Summary
I give this years summit two thumbs up. I attended many excellent sessions and got to interact with my peers.
Key Note
The Soft Underbelly of Corporate America? Law Firms and the Cybersecurity Threat Matrix.
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=2919c3fb-25dc-4091-bc7c-ae8c0bffbf8e
While I didn’t agree with everything Chris Pierson had to say regarding Law Firms and the Cyber Security Threat Matrix, I believe he delivered an excellent Keynote and made many valid points in regard to how federal laws drive forward controls that may or may not help protect data, and the role of active defense and intelligence.
This Ain't Your Grandpa's Firewall
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=a57db1cf-013d-45e5-9abc-e66ef561632b
Chris Kopchik and Jaswinder Hayre presented some good info on developments in the technological offerings of firewalls. The session seemed to be fairly “Palo Alto Networks” centric to me but I was okay with this. Probably because I’m a fan of Palo Alto’s firewall platforms and features. I’m quite fond of Palo Alto’s ability to integrate with a wide range of directory services allowing their systems to display detailed user information (along with IP address), complementing the application and threat information received. I like the fact