IAD ($60.00 taxi fare). For more information and driving directions please visit www.marriott.com/hotels/fact-sheet/travel/wasdt-washington-marriott-wardman-park.
regi
stra
tion
loca
tion
Theresa PaytonCybersecurity Authority and Identity Theft Expert, Former White House CIO
Code Red: Protecting Your Enterprise and Securing Your Brand Online
Biography | The specter of a massive cyberattack is the most urgent concern confronting the nation’s information technology infrastructure today, an issue Theresa Payton understands better than anyone. Through the lens of years of experience in high-level private and public IT leadership roles, Payton delivers sought-after solutions that strengthen cyber-security measures and neutralize e-crime offenders.
Payton is one of America’s most respected authorities on Internet security, net crime, fraud mitigation, and technology implementation. As White House Chief Information Officer from
2006 to 2008 -- the first woman ever to hold that position -- she administered the information technology enterprise for the President and 3,000 staff members. Prior to working in federal government, Payton held executive roles in banking technology at Bank of America and Wells Fargo.
As founder of Fortalice, LLC, a security, risk, and fraud consulting company, she now lends her expertise to organizations large and small, helping them improve their information technology systems against emerging, amorphous cyber threats. In 2010, she was named by Security Magazine as one of the top 25 “Most Influential People in Security.” She serves as a cyber expert for the syndicated program America Now and is co-author of Protecting Your Internet Identity: Are You Naked Online?
Payton candidly equips audiences with far-reaching lessons on how to protect the growing millions who use the Internet daily as well as the organizations who are on the front lines of fending off rapidly evolving, infrastructure-crippling cyberattacks.
Who Should Attend?• CISO, CSO, CIO, CTO, or CRO• Head of Threat Intelligence• EVP, SVP, VP, and Director of these areas:
- Security Operations - Fraud - Investigations - Physical Security - Business Continuity- Audit & Compliance- Payment Risk Management- Payment Operations- Payment Line of Business Managers including
Online Banking and Online Treasury Management
Why Should You Attend?• Presentations by over three dozen senior
executive FS-ISAC members• Concrete take-aways including case studies and
best practices• Interactive sessions that allow for strategic and
solution-oriented discussion• Complimentary attendance for Premier and
above members - all meals and events during the conference are included
• Actionable information & sharing designed specifically for financial services institutions
FS-ISACFall Summit
Washington Marriott Wardman ParkOctober 13-16, 2014
Washington DC 2014
FS-IS
AC
2014
Fall
Sum
mit
Was
hing
ton
Mar
riott
War
dman
Par
k | O
ctob
er 1
3-16
, 201
4 | W
ashi
ngto
n DC
ww
w.fs
isac
.com
ww
w.fs
isac
-sum
mit.
com
keyn
ote
For more information, please visit www.fsisac-summit.com/fall-hotel-and-travel
www.fsisac.comwww.fsisac-summit.comFall Summit
FS-ISAC
Platinum Sponsors
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
FS-ISACFall Summit2014
On behalf of the FS-ISAC and the 2014 Fall Summit Planning Committee, I am very pleased to invite you to the 2014 FS-ISAC Fall Summit. Our various roles and responsibilities as professionals in information risk management and cyber security benefit from shared expertise as well as sharing our challenges. The dynamic nature of cyber security issues and solutions makes the connections we have as members of FS-ISAC invaluable. The pace of change – in our business environments, regulatory landscape and technology capabilities, among other things - as well as the need to respond to increasing global threats is supported by our sharing of knowledge, experience and solutions. In fact, I believe it is vital that we continue to share this information with our peers in order to increase our collective success to overcome cyber challenges.
This event would not be possible without support from our sponsors. Their presentations are an important component to this Falls’ Summit. Feedback from prior sessions was considered and all of the sponsor presentations were selected on merit alone – we’ve worked closely with them to ensure the information presented is topical and valuable. We encourage you to spend time with our sponsors in the exhibit hall and throughout the event.
You have continued to provide outstanding feedback on the CISO panels at previous Summits. We will again be including CISO panels with topics that are sure to be of interest to you as you approach 2015 (and beyond) strategic planning or will help you validate that you are focused on the right priorities. As always, member presentations make up the majority of our agenda and you won’t want to miss learning about the latest challenges that your peers are working on. I hope you are able to join me at the 2014 FS-ISAC Fall Summit at the Washington Marriott Wardman Park in our nation’s capital of Washington, D.C. to expand your peer networks and learn the latest, and best, practices to enable you to continue to be a successful information risk and cyber security professional.
Meg AndersonConference Chair for the 2014 FS-ISAC Fall Summit AVP & Chief Information Security Officer, Principal Financial Group
FS-ISAC MISSIon StAteMent The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Learn more at www.fsisac.com.
Register today at:
www.fsisac-summit.com
Monday, October 13, 2014
4:00 - 7:00 PM Member Registration
6:00 - 7:00 PM Opening Welcome Reception
7:00 - 9:00 PM Sponsored Member Dinners (Closed to sponsors)
Tuesday, October 14, 2014
8:00 AM - 9:00 PM Member Registration
8:00 - 9:00 AM Board Breakfast
9:00 - 10:00 AM Board Meeting
9:00 AM - 12:00 PM Members Technical Forum
12:00 - 1:00 PM Board and Members Only Lunch
1:00 - 5:00 PM Members Only Meeting
3:00 - 6:00 PM Sponsor Registration and Exhibit Set-up
5:00 - 6:00 PM Silver Solutions Showcase General Session (closed to non-Silver Sponsors)
6:00 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Taste of Washington Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Wednesday, October 15, 2014
7:00 AM - 7:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 9:00 AM Keynote Session
9:00 - 9:30 AM General Session
9:30 - 10:00 AM Networking Break in Sponsor Hall
10:00 - 11:00 AM Concurrent Breakouts
11:15 AM - 12:15 PM Concurrent Breakouts
12:15 - 1:30 PM Birds of a Feather Lunch
1:30 - 2:30 PM Concurrent Breakouts
2:30 - 3:00 PM Networking Break in Sponsor Hall
3:00 - 4:00 PM Concurrent Breakouts
4:15 - 5:15 PM Silver Solutions Showcase Reception (closed to non-Silver Sponsors)
5:15 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Event Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Thursday, October 16
7:00 AM - 6:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 8:45 AM General Session
8:45 - 9:15 AM General Session
9:30 - 10:30 AM Concurrent Breakouts
10:30 - 11:00 AM Networking Break in Sponsor Hall
11:00 AM - 12:00 PM Concurrent Breakouts
12:00 - 1:15 PM Luncheon
1:15 - 2:15 PM Silver Solutions Showcase Desserts (closed to non-Silver Sponsors)
2:30 - 3:30 PM Concurrent Breakouts
3:30 - 4:00 PM Networking Break in Sponsor Hall
4:00 - 4:45 PM Members Key Topics Closing Panel
4:45 - 5:00 PM Closing Remarks and Conference Wrap Up
5:00 - 6:00 PM Conference Close Reception in Sponsor Hall
7:00 - 9:00 PM Sponsored Member Dinners (Closed to non-Platinum Sponsors)
Agenda subject to change. For an up to date agenda, visit www.fsisac-summit.com/fall-agenda
“ ”this conference is one of the most relevant to my profession.
Great organization, great networking, and very well done.2013 AttenDee
Identity As the new Perimeter of Defense: Automating Anonymized Shared trust Intelligence to Reduce Friction and Protect Against third Party Data Breaches and Malware | Recent major data breaches have compromised the identities of tens of millions of Americans and is now threatening financial institutions. ThreatMetrix Chief Products Officer, Alisdair Faulkner, will analyze how stolen identities from data breaches, malware attacks, and compromised devices are being used against financial institutions. Faulkner will:
• Compare account takeover, botnet and malware attack trends across mobile and Web channels. • Use real-life case studies showing how companies have increased security without compromising on privacy. • Learn new use-cases and new ways that financial institutions have reduced friction and step-up challenges for trusted users
through advanced context-based security approaches.
Pursuing Modern-day Dillinger Gangs: the Application of threat Intelligence to Cybercrime Syndicates | During the Great Depression, the Dillinger gang robbed dozens of banks, alluded capture and created fear and distrust in the US banking industry. Today, a new band of thieves is wreaking havoc within the industry – cybercriminals. The speaker will describe the evolution of bank heists in cyberspace and corresponding techniques in money laundering. He will provide proactive guidance on tactics and technologies that can be implemented to mitigate the risk of sophisticated cyberattack and manage reputational risk in 2014. Hear detailed accounts of recent Russian and Brazilian attacks and the lessons that can be drawn from these events.
Advanced threat Detection | To combat today’s cyber-threats you need faster and more accurate threat detection. This session will describe how to reduce the time between actual breach and discovery. Learn how to leverage your system state data to create threat intelligence and answer some fundamental questions:
• Are we prioritizing the high-risk breach alerts for business critical assets?• Are there other events of interest or risky changes to business critical systems? • Are we able to drill-down for root-cause analysis and forensics?• Do we have Threat Intelligence to understand the nature and severity of the breach alerts?
top Five Strategies for Upgrading your Security Posture | Sophisticated cyber-attacks, breaches and disclosures are becoming the norm. Attendees will learn five ways to upgrade their security posture to meet today’s challenges. Our network speeds are increasing, data is migrating to clouds, more data needs to be shared, and employees are bringing devices to work. The bad guys are playing a smarter game and we must transform our behavior. Takeaways include how to:
1. Transform Data into Intelligence2. Subscribe to a Threat Modeling Culture3. Transform to the Next Generation Security Model4. Align Security Initiatives with Business Requirements5. Develop a Culture of Security Inclusion and Accountability
enriching Internet threat Intelligence With Web Scale Data | An underemphasized element of an organization’s security response capability is the value of threat intelligence. Many countermeasures and solutions defend against portions of the threat space, but active attackers are numerous. Effective detection and response against an evolving array of threats requires specific intelligence and data about attacker activity and infrastructure. The SAWG’s Cyber Intelligence Repository (Avalanche) provides a valuable basis for establishing and building upon this intelligence data. This presentation focuses on extending and enriching threat intelligence data by leveraging existing datasets to provide improved threat identification and support incident response.
APIs and Aggregators - How do they Fit together? | We plan to share the current risk landscape between Financial Institutions and Aggregators on how customer data is shared and managed. This will be the output of the Aggregator workgroup that has had multiple FI participation and Aggregators as well. We will be sharing the framework defined by the workgroup how to secure the connection between FI and Aggregator. Also share the checklist what FIs should do to use the framework by using API’s and OAuth standards to secure data transmission. We will be sharing how to make the FIs in total control of credentials and authentication with their customers.
Citi’s Cyber Security Fusion Center | In July 2014, Citi opened the Cyber Security Fusion Center (CSFC) in Warren, NJ. The CSFC is a collaborative work space that includes teams from Citi’s Global Information Security and Citi’s Security & Investigation Services organizations and includes intelligence analysts, investigators, response teams, vulnerability assessors, malware researchers and security incident managers. The CSFC will reduce response time to security incidents, enhance feedback to internal controls, increase awareness of emerging threats and improve understanding of vulnerabilities. The session will describe CSFC goals and objectives, provide a glimpse into lessons learned from the first few months of operation and next steps.
When Confidentiality is Compromised: Security Protocols Best Practices | Practical exploitation of cryptographic weaknesses is a topic of growing concern for every enterprise. Breakthroughs in the academic crypto community and the lack of proper secure coding practices in widely used projects already proved that a major breakdown of internet’s confidentiality controls is not a matter of “if” but a matter of “when”. This presentation will review some of the most recent cases related to security protocol flaws, best practices, and cryptografic standards that should be proactively phased out. The presentation will conclude with some pragmatic recommendations on how to prepare against future incidents.
Vendor Security Risk Management - How to Handle the new normal | Many financial institutions have significant numbers of relationships with third party service providers. Many of these relationships involve the sharing of sensitive customer information that must be protected. Vendor Security Risk Management is an important program to help companies ensure that all shared data is being protected in an acceptable manner while minimizing the cost impact on service providers. As one who plays both roles, I will share useful Lessons Learned and “ready to implement” ideas about how to improve this process as both a service provider and as the vendor manager.
Real World Case Studies of the Kill Chain Methodology to All Aspects of threat Intelligence | The Kill Chain has been written about and implemented in many large organizations around the world but how has the Financial Sector implemented this methodology and what is it being used for. This session will provide information on Kill Chain implementations from a Financial and an external sector point of view. The session will also give the attendee insight into what is next for the methodology.
Information and Cyber Security: Community Institution Challenges | A discussion on the range of Information and Cybersecurity challenges facing community-sized institutions today and strategy for risk mitigation.
the Brick & Mortar Cyber Attack Vector | Amazon’s EC2 Cloud’s worst downtime experience occurred in July 2012. The cause was failure of components that control the backup generation at one of its major data centers. That center, like all modern buildings, utilizes specialized facility level computer systems to operate building electricity/lighting/HVAC/doors/gates/locks/security cameras, water distribution, elevators, and backup generation. Yet these systems are frequently less secured than their IT counterparts. This session will present specific incidents where building systems were compromised. A cyber attack on a physical model light grid using real automated controllers is demonstrated. Methods for improving security in this area will be outlined.
target: Financial Industry | When targeted adversaries go to work, they develop a “”target package”” on their intended victim(s). This presentation will be offered from an adversarial perspective. We will walk the audience through the process of building a professional, intelligence-driven targeting package on the financial community, starting at a high level, and working down to the planned attack, damage assessment, and metrics of mission effectiveness.
new Financial Domains: the Security threat and opportunities | ICANN, the Internet Corporation for Assigned Names and Numbers, has opened up a new round of top level domains the net result being over 1400 new potential domains. While our industry will operate .bank and .insurance, the many other new financial domains will create customer confusion as well as security concerns. This session will focus on how institutions can position themselves to address this new Internet world. Learn how .bank and .insurance will be designed to serve the global financial industry and the implications of a much broader Internet space.
Strategies for extending Security Controls to the Cloud | Cloud is driving the biggest transformation in IT/Security since the introduction of the personal computer 30 years ago. As more corporate data lives outside of the company, the existing security infrastructure designed to protect the perimeter is increasingly ineffective. At the same time, IT Security is more important than ever. The stakes are higher and the game is harder as attacks are well funded and better organized. This presentation offers one perspective on how to extend your security controls to the cloud so you can enable cloud services while protecting the business and it’s data in the new Cloud era.
the Future of Convergence: Securing the Internet of things | By 2020, the world will be home to 50 billion connected devices and 3.4×10^38 unique IP addresses. The exponential rise of the Internet of Things poses both challenges and opportunities for the convergence of physical and cyber security. With five connected devices per person by 2017, security professionals have the ability to more precisely determine access and movement in campus environments. Specifically, professionals can safely and privately identify electromagnetic signatures from IoT to protect an enterprise’s most important assets –its people. This interactive session will use augmented reality to explore the critical role IoT will play in holistic security management.
Protecting Financial Services in the evolving Global economy | Hear from a panel of experts for their perspectives on:
• Government Policy• Active Defense in the Financial Community
• The Timeline for Action• Legal and Other Frameworks for Managing Risk
Cybercrime - Who is the Cat and who is the Mouse? | Cybercriminals are constantly perfecting attacks and are deploying new tools and techniques that help them take over bank accounts. The security industry on the other hand is fighting back deploying new security solutions – but who is winning this battle? Join this session and cast your vote – who is the cat and who is the mouse? In this session Etay Maor (representing the attacker) and Marc Van Zadelhoff (representing the banks) will battle it out – showcasing multiple attack/defend scenarios the audience will participate and cast their vote.
Developer-friendly Strategies to Ban Avoidable open Source Risk | Are your AppSec practices prepared to scale with your development practices? With agile development comes a dramatic increase in the use of open-source components to fuel innovation and speed development. Unfortunately, components with known vulnerabilities continue to be used long after a fix is released. Why? Join this session to gain insight from a four-year study on AppSec practices related to open source development. Learn what Aetna and others are doing to address security at the heart of their software development lifecycle to maintain accurate application bill-of-materials, help developers make informed decisions, and implement developer-friendly governance to quickly address defects.
SpearPhishing Hackers: tables turned | An average enterprise generates more than 10,000 security related events per day and up to 150,000 (Dambella). Yet 50% of breaches take MONTHS or longer to discover (Verizon). At any time in an enterprise, more than half are still undiscovered. Organizations are accepting the fact that despite their best efforts security breaches are unavoidable (Breach Level Index). This presentation proposes a new paradigm where hackers start looking over their shoulders. This paradigm draws from the body of knowledge developed through intelligence and defense, and applies them to stop the unknown and undetected threats.
Proactive Fraud Prevention that Actually Improves the User experience | Transaction monitoring and anomaly detection force financial institutions to depend on reactive fraud detection that relies solely on symptoms of suspected fraud. A conclusive understanding of the hygiene of the endpoint and a continuous frictionless authentication of the end user allows institutions to instead employ a proactive fraud prevention system that enables decisions to be made on the session even before the user has fully entered their credentials. The conclusiveness and continuity of this fraud prevention approach allows for the optimal user experience, ensures security, and minimizes reliance on invasive authentication methods.
More Malware, Less Malware | This highly technical talk will explore the in-depth functionality of malware leveraged by attackers over the last twelve months to penetrate networks, escalate privileges, maintain persistence, establish command and control channels, and harvest data and ultimately exfiltrate data. This talk will also explore malicious activity perpetrated by attackers without the use of malware.
Four Cyber Security Innovations to Give You Courage | I will discuss and present four cyber security innovations that not only work but will fundamentally change how we will all do our jobs in the future. Some in our community are leaning forward with these ideas and showing us the way. They are teaching us how to transform our tactical Incident Response teams into strategic intelligence organizations. They are changing our old-school thinking of deploying tactical defenses into modern Kill-Chain and Indicators-of-Compromise methodology. They are breaking new ground on how to share threat information. Finally, they are adopting next generation security technology to replace the very old last generation.
the Hidden Value in Spear-phishing email Content | When attempting to automate the analysis of attachments and analyze URLs, our engineers naturally focus on finding malware, while at the same time attackers look for new and clever ways to obfuscate the
malware. While we may be thinking that we are incrementally building a better mouse trap, perhaps we’ve been running on a hamster wheel. This presentation will focus on the cost the attacker bears to pull off a spear-phishing attack and examine the email story used to lure its victims. Perhaps we can use the attackers’ lack of creativity against them?
Cross Channel, Cross enterprise Fraud and the need for Collaboration | Account takeover fraud is increasing as organized fraudsters use a combination of phone and online tools to setup and execute attacks. Fraudsters move between the online and phone worlds, calling both call centers and consumers. Furthermore, they’re working across institutions, with reconnaissance and attacks on multiple targets. In this panel, fraud and security leaders from Bank of America, E*Trade and TD Ameritrade will discuss the technical and organizational changes and the collaboration required to stem cross-channel and cross-institution attacks. Issues include regulatory and privacy concerns of data sharing, logistics, tools already in place such as CYFIN and how they work.
Case Study - Uncovering Beyond Just the Malware | Threats are evolving on a continuous basis. In this presentation, Symantec will share a case study of a threat that has recently been gaining traction in specific markets, and holds the potential of impacting a large number of users and steal information which leads to monetary loss. During this talk we will showcase the MO behind operating the threat, the malware’s details, possible attribution of actors involved, infrastructure used, and share potential impact to victims.se
ssio
ns
Applying Math to Security to Stop Advanced Persistent threats
Authenticating the Mind
Blitzkrieg email Attacks: Criminals are evading email Security and How to Stop It
BluVector Cyber Intelligence Platform
Countering DDoS: Banking on a Solution that Works
Detecting and Remedying What others Can’t: Intro to triumfant’s endpoint Solution and Memory Process Scanner
Discover, Protect, Monitor your Sensitive Data in the Cloud
How Much Less Risk Will We Have If...?
Mapping Dark Web Communities
new techniques to Block Aggregators and Bots
Securing and enabling Mobility for Financial Institutions
Privileged threat Analytics: Analyze the Right Data, not All the Data
Protecting Your Institution from Unauthorized Access with Behavioral Analytics
Shadow It Doesn’t Have to Be Shady; Cloud Security You Can Bank on
the need for Speed
Under Cyber Fire – Defending Financial Firms from Advanced Cyber threats
Unlock threat Intelligence Value with Automation and Collaborationsilv
er s
olut
ions
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
FS-ISACFall Summit2014
On behalf of the FS-ISAC and the 2014 Fall Summit Planning Committee, I am very pleased to invite you to the 2014 FS-ISAC Fall Summit. Our various roles and responsibilities as professionals in information risk management and cyber security benefit from shared expertise as well as sharing our challenges. The dynamic nature of cyber security issues and solutions makes the connections we have as members of FS-ISAC invaluable. The pace of change – in our business environments, regulatory landscape and technology capabilities, among other things - as well as the need to respond to increasing global threats is supported by our sharing of knowledge, experience and solutions. In fact, I believe it is vital that we continue to share this information with our peers in order to increase our collective success to overcome cyber challenges.
This event would not be possible without support from our sponsors. Their presentations are an important component to this Falls’ Summit. Feedback from prior sessions was considered and all of the sponsor presentations were selected on merit alone – we’ve worked closely with them to ensure the information presented is topical and valuable. We encourage you to spend time with our sponsors in the exhibit hall and throughout the event.
You have continued to provide outstanding feedback on the CISO panels at previous Summits. We will again be including CISO panels with topics that are sure to be of interest to you as you approach 2015 (and beyond) strategic planning or will help you validate that you are focused on the right priorities. As always, member presentations make up the majority of our agenda and you won’t want to miss learning about the latest challenges that your peers are working on. I hope you are able to join me at the 2014 FS-ISAC Fall Summit at the Washington Marriott Wardman Park in our nation’s capital of Washington, D.C. to expand your peer networks and learn the latest, and best, practices to enable you to continue to be a successful information risk and cyber security professional.
Meg AndersonConference Chair for the 2014 FS-ISAC Fall Summit AVP & Chief Information Security Officer, Principal Financial Group
FS-ISAC MISSIon StAteMent The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Learn more at www.fsisac.com.
Register today at:
www.fsisac-summit.com
Monday, October 13, 2014
4:00 - 7:00 PM Member Registration
6:00 - 7:00 PM Opening Welcome Reception
7:00 - 9:00 PM Sponsored Member Dinners (Closed to sponsors)
Tuesday, October 14, 2014
8:00 AM - 9:00 PM Member Registration
8:00 - 9:00 AM Board Breakfast
9:00 - 10:00 AM Board Meeting
9:00 AM - 12:00 PM Members Technical Forum
12:00 - 1:00 PM Board and Members Only Lunch
1:00 - 5:00 PM Members Only Meeting
3:00 - 6:00 PM Sponsor Registration and Exhibit Set-up
5:00 - 6:00 PM Silver Solutions Showcase General Session (closed to non-Silver Sponsors)
6:00 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Taste of Washington Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Wednesday, October 15, 2014
7:00 AM - 7:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 9:00 AM Keynote Session
9:00 - 9:30 AM General Session
9:30 - 10:00 AM Networking Break in Sponsor Hall
10:00 - 11:00 AM Concurrent Breakouts
11:15 AM - 12:15 PM Concurrent Breakouts
12:15 - 1:30 PM Birds of a Feather Lunch
1:30 - 2:30 PM Concurrent Breakouts
2:30 - 3:00 PM Networking Break in Sponsor Hall
3:00 - 4:00 PM Concurrent Breakouts
4:15 - 5:15 PM Silver Solutions Showcase Reception (closed to non-Silver Sponsors)
5:15 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Event Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Thursday, October 16
7:00 AM - 6:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 8:45 AM General Session
8:45 - 9:15 AM General Session
9:30 - 10:30 AM Concurrent Breakouts
10:30 - 11:00 AM Networking Break in Sponsor Hall
11:00 AM - 12:00 PM Concurrent Breakouts
12:00 - 1:15 PM Luncheon
1:15 - 2:15 PM Silver Solutions Showcase Desserts (closed to non-Silver Sponsors)
2:30 - 3:30 PM Concurrent Breakouts
3:30 - 4:00 PM Networking Break in Sponsor Hall
4:00 - 4:45 PM Members Key Topics Closing Panel
4:45 - 5:00 PM Closing Remarks and Conference Wrap Up
5:00 - 6:00 PM Conference Close Reception in Sponsor Hall
7:00 - 9:00 PM Sponsored Member Dinners (Closed to non-Platinum Sponsors)
Agenda subject to change. For an up to date agenda, visit www.fsisac-summit.com/fall-agenda
“ ”this conference is one of the most relevant to my profession.
Great organization, great networking, and very well done.2013 AttenDee
Identity As the new Perimeter of Defense: Automating Anonymized Shared trust Intelligence to Reduce Friction and Protect Against third Party Data Breaches and Malware | Recent major data breaches have compromised the identities of tens of millions of Americans and is now threatening financial institutions. ThreatMetrix Chief Products Officer, Alisdair Faulkner, will analyze how stolen identities from data breaches, malware attacks, and compromised devices are being used against financial institutions. Faulkner will:
• Compare account takeover, botnet and malware attack trends across mobile and Web channels. • Use real-life case studies showing how companies have increased security without compromising on privacy. • Learn new use-cases and new ways that financial institutions have reduced friction and step-up challenges for trusted users
through advanced context-based security approaches.
Pursuing Modern-day Dillinger Gangs: the Application of threat Intelligence to Cybercrime Syndicates | During the Great Depression, the Dillinger gang robbed dozens of banks, alluded capture and created fear and distrust in the US banking industry. Today, a new band of thieves is wreaking havoc within the industry – cybercriminals. The speaker will describe the evolution of bank heists in cyberspace and corresponding techniques in money laundering. He will provide proactive guidance on tactics and technologies that can be implemented to mitigate the risk of sophisticated cyberattack and manage reputational risk in 2014. Hear detailed accounts of recent Russian and Brazilian attacks and the lessons that can be drawn from these events.
Advanced threat Detection | To combat today’s cyber-threats you need faster and more accurate threat detection. This session will describe how to reduce the time between actual breach and discovery. Learn how to leverage your system state data to create threat intelligence and answer some fundamental questions:
• Are we prioritizing the high-risk breach alerts for business critical assets?• Are there other events of interest or risky changes to business critical systems? • Are we able to drill-down for root-cause analysis and forensics?• Do we have Threat Intelligence to understand the nature and severity of the breach alerts?
top Five Strategies for Upgrading your Security Posture | Sophisticated cyber-attacks, breaches and disclosures are becoming the norm. Attendees will learn five ways to upgrade their security posture to meet today’s challenges. Our network speeds are increasing, data is migrating to clouds, more data needs to be shared, and employees are bringing devices to work. The bad guys are playing a smarter game and we must transform our behavior. Takeaways include how to:
1. Transform Data into Intelligence2. Subscribe to a Threat Modeling Culture3. Transform to the Next Generation Security Model4. Align Security Initiatives with Business Requirements5. Develop a Culture of Security Inclusion and Accountability
enriching Internet threat Intelligence With Web Scale Data | An underemphasized element of an organization’s security response capability is the value of threat intelligence. Many countermeasures and solutions defend against portions of the threat space, but active attackers are numerous. Effective detection and response against an evolving array of threats requires specific intelligence and data about attacker activity and infrastructure. The SAWG’s Cyber Intelligence Repository (Avalanche) provides a valuable basis for establishing and building upon this intelligence data. This presentation focuses on extending and enriching threat intelligence data by leveraging existing datasets to provide improved threat identification and support incident response.
APIs and Aggregators - How do they Fit together? | We plan to share the current risk landscape between Financial Institutions and Aggregators on how customer data is shared and managed. This will be the output of the Aggregator workgroup that has had multiple FI participation and Aggregators as well. We will be sharing the framework defined by the workgroup how to secure the connection between FI and Aggregator. Also share the checklist what FIs should do to use the framework by using API’s and OAuth standards to secure data transmission. We will be sharing how to make the FIs in total control of credentials and authentication with their customers.
Citi’s Cyber Security Fusion Center | In July 2014, Citi opened the Cyber Security Fusion Center (CSFC) in Warren, NJ. The CSFC is a collaborative work space that includes teams from Citi’s Global Information Security and Citi’s Security & Investigation Services organizations and includes intelligence analysts, investigators, response teams, vulnerability assessors, malware researchers and security incident managers. The CSFC will reduce response time to security incidents, enhance feedback to internal controls, increase awareness of emerging threats and improve understanding of vulnerabilities. The session will describe CSFC goals and objectives, provide a glimpse into lessons learned from the first few months of operation and next steps.
When Confidentiality is Compromised: Security Protocols Best Practices | Practical exploitation of cryptographic weaknesses is a topic of growing concern for every enterprise. Breakthroughs in the academic crypto community and the lack of proper secure coding practices in widely used projects already proved that a major breakdown of internet’s confidentiality controls is not a matter of “if” but a matter of “when”. This presentation will review some of the most recent cases related to security protocol flaws, best practices, and cryptografic standards that should be proactively phased out. The presentation will conclude with some pragmatic recommendations on how to prepare against future incidents.
Vendor Security Risk Management - How to Handle the new normal | Many financial institutions have significant numbers of relationships with third party service providers. Many of these relationships involve the sharing of sensitive customer information that must be protected. Vendor Security Risk Management is an important program to help companies ensure that all shared data is being protected in an acceptable manner while minimizing the cost impact on service providers. As one who plays both roles, I will share useful Lessons Learned and “ready to implement” ideas about how to improve this process as both a service provider and as the vendor manager.
Real World Case Studies of the Kill Chain Methodology to All Aspects of threat Intelligence | The Kill Chain has been written about and implemented in many large organizations around the world but how has the Financial Sector implemented this methodology and what is it being used for. This session will provide information on Kill Chain implementations from a Financial and an external sector point of view. The session will also give the attendee insight into what is next for the methodology.
Information and Cyber Security: Community Institution Challenges | A discussion on the range of Information and Cybersecurity challenges facing community-sized institutions today and strategy for risk mitigation.
the Brick & Mortar Cyber Attack Vector | Amazon’s EC2 Cloud’s worst downtime experience occurred in July 2012. The cause was failure of components that control the backup generation at one of its major data centers. That center, like all modern buildings, utilizes specialized facility level computer systems to operate building electricity/lighting/HVAC/doors/gates/locks/security cameras, water distribution, elevators, and backup generation. Yet these systems are frequently less secured than their IT counterparts. This session will present specific incidents where building systems were compromised. A cyber attack on a physical model light grid using real automated controllers is demonstrated. Methods for improving security in this area will be outlined.
target: Financial Industry | When targeted adversaries go to work, they develop a “”target package”” on their intended victim(s). This presentation will be offered from an adversarial perspective. We will walk the audience through the process of building a professional, intelligence-driven targeting package on the financial community, starting at a high level, and working down to the planned attack, damage assessment, and metrics of mission effectiveness.
new Financial Domains: the Security threat and opportunities | ICANN, the Internet Corporation for Assigned Names and Numbers, has opened up a new round of top level domains the net result being over 1400 new potential domains. While our industry will operate .bank and .insurance, the many other new financial domains will create customer confusion as well as security concerns. This session will focus on how institutions can position themselves to address this new Internet world. Learn how .bank and .insurance will be designed to serve the global financial industry and the implications of a much broader Internet space.
Strategies for extending Security Controls to the Cloud | Cloud is driving the biggest transformation in IT/Security since the introduction of the personal computer 30 years ago. As more corporate data lives outside of the company, the existing security infrastructure designed to protect the perimeter is increasingly ineffective. At the same time, IT Security is more important than ever. The stakes are higher and the game is harder as attacks are well funded and better organized. This presentation offers one perspective on how to extend your security controls to the cloud so you can enable cloud services while protecting the business and it’s data in the new Cloud era.
the Future of Convergence: Securing the Internet of things | By 2020, the world will be home to 50 billion connected devices and 3.4×10^38 unique IP addresses. The exponential rise of the Internet of Things poses both challenges and opportunities for the convergence of physical and cyber security. With five connected devices per person by 2017, security professionals have the ability to more precisely determine access and movement in campus environments. Specifically, professionals can safely and privately identify electromagnetic signatures from IoT to protect an enterprise’s most important assets –its people. This interactive session will use augmented reality to explore the critical role IoT will play in holistic security management.
Protecting Financial Services in the evolving Global economy | Hear from a panel of experts for their perspectives on:
• Government Policy• Active Defense in the Financial Community
• The Timeline for Action• Legal and Other Frameworks for Managing Risk
Cybercrime - Who is the Cat and who is the Mouse? | Cybercriminals are constantly perfecting attacks and are deploying new tools and techniques that help them take over bank accounts. The security industry on the other hand is fighting back deploying new security solutions – but who is winning this battle? Join this session and cast your vote – who is the cat and who is the mouse? In this session Etay Maor (representing the attacker) and Marc Van Zadelhoff (representing the banks) will battle it out – showcasing multiple attack/defend scenarios the audience will participate and cast their vote.
Developer-friendly Strategies to Ban Avoidable open Source Risk | Are your AppSec practices prepared to scale with your development practices? With agile development comes a dramatic increase in the use of open-source components to fuel innovation and speed development. Unfortunately, components with known vulnerabilities continue to be used long after a fix is released. Why? Join this session to gain insight from a four-year study on AppSec practices related to open source development. Learn what Aetna and others are doing to address security at the heart of their software development lifecycle to maintain accurate application bill-of-materials, help developers make informed decisions, and implement developer-friendly governance to quickly address defects.
SpearPhishing Hackers: tables turned | An average enterprise generates more than 10,000 security related events per day and up to 150,000 (Dambella). Yet 50% of breaches take MONTHS or longer to discover (Verizon). At any time in an enterprise, more than half are still undiscovered. Organizations are accepting the fact that despite their best efforts security breaches are unavoidable (Breach Level Index). This presentation proposes a new paradigm where hackers start looking over their shoulders. This paradigm draws from the body of knowledge developed through intelligence and defense, and applies them to stop the unknown and undetected threats.
Proactive Fraud Prevention that Actually Improves the User experience | Transaction monitoring and anomaly detection force financial institutions to depend on reactive fraud detection that relies solely on symptoms of suspected fraud. A conclusive understanding of the hygiene of the endpoint and a continuous frictionless authentication of the end user allows institutions to instead employ a proactive fraud prevention system that enables decisions to be made on the session even before the user has fully entered their credentials. The conclusiveness and continuity of this fraud prevention approach allows for the optimal user experience, ensures security, and minimizes reliance on invasive authentication methods.
More Malware, Less Malware | This highly technical talk will explore the in-depth functionality of malware leveraged by attackers over the last twelve months to penetrate networks, escalate privileges, maintain persistence, establish command and control channels, and harvest data and ultimately exfiltrate data. This talk will also explore malicious activity perpetrated by attackers without the use of malware.
Four Cyber Security Innovations to Give You Courage | I will discuss and present four cyber security innovations that not only work but will fundamentally change how we will all do our jobs in the future. Some in our community are leaning forward with these ideas and showing us the way. They are teaching us how to transform our tactical Incident Response teams into strategic intelligence organizations. They are changing our old-school thinking of deploying tactical defenses into modern Kill-Chain and Indicators-of-Compromise methodology. They are breaking new ground on how to share threat information. Finally, they are adopting next generation security technology to replace the very old last generation.
the Hidden Value in Spear-phishing email Content | When attempting to automate the analysis of attachments and analyze URLs, our engineers naturally focus on finding malware, while at the same time attackers look for new and clever ways to obfuscate the
malware. While we may be thinking that we are incrementally building a better mouse trap, perhaps we’ve been running on a hamster wheel. This presentation will focus on the cost the attacker bears to pull off a spear-phishing attack and examine the email story used to lure its victims. Perhaps we can use the attackers’ lack of creativity against them?
Cross Channel, Cross enterprise Fraud and the need for Collaboration | Account takeover fraud is increasing as organized fraudsters use a combination of phone and online tools to setup and execute attacks. Fraudsters move between the online and phone worlds, calling both call centers and consumers. Furthermore, they’re working across institutions, with reconnaissance and attacks on multiple targets. In this panel, fraud and security leaders from Bank of America, E*Trade and TD Ameritrade will discuss the technical and organizational changes and the collaboration required to stem cross-channel and cross-institution attacks. Issues include regulatory and privacy concerns of data sharing, logistics, tools already in place such as CYFIN and how they work.
Case Study - Uncovering Beyond Just the Malware | Threats are evolving on a continuous basis. In this presentation, Symantec will share a case study of a threat that has recently been gaining traction in specific markets, and holds the potential of impacting a large number of users and steal information which leads to monetary loss. During this talk we will showcase the MO behind operating the threat, the malware’s details, possible attribution of actors involved, infrastructure used, and share potential impact to victims.se
ssio
ns
Applying Math to Security to Stop Advanced Persistent threats
Authenticating the Mind
Blitzkrieg email Attacks: Criminals are evading email Security and How to Stop It
BluVector Cyber Intelligence Platform
Countering DDoS: Banking on a Solution that Works
Detecting and Remedying What others Can’t: Intro to triumfant’s endpoint Solution and Memory Process Scanner
Discover, Protect, Monitor your Sensitive Data in the Cloud
How Much Less Risk Will We Have If...?
Mapping Dark Web Communities
new techniques to Block Aggregators and Bots
Securing and enabling Mobility for Financial Institutions
Privileged threat Analytics: Analyze the Right Data, not All the Data
Protecting Your Institution from Unauthorized Access with Behavioral Analytics
Shadow It Doesn’t Have to Be Shady; Cloud Security You Can Bank on
the need for Speed
Under Cyber Fire – Defending Financial Firms from Advanced Cyber threats
Unlock threat Intelligence Value with Automation and Collaborationsilv
er s
olut
ions
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
FS-ISACFall Summit2014
On behalf of the FS-ISAC and the 2014 Fall Summit Planning Committee, I am very pleased to invite you to the 2014 FS-ISAC Fall Summit. Our various roles and responsibilities as professionals in information risk management and cyber security benefit from shared expertise as well as sharing our challenges. The dynamic nature of cyber security issues and solutions makes the connections we have as members of FS-ISAC invaluable. The pace of change – in our business environments, regulatory landscape and technology capabilities, among other things - as well as the need to respond to increasing global threats is supported by our sharing of knowledge, experience and solutions. In fact, I believe it is vital that we continue to share this information with our peers in order to increase our collective success to overcome cyber challenges.
This event would not be possible without support from our sponsors. Their presentations are an important component to this Falls’ Summit. Feedback from prior sessions was considered and all of the sponsor presentations were selected on merit alone – we’ve worked closely with them to ensure the information presented is topical and valuable. We encourage you to spend time with our sponsors in the exhibit hall and throughout the event.
You have continued to provide outstanding feedback on the CISO panels at previous Summits. We will again be including CISO panels with topics that are sure to be of interest to you as you approach 2015 (and beyond) strategic planning or will help you validate that you are focused on the right priorities. As always, member presentations make up the majority of our agenda and you won’t want to miss learning about the latest challenges that your peers are working on. I hope you are able to join me at the 2014 FS-ISAC Fall Summit at the Washington Marriott Wardman Park in our nation’s capital of Washington, D.C. to expand your peer networks and learn the latest, and best, practices to enable you to continue to be a successful information risk and cyber security professional.
Meg AndersonConference Chair for the 2014 FS-ISAC Fall Summit AVP & Chief Information Security Officer, Principal Financial Group
FS-ISAC MISSIon StAteMent The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Learn more at www.fsisac.com.
Register today at:
www.fsisac-summit.com
Monday, October 13, 2014
4:00 - 7:00 PM Member Registration
6:00 - 7:00 PM Opening Welcome Reception
7:00 - 9:00 PM Sponsored Member Dinners (Closed to sponsors)
Tuesday, October 14, 2014
8:00 AM - 9:00 PM Member Registration
8:00 - 9:00 AM Board Breakfast
9:00 - 10:00 AM Board Meeting
9:00 AM - 12:00 PM Members Technical Forum
12:00 - 1:00 PM Board and Members Only Lunch
1:00 - 5:00 PM Members Only Meeting
3:00 - 6:00 PM Sponsor Registration and Exhibit Set-up
5:00 - 6:00 PM Silver Solutions Showcase General Session (closed to non-Silver Sponsors)
6:00 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Taste of Washington Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Wednesday, October 15, 2014
7:00 AM - 7:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 9:00 AM Keynote Session
9:00 - 9:30 AM General Session
9:30 - 10:00 AM Networking Break in Sponsor Hall
10:00 - 11:00 AM Concurrent Breakouts
11:15 AM - 12:15 PM Concurrent Breakouts
12:15 - 1:30 PM Birds of a Feather Lunch
1:30 - 2:30 PM Concurrent Breakouts
2:30 - 3:00 PM Networking Break in Sponsor Hall
3:00 - 4:00 PM Concurrent Breakouts
4:15 - 5:15 PM Silver Solutions Showcase Reception (closed to non-Silver Sponsors)
5:15 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Event Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Thursday, October 16
7:00 AM - 6:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 8:45 AM General Session
8:45 - 9:15 AM General Session
9:30 - 10:30 AM Concurrent Breakouts
10:30 - 11:00 AM Networking Break in Sponsor Hall
11:00 AM - 12:00 PM Concurrent Breakouts
12:00 - 1:15 PM Luncheon
1:15 - 2:15 PM Silver Solutions Showcase Desserts (closed to non-Silver Sponsors)
2:30 - 3:30 PM Concurrent Breakouts
3:30 - 4:00 PM Networking Break in Sponsor Hall
4:00 - 4:45 PM Members Key Topics Closing Panel
4:45 - 5:00 PM Closing Remarks and Conference Wrap Up
5:00 - 6:00 PM Conference Close Reception in Sponsor Hall
7:00 - 9:00 PM Sponsored Member Dinners (Closed to non-Platinum Sponsors)
Agenda subject to change. For an up to date agenda, visit www.fsisac-summit.com/fall-agenda
“ ”this conference is one of the most relevant to my profession.
Great organization, great networking, and very well done.2013 AttenDee
Identity As the new Perimeter of Defense: Automating Anonymized Shared trust Intelligence to Reduce Friction and Protect Against third Party Data Breaches and Malware | Recent major data breaches have compromised the identities of tens of millions of Americans and is now threatening financial institutions. ThreatMetrix Chief Products Officer, Alisdair Faulkner, will analyze how stolen identities from data breaches, malware attacks, and compromised devices are being used against financial institutions. Faulkner will:
• Compare account takeover, botnet and malware attack trends across mobile and Web channels. • Use real-life case studies showing how companies have increased security without compromising on privacy. • Learn new use-cases and new ways that financial institutions have reduced friction and step-up challenges for trusted users
through advanced context-based security approaches.
Pursuing Modern-day Dillinger Gangs: the Application of threat Intelligence to Cybercrime Syndicates | During the Great Depression, the Dillinger gang robbed dozens of banks, alluded capture and created fear and distrust in the US banking industry. Today, a new band of thieves is wreaking havoc within the industry – cybercriminals. The speaker will describe the evolution of bank heists in cyberspace and corresponding techniques in money laundering. He will provide proactive guidance on tactics and technologies that can be implemented to mitigate the risk of sophisticated cyberattack and manage reputational risk in 2014. Hear detailed accounts of recent Russian and Brazilian attacks and the lessons that can be drawn from these events.
Advanced threat Detection | To combat today’s cyber-threats you need faster and more accurate threat detection. This session will describe how to reduce the time between actual breach and discovery. Learn how to leverage your system state data to create threat intelligence and answer some fundamental questions:
• Are we prioritizing the high-risk breach alerts for business critical assets?• Are there other events of interest or risky changes to business critical systems? • Are we able to drill-down for root-cause analysis and forensics?• Do we have Threat Intelligence to understand the nature and severity of the breach alerts?
top Five Strategies for Upgrading your Security Posture | Sophisticated cyber-attacks, breaches and disclosures are becoming the norm. Attendees will learn five ways to upgrade their security posture to meet today’s challenges. Our network speeds are increasing, data is migrating to clouds, more data needs to be shared, and employees are bringing devices to work. The bad guys are playing a smarter game and we must transform our behavior. Takeaways include how to:
1. Transform Data into Intelligence2. Subscribe to a Threat Modeling Culture3. Transform to the Next Generation Security Model4. Align Security Initiatives with Business Requirements5. Develop a Culture of Security Inclusion and Accountability
enriching Internet threat Intelligence With Web Scale Data | An underemphasized element of an organization’s security response capability is the value of threat intelligence. Many countermeasures and solutions defend against portions of the threat space, but active attackers are numerous. Effective detection and response against an evolving array of threats requires specific intelligence and data about attacker activity and infrastructure. The SAWG’s Cyber Intelligence Repository (Avalanche) provides a valuable basis for establishing and building upon this intelligence data. This presentation focuses on extending and enriching threat intelligence data by leveraging existing datasets to provide improved threat identification and support incident response.
APIs and Aggregators - How do they Fit together? | We plan to share the current risk landscape between Financial Institutions and Aggregators on how customer data is shared and managed. This will be the output of the Aggregator workgroup that has had multiple FI participation and Aggregators as well. We will be sharing the framework defined by the workgroup how to secure the connection between FI and Aggregator. Also share the checklist what FIs should do to use the framework by using API’s and OAuth standards to secure data transmission. We will be sharing how to make the FIs in total control of credentials and authentication with their customers.
Citi’s Cyber Security Fusion Center | In July 2014, Citi opened the Cyber Security Fusion Center (CSFC) in Warren, NJ. The CSFC is a collaborative work space that includes teams from Citi’s Global Information Security and Citi’s Security & Investigation Services organizations and includes intelligence analysts, investigators, response teams, vulnerability assessors, malware researchers and security incident managers. The CSFC will reduce response time to security incidents, enhance feedback to internal controls, increase awareness of emerging threats and improve understanding of vulnerabilities. The session will describe CSFC goals and objectives, provide a glimpse into lessons learned from the first few months of operation and next steps.
When Confidentiality is Compromised: Security Protocols Best Practices | Practical exploitation of cryptographic weaknesses is a topic of growing concern for every enterprise. Breakthroughs in the academic crypto community and the lack of proper secure coding practices in widely used projects already proved that a major breakdown of internet’s confidentiality controls is not a matter of “if” but a matter of “when”. This presentation will review some of the most recent cases related to security protocol flaws, best practices, and cryptografic standards that should be proactively phased out. The presentation will conclude with some pragmatic recommendations on how to prepare against future incidents.
Vendor Security Risk Management - How to Handle the new normal | Many financial institutions have significant numbers of relationships with third party service providers. Many of these relationships involve the sharing of sensitive customer information that must be protected. Vendor Security Risk Management is an important program to help companies ensure that all shared data is being protected in an acceptable manner while minimizing the cost impact on service providers. As one who plays both roles, I will share useful Lessons Learned and “ready to implement” ideas about how to improve this process as both a service provider and as the vendor manager.
Real World Case Studies of the Kill Chain Methodology to All Aspects of threat Intelligence | The Kill Chain has been written about and implemented in many large organizations around the world but how has the Financial Sector implemented this methodology and what is it being used for. This session will provide information on Kill Chain implementations from a Financial and an external sector point of view. The session will also give the attendee insight into what is next for the methodology.
Information and Cyber Security: Community Institution Challenges | A discussion on the range of Information and Cybersecurity challenges facing community-sized institutions today and strategy for risk mitigation.
the Brick & Mortar Cyber Attack Vector | Amazon’s EC2 Cloud’s worst downtime experience occurred in July 2012. The cause was failure of components that control the backup generation at one of its major data centers. That center, like all modern buildings, utilizes specialized facility level computer systems to operate building electricity/lighting/HVAC/doors/gates/locks/security cameras, water distribution, elevators, and backup generation. Yet these systems are frequently less secured than their IT counterparts. This session will present specific incidents where building systems were compromised. A cyber attack on a physical model light grid using real automated controllers is demonstrated. Methods for improving security in this area will be outlined.
target: Financial Industry | When targeted adversaries go to work, they develop a “”target package”” on their intended victim(s). This presentation will be offered from an adversarial perspective. We will walk the audience through the process of building a professional, intelligence-driven targeting package on the financial community, starting at a high level, and working down to the planned attack, damage assessment, and metrics of mission effectiveness.
new Financial Domains: the Security threat and opportunities | ICANN, the Internet Corporation for Assigned Names and Numbers, has opened up a new round of top level domains the net result being over 1400 new potential domains. While our industry will operate .bank and .insurance, the many other new financial domains will create customer confusion as well as security concerns. This session will focus on how institutions can position themselves to address this new Internet world. Learn how .bank and .insurance will be designed to serve the global financial industry and the implications of a much broader Internet space.
Strategies for extending Security Controls to the Cloud | Cloud is driving the biggest transformation in IT/Security since the introduction of the personal computer 30 years ago. As more corporate data lives outside of the company, the existing security infrastructure designed to protect the perimeter is increasingly ineffective. At the same time, IT Security is more important than ever. The stakes are higher and the game is harder as attacks are well funded and better organized. This presentation offers one perspective on how to extend your security controls to the cloud so you can enable cloud services while protecting the business and it’s data in the new Cloud era.
the Future of Convergence: Securing the Internet of things | By 2020, the world will be home to 50 billion connected devices and 3.4×10^38 unique IP addresses. The exponential rise of the Internet of Things poses both challenges and opportunities for the convergence of physical and cyber security. With five connected devices per person by 2017, security professionals have the ability to more precisely determine access and movement in campus environments. Specifically, professionals can safely and privately identify electromagnetic signatures from IoT to protect an enterprise’s most important assets –its people. This interactive session will use augmented reality to explore the critical role IoT will play in holistic security management.
Protecting Financial Services in the evolving Global economy | Hear from a panel of experts for their perspectives on:
• Government Policy• Active Defense in the Financial Community
• The Timeline for Action• Legal and Other Frameworks for Managing Risk
Cybercrime - Who is the Cat and who is the Mouse? | Cybercriminals are constantly perfecting attacks and are deploying new tools and techniques that help them take over bank accounts. The security industry on the other hand is fighting back deploying new security solutions – but who is winning this battle? Join this session and cast your vote – who is the cat and who is the mouse? In this session Etay Maor (representing the attacker) and Marc Van Zadelhoff (representing the banks) will battle it out – showcasing multiple attack/defend scenarios the audience will participate and cast their vote.
Developer-friendly Strategies to Ban Avoidable open Source Risk | Are your AppSec practices prepared to scale with your development practices? With agile development comes a dramatic increase in the use of open-source components to fuel innovation and speed development. Unfortunately, components with known vulnerabilities continue to be used long after a fix is released. Why? Join this session to gain insight from a four-year study on AppSec practices related to open source development. Learn what Aetna and others are doing to address security at the heart of their software development lifecycle to maintain accurate application bill-of-materials, help developers make informed decisions, and implement developer-friendly governance to quickly address defects.
SpearPhishing Hackers: tables turned | An average enterprise generates more than 10,000 security related events per day and up to 150,000 (Dambella). Yet 50% of breaches take MONTHS or longer to discover (Verizon). At any time in an enterprise, more than half are still undiscovered. Organizations are accepting the fact that despite their best efforts security breaches are unavoidable (Breach Level Index). This presentation proposes a new paradigm where hackers start looking over their shoulders. This paradigm draws from the body of knowledge developed through intelligence and defense, and applies them to stop the unknown and undetected threats.
Proactive Fraud Prevention that Actually Improves the User experience | Transaction monitoring and anomaly detection force financial institutions to depend on reactive fraud detection that relies solely on symptoms of suspected fraud. A conclusive understanding of the hygiene of the endpoint and a continuous frictionless authentication of the end user allows institutions to instead employ a proactive fraud prevention system that enables decisions to be made on the session even before the user has fully entered their credentials. The conclusiveness and continuity of this fraud prevention approach allows for the optimal user experience, ensures security, and minimizes reliance on invasive authentication methods.
More Malware, Less Malware | This highly technical talk will explore the in-depth functionality of malware leveraged by attackers over the last twelve months to penetrate networks, escalate privileges, maintain persistence, establish command and control channels, and harvest data and ultimately exfiltrate data. This talk will also explore malicious activity perpetrated by attackers without the use of malware.
Four Cyber Security Innovations to Give You Courage | I will discuss and present four cyber security innovations that not only work but will fundamentally change how we will all do our jobs in the future. Some in our community are leaning forward with these ideas and showing us the way. They are teaching us how to transform our tactical Incident Response teams into strategic intelligence organizations. They are changing our old-school thinking of deploying tactical defenses into modern Kill-Chain and Indicators-of-Compromise methodology. They are breaking new ground on how to share threat information. Finally, they are adopting next generation security technology to replace the very old last generation.
the Hidden Value in Spear-phishing email Content | When attempting to automate the analysis of attachments and analyze URLs, our engineers naturally focus on finding malware, while at the same time attackers look for new and clever ways to obfuscate the
malware. While we may be thinking that we are incrementally building a better mouse trap, perhaps we’ve been running on a hamster wheel. This presentation will focus on the cost the attacker bears to pull off a spear-phishing attack and examine the email story used to lure its victims. Perhaps we can use the attackers’ lack of creativity against them?
Cross Channel, Cross enterprise Fraud and the need for Collaboration | Account takeover fraud is increasing as organized fraudsters use a combination of phone and online tools to setup and execute attacks. Fraudsters move between the online and phone worlds, calling both call centers and consumers. Furthermore, they’re working across institutions, with reconnaissance and attacks on multiple targets. In this panel, fraud and security leaders from Bank of America, E*Trade and TD Ameritrade will discuss the technical and organizational changes and the collaboration required to stem cross-channel and cross-institution attacks. Issues include regulatory and privacy concerns of data sharing, logistics, tools already in place such as CYFIN and how they work.
Case Study - Uncovering Beyond Just the Malware | Threats are evolving on a continuous basis. In this presentation, Symantec will share a case study of a threat that has recently been gaining traction in specific markets, and holds the potential of impacting a large number of users and steal information which leads to monetary loss. During this talk we will showcase the MO behind operating the threat, the malware’s details, possible attribution of actors involved, infrastructure used, and share potential impact to victims.se
ssio
ns
Applying Math to Security to Stop Advanced Persistent threats
Authenticating the Mind
Blitzkrieg email Attacks: Criminals are evading email Security and How to Stop It
BluVector Cyber Intelligence Platform
Countering DDoS: Banking on a Solution that Works
Detecting and Remedying What others Can’t: Intro to triumfant’s endpoint Solution and Memory Process Scanner
Discover, Protect, Monitor your Sensitive Data in the Cloud
How Much Less Risk Will We Have If...?
Mapping Dark Web Communities
new techniques to Block Aggregators and Bots
Securing and enabling Mobility for Financial Institutions
Privileged threat Analytics: Analyze the Right Data, not All the Data
Protecting Your Institution from Unauthorized Access with Behavioral Analytics
Shadow It Doesn’t Have to Be Shady; Cloud Security You Can Bank on
the need for Speed
Under Cyber Fire – Defending Financial Firms from Advanced Cyber threats
Unlock threat Intelligence Value with Automation and Collaborationsilv
er s
olut
ions
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
FS-ISACFall Summit2014
On behalf of the FS-ISAC and the 2014 Fall Summit Planning Committee, I am very pleased to invite you to the 2014 FS-ISAC Fall Summit. Our various roles and responsibilities as professionals in information risk management and cyber security benefit from shared expertise as well as sharing our challenges. The dynamic nature of cyber security issues and solutions makes the connections we have as members of FS-ISAC invaluable. The pace of change – in our business environments, regulatory landscape and technology capabilities, among other things - as well as the need to respond to increasing global threats is supported by our sharing of knowledge, experience and solutions. In fact, I believe it is vital that we continue to share this information with our peers in order to increase our collective success to overcome cyber challenges.
This event would not be possible without support from our sponsors. Their presentations are an important component to this Falls’ Summit. Feedback from prior sessions was considered and all of the sponsor presentations were selected on merit alone – we’ve worked closely with them to ensure the information presented is topical and valuable. We encourage you to spend time with our sponsors in the exhibit hall and throughout the event.
You have continued to provide outstanding feedback on the CISO panels at previous Summits. We will again be including CISO panels with topics that are sure to be of interest to you as you approach 2015 (and beyond) strategic planning or will help you validate that you are focused on the right priorities. As always, member presentations make up the majority of our agenda and you won’t want to miss learning about the latest challenges that your peers are working on. I hope you are able to join me at the 2014 FS-ISAC Fall Summit at the Washington Marriott Wardman Park in our nation’s capital of Washington, D.C. to expand your peer networks and learn the latest, and best, practices to enable you to continue to be a successful information risk and cyber security professional.
Meg AndersonConference Chair for the 2014 FS-ISAC Fall Summit AVP & Chief Information Security Officer, Principal Financial Group
FS-ISAC MISSIon StAteMent The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services sector from physical and cyber threats that impact the resilience, integrity and stability of member institutions through dissemination of trusted and timely information. Learn more at www.fsisac.com.
Register today at:
www.fsisac-summit.com
Monday, October 13, 2014
4:00 - 7:00 PM Member Registration
6:00 - 7:00 PM Opening Welcome Reception
7:00 - 9:00 PM Sponsored Member Dinners (Closed to sponsors)
Tuesday, October 14, 2014
8:00 AM - 9:00 PM Member Registration
8:00 - 9:00 AM Board Breakfast
9:00 - 10:00 AM Board Meeting
9:00 AM - 12:00 PM Members Technical Forum
12:00 - 1:00 PM Board and Members Only Lunch
1:00 - 5:00 PM Members Only Meeting
3:00 - 6:00 PM Sponsor Registration and Exhibit Set-up
5:00 - 6:00 PM Silver Solutions Showcase General Session (closed to non-Silver Sponsors)
6:00 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Taste of Washington Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Wednesday, October 15, 2014
7:00 AM - 7:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 9:00 AM Keynote Session
9:00 - 9:30 AM General Session
9:30 - 10:00 AM Networking Break in Sponsor Hall
10:00 - 11:00 AM Concurrent Breakouts
11:15 AM - 12:15 PM Concurrent Breakouts
12:15 - 1:30 PM Birds of a Feather Lunch
1:30 - 2:30 PM Concurrent Breakouts
2:30 - 3:00 PM Networking Break in Sponsor Hall
3:00 - 4:00 PM Concurrent Breakouts
4:15 - 5:15 PM Silver Solutions Showcase Reception (closed to non-Silver Sponsors)
5:15 - 7:00 PM Networking Reception in Sponsor Hall
7:00 - 9:00 PM Event Dinner
9:00 - 11:00 PM After Hours Hospitality Suite
Thursday, October 16
7:00 AM - 6:00 PM Registration
7:00 - 8:00 AM Breakfast
8:00 - 8:15 AM Opening Remarks
8:15 - 8:45 AM General Session
8:45 - 9:15 AM General Session
9:30 - 10:30 AM Concurrent Breakouts
10:30 - 11:00 AM Networking Break in Sponsor Hall
11:00 AM - 12:00 PM Concurrent Breakouts
12:00 - 1:15 PM Luncheon
1:15 - 2:15 PM Silver Solutions Showcase Desserts (closed to non-Silver Sponsors)
2:30 - 3:30 PM Concurrent Breakouts
3:30 - 4:00 PM Networking Break in Sponsor Hall
4:00 - 4:45 PM Members Key Topics Closing Panel
4:45 - 5:00 PM Closing Remarks and Conference Wrap Up
5:00 - 6:00 PM Conference Close Reception in Sponsor Hall
7:00 - 9:00 PM Sponsored Member Dinners (Closed to non-Platinum Sponsors)
Agenda subject to change. For an up to date agenda, visit www.fsisac-summit.com/fall-agenda
“ ”this conference is one of the most relevant to my profession.
Great organization, great networking, and very well done.2013 AttenDee
Identity As the new Perimeter of Defense: Automating Anonymized Shared trust Intelligence to Reduce Friction and Protect Against third Party Data Breaches and Malware | Recent major data breaches have compromised the identities of tens of millions of Americans and is now threatening financial institutions. ThreatMetrix Chief Products Officer, Alisdair Faulkner, will analyze how stolen identities from data breaches, malware attacks, and compromised devices are being used against financial institutions. Faulkner will:
• Compare account takeover, botnet and malware attack trends across mobile and Web channels. • Use real-life case studies showing how companies have increased security without compromising on privacy. • Learn new use-cases and new ways that financial institutions have reduced friction and step-up challenges for trusted users
through advanced context-based security approaches.
Pursuing Modern-day Dillinger Gangs: the Application of threat Intelligence to Cybercrime Syndicates | During the Great Depression, the Dillinger gang robbed dozens of banks, alluded capture and created fear and distrust in the US banking industry. Today, a new band of thieves is wreaking havoc within the industry – cybercriminals. The speaker will describe the evolution of bank heists in cyberspace and corresponding techniques in money laundering. He will provide proactive guidance on tactics and technologies that can be implemented to mitigate the risk of sophisticated cyberattack and manage reputational risk in 2014. Hear detailed accounts of recent Russian and Brazilian attacks and the lessons that can be drawn from these events.
Advanced threat Detection | To combat today’s cyber-threats you need faster and more accurate threat detection. This session will describe how to reduce the time between actual breach and discovery. Learn how to leverage your system state data to create threat intelligence and answer some fundamental questions:
• Are we prioritizing the high-risk breach alerts for business critical assets?• Are there other events of interest or risky changes to business critical systems? • Are we able to drill-down for root-cause analysis and forensics?• Do we have Threat Intelligence to understand the nature and severity of the breach alerts?
top Five Strategies for Upgrading your Security Posture | Sophisticated cyber-attacks, breaches and disclosures are becoming the norm. Attendees will learn five ways to upgrade their security posture to meet today’s challenges. Our network speeds are increasing, data is migrating to clouds, more data needs to be shared, and employees are bringing devices to work. The bad guys are playing a smarter game and we must transform our behavior. Takeaways include how to:
1. Transform Data into Intelligence2. Subscribe to a Threat Modeling Culture3. Transform to the Next Generation Security Model4. Align Security Initiatives with Business Requirements5. Develop a Culture of Security Inclusion and Accountability
enriching Internet threat Intelligence With Web Scale Data | An underemphasized element of an organization’s security response capability is the value of threat intelligence. Many countermeasures and solutions defend against portions of the threat space, but active attackers are numerous. Effective detection and response against an evolving array of threats requires specific intelligence and data about attacker activity and infrastructure. The SAWG’s Cyber Intelligence Repository (Avalanche) provides a valuable basis for establishing and building upon this intelligence data. This presentation focuses on extending and enriching threat intelligence data by leveraging existing datasets to provide improved threat identification and support incident response.
APIs and Aggregators - How do they Fit together? | We plan to share the current risk landscape between Financial Institutions and Aggregators on how customer data is shared and managed. This will be the output of the Aggregator workgroup that has had multiple FI participation and Aggregators as well. We will be sharing the framework defined by the workgroup how to secure the connection between FI and Aggregator. Also share the checklist what FIs should do to use the framework by using API’s and OAuth standards to secure data transmission. We will be sharing how to make the FIs in total control of credentials and authentication with their customers.
Citi’s Cyber Security Fusion Center | In July 2014, Citi opened the Cyber Security Fusion Center (CSFC) in Warren, NJ. The CSFC is a collaborative work space that includes teams from Citi’s Global Information Security and Citi’s Security & Investigation Services organizations and includes intelligence analysts, investigators, response teams, vulnerability assessors, malware researchers and security incident managers. The CSFC will reduce response time to security incidents, enhance feedback to internal controls, increase awareness of emerging threats and improve understanding of vulnerabilities. The session will describe CSFC goals and objectives, provide a glimpse into lessons learned from the first few months of operation and next steps.
When Confidentiality is Compromised: Security Protocols Best Practices | Practical exploitation of cryptographic weaknesses is a topic of growing concern for every enterprise. Breakthroughs in the academic crypto community and the lack of proper secure coding practices in widely used projects already proved that a major breakdown of internet’s confidentiality controls is not a matter of “if” but a matter of “when”. This presentation will review some of the most recent cases related to security protocol flaws, best practices, and cryptografic standards that should be proactively phased out. The presentation will conclude with some pragmatic recommendations on how to prepare against future incidents.
Vendor Security Risk Management - How to Handle the new normal | Many financial institutions have significant numbers of relationships with third party service providers. Many of these relationships involve the sharing of sensitive customer information that must be protected. Vendor Security Risk Management is an important program to help companies ensure that all shared data is being protected in an acceptable manner while minimizing the cost impact on service providers. As one who plays both roles, I will share useful Lessons Learned and “ready to implement” ideas about how to improve this process as both a service provider and as the vendor manager.
Real World Case Studies of the Kill Chain Methodology to All Aspects of threat Intelligence | The Kill Chain has been written about and implemented in many large organizations around the world but how has the Financial Sector implemented this methodology and what is it being used for. This session will provide information on Kill Chain implementations from a Financial and an external sector point of view. The session will also give the attendee insight into what is next for the methodology.
Information and Cyber Security: Community Institution Challenges | A discussion on the range of Information and Cybersecurity challenges facing community-sized institutions today and strategy for risk mitigation.
the Brick & Mortar Cyber Attack Vector | Amazon’s EC2 Cloud’s worst downtime experience occurred in July 2012. The cause was failure of components that control the backup generation at one of its major data centers. That center, like all modern buildings, utilizes specialized facility level computer systems to operate building electricity/lighting/HVAC/doors/gates/locks/security cameras, water distribution, elevators, and backup generation. Yet these systems are frequently less secured than their IT counterparts. This session will present specific incidents where building systems were compromised. A cyber attack on a physical model light grid using real automated controllers is demonstrated. Methods for improving security in this area will be outlined.
target: Financial Industry | When targeted adversaries go to work, they develop a “”target package”” on their intended victim(s). This presentation will be offered from an adversarial perspective. We will walk the audience through the process of building a professional, intelligence-driven targeting package on the financial community, starting at a high level, and working down to the planned attack, damage assessment, and metrics of mission effectiveness.
new Financial Domains: the Security threat and opportunities | ICANN, the Internet Corporation for Assigned Names and Numbers, has opened up a new round of top level domains the net result being over 1400 new potential domains. While our industry will operate .bank and .insurance, the many other new financial domains will create customer confusion as well as security concerns. This session will focus on how institutions can position themselves to address this new Internet world. Learn how .bank and .insurance will be designed to serve the global financial industry and the implications of a much broader Internet space.
Strategies for extending Security Controls to the Cloud | Cloud is driving the biggest transformation in IT/Security since the introduction of the personal computer 30 years ago. As more corporate data lives outside of the company, the existing security infrastructure designed to protect the perimeter is increasingly ineffective. At the same time, IT Security is more important than ever. The stakes are higher and the game is harder as attacks are well funded and better organized. This presentation offers one perspective on how to extend your security controls to the cloud so you can enable cloud services while protecting the business and it’s data in the new Cloud era.
the Future of Convergence: Securing the Internet of things | By 2020, the world will be home to 50 billion connected devices and 3.4×10^38 unique IP addresses. The exponential rise of the Internet of Things poses both challenges and opportunities for the convergence of physical and cyber security. With five connected devices per person by 2017, security professionals have the ability to more precisely determine access and movement in campus environments. Specifically, professionals can safely and privately identify electromagnetic signatures from IoT to protect an enterprise’s most important assets –its people. This interactive session will use augmented reality to explore the critical role IoT will play in holistic security management.
Protecting Financial Services in the evolving Global economy | Hear from a panel of experts for their perspectives on:
• Government Policy• Active Defense in the Financial Community
• The Timeline for Action• Legal and Other Frameworks for Managing Risk
Cybercrime - Who is the Cat and who is the Mouse? | Cybercriminals are constantly perfecting attacks and are deploying new tools and techniques that help them take over bank accounts. The security industry on the other hand is fighting back deploying new security solutions – but who is winning this battle? Join this session and cast your vote – who is the cat and who is the mouse? In this session Etay Maor (representing the attacker) and Marc Van Zadelhoff (representing the banks) will battle it out – showcasing multiple attack/defend scenarios the audience will participate and cast their vote.
Developer-friendly Strategies to Ban Avoidable open Source Risk | Are your AppSec practices prepared to scale with your development practices? With agile development comes a dramatic increase in the use of open-source components to fuel innovation and speed development. Unfortunately, components with known vulnerabilities continue to be used long after a fix is released. Why? Join this session to gain insight from a four-year study on AppSec practices related to open source development. Learn what Aetna and others are doing to address security at the heart of their software development lifecycle to maintain accurate application bill-of-materials, help developers make informed decisions, and implement developer-friendly governance to quickly address defects.
SpearPhishing Hackers: tables turned | An average enterprise generates more than 10,000 security related events per day and up to 150,000 (Dambella). Yet 50% of breaches take MONTHS or longer to discover (Verizon). At any time in an enterprise, more than half are still undiscovered. Organizations are accepting the fact that despite their best efforts security breaches are unavoidable (Breach Level Index). This presentation proposes a new paradigm where hackers start looking over their shoulders. This paradigm draws from the body of knowledge developed through intelligence and defense, and applies them to stop the unknown and undetected threats.
Proactive Fraud Prevention that Actually Improves the User experience | Transaction monitoring and anomaly detection force financial institutions to depend on reactive fraud detection that relies solely on symptoms of suspected fraud. A conclusive understanding of the hygiene of the endpoint and a continuous frictionless authentication of the end user allows institutions to instead employ a proactive fraud prevention system that enables decisions to be made on the session even before the user has fully entered their credentials. The conclusiveness and continuity of this fraud prevention approach allows for the optimal user experience, ensures security, and minimizes reliance on invasive authentication methods.
More Malware, Less Malware | This highly technical talk will explore the in-depth functionality of malware leveraged by attackers over the last twelve months to penetrate networks, escalate privileges, maintain persistence, establish command and control channels, and harvest data and ultimately exfiltrate data. This talk will also explore malicious activity perpetrated by attackers without the use of malware.
Four Cyber Security Innovations to Give You Courage | I will discuss and present four cyber security innovations that not only work but will fundamentally change how we will all do our jobs in the future. Some in our community are leaning forward with these ideas and showing us the way. They are teaching us how to transform our tactical Incident Response teams into strategic intelligence organizations. They are changing our old-school thinking of deploying tactical defenses into modern Kill-Chain and Indicators-of-Compromise methodology. They are breaking new ground on how to share threat information. Finally, they are adopting next generation security technology to replace the very old last generation.
the Hidden Value in Spear-phishing email Content | When attempting to automate the analysis of attachments and analyze URLs, our engineers naturally focus on finding malware, while at the same time attackers look for new and clever ways to obfuscate the
malware. While we may be thinking that we are incrementally building a better mouse trap, perhaps we’ve been running on a hamster wheel. This presentation will focus on the cost the attacker bears to pull off a spear-phishing attack and examine the email story used to lure its victims. Perhaps we can use the attackers’ lack of creativity against them?
Cross Channel, Cross enterprise Fraud and the need for Collaboration | Account takeover fraud is increasing as organized fraudsters use a combination of phone and online tools to setup and execute attacks. Fraudsters move between the online and phone worlds, calling both call centers and consumers. Furthermore, they’re working across institutions, with reconnaissance and attacks on multiple targets. In this panel, fraud and security leaders from Bank of America, E*Trade and TD Ameritrade will discuss the technical and organizational changes and the collaboration required to stem cross-channel and cross-institution attacks. Issues include regulatory and privacy concerns of data sharing, logistics, tools already in place such as CYFIN and how they work.
Case Study - Uncovering Beyond Just the Malware | Threats are evolving on a continuous basis. In this presentation, Symantec will share a case study of a threat that has recently been gaining traction in specific markets, and holds the potential of impacting a large number of users and steal information which leads to monetary loss. During this talk we will showcase the MO behind operating the threat, the malware’s details, possible attribution of actors involved, infrastructure used, and share potential impact to victims.se
ssio
ns
Applying Math to Security to Stop Advanced Persistent threats
Authenticating the Mind
Blitzkrieg email Attacks: Criminals are evading email Security and How to Stop It
BluVector Cyber Intelligence Platform
Countering DDoS: Banking on a Solution that Works
Detecting and Remedying What others Can’t: Intro to triumfant’s endpoint Solution and Memory Process Scanner
Discover, Protect, Monitor your Sensitive Data in the Cloud
How Much Less Risk Will We Have If...?
Mapping Dark Web Communities
new techniques to Block Aggregators and Bots
Securing and enabling Mobility for Financial Institutions
Privileged threat Analytics: Analyze the Right Data, not All the Data
Protecting Your Institution from Unauthorized Access with Behavioral Analytics
Shadow It Doesn’t Have to Be Shady; Cloud Security You Can Bank on
the need for Speed
Under Cyber Fire – Defending Financial Firms from Advanced Cyber threats
Unlock threat Intelligence Value with Automation and Collaborationsilv
er s
olut
ions
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
FS-ISACFall Summit2014 FI
RS
T C
LAS
S
U.S
. Po
STA
ge
PAID
PeR
mIT
No
. 10
SP
eNC
eR, I
N
ReT
UR
N S
eRVI
Ce
ReQ
UeS
TeD
Gold
Spo
nsor
s
1202
0 Su
nris
e Va
lley
Dr.
Suite
230
| R
esto
n, V
A 2
0191
AgariAirWatch by VMwareBattelle Memorial InstituteBioCatchCipherCloudCSG InternationalCXOWARE, Inc.CyberArk
CylanceGuardian AnalyticsImpervaNetskopeNorthrop Grumman CorporationShape SecurityThreatTrack SecurityTriumfantVorstack
gold
silver
platinum
Save 36% to 54% off the registration price!
FS-ISAC Affiliation Early Bird (before or on 9/23/14)
Standard Registration (after 9/23/14)
Premier/Platinum/Gold Member FREE FREE
Non-Member/CNOP Member $895 $1,750
Basic/Core Member $795 $1,500
Standard/BITS Member $795 $1,250
Government $795 $795
Registration includes all sessions, meals and events during the conference.
If you are a Premier, Gold or Platinum FS-ISAC member and have never attended a FS-ISAC event, please contact [email protected] before registering so that you can be set up in the system to receive a complimentary registration.
Conference Registration CancellationsCancellations are subject to a $50 administrative fee. NO REFUNDS will be made for cancellations received after October 1, 2014. Email [email protected] for more information or to cancel.
PLEASE NOTE: The FS-ISAC Fall Summit restricts attendance to actual practitioners in the financial services space. Security marketing and sales staff, consultants and recruiters cannot attend without sponsoring.
Washington Marriott Wardman Hotel2660 Woodley Road NW | Washington, DC, 20008-4106(202) 328-2000 | www.marriott.com/hotels/travel/wasdt-washington-marriott-wardman-park
The FS-ISAC has reserved a block of sleeping rooms at the Washington Marriott Wardman Park at a rate of $259 per night (plus tax). Please make sure to reserve your room before the cut–off date of Saturday, September 20, 2014. To make your reservation please call 877-212-5752 or use the group’s private reservation page: http://tinyurl.com/os4a565. If you are calling in, be sure to mention you are a part of the FS-ISAC 2014 Fall Annual Summit to receive the group rate.
Transportation
The hotel is located about 7 miles northwest of the Ronald Reagan Washington National Airport-DCA ($1.70 subway fee and $30.00 taxi fare) and about 24 miles east of the Washington Dulles International Airport- IAD ($60.00 taxi fare). For more information and driving directions please visit www.marriott.com/hotels/fact-sheet/travel/wasdt-washington-marriott-wardman-park.
regi
stra
tion
loca
tion
Theresa PaytonCybersecurity Authority and Identity Theft Expert, Former White House CIO
Code Red: Protecting Your Enterprise and Securing Your Brand Online
Biography | The specter of a massive cyberattack is the most urgent concern confronting the nation’s information technology infrastructure today, an issue Theresa Payton understands better than anyone. Through the lens of years of experience in high-level private and public IT leadership roles, Payton delivers sought-after solutions that strengthen cyber-security measures and neutralize e-crime offenders.
Payton is one of America’s most respected authorities on Internet security, net crime, fraud mitigation, and technology implementation. As White House Chief Information Officer from
2006 to 2008 -- the first woman ever to hold that position -- she administered the information technology enterprise for the President and 3,000 staff members. Prior to working in federal government, Payton held executive roles in banking technology at Bank of America and Wells Fargo.
As founder of Fortalice, LLC, a security, risk, and fraud consulting company, she now lends her expertise to organizations large and small, helping them improve their information technology systems against emerging, amorphous cyber threats. In 2010, she was named by Security Magazine as one of the top 25 “Most Influential People in Security.” She serves as a cyber expert for the syndicated program America Now and is co-author of Protecting Your Internet Identity: Are You Naked Online?
Payton candidly equips audiences with far-reaching lessons on how to protect the growing millions who use the Internet daily as well as the organizations who are on the front lines of fending off rapidly evolving, infrastructure-crippling cyberattacks.
Who Should Attend?• CISO, CSO, CIO, CTO, or CRO• Head of Threat Intelligence• EVP, SVP, VP, and Director of these areas:
- Security Operations - Fraud - Investigations - Physical Security - Business Continuity- Audit & Compliance- Payment Risk Management- Payment Operations- Payment Line of Business Managers including
Online Banking and Online Treasury Management
Why Should You Attend?• Presentations by over three dozen senior
executive FS-ISAC members• Concrete take-aways including case studies and
best practices• Interactive sessions that allow for strategic and
solution-oriented discussion• Complimentary attendance for Premier and
above members - all meals and events during the conference are included
• Actionable information & sharing designed specifically for financial services institutions
FS-ISACFall Summit
Washington Marriott Wardman ParkOctober 13-16, 2014
Washington DC 2014
FS-IS
AC
2014
Fall
Sum
mit
Was
hing
ton
Mar
riott
War
dman
Par
k | O
ctob
er 1
3-16
, 201
4 | W
ashi
ngto
n DC
ww
w.fs
isac
.com
ww
w.fs
isac
-sum
mit.
com
keyn
ote
For more information, please visit www.fsisac-summit.com/fall-hotel-and-travel
www.fsisac.comwww.fsisac-summit.comFall Summit
FS-ISAC
Platinum Sponsors
register online at www.fsisac-summit.com register online at www.fsisac-summit.com register online at www.fsisac-summit.com
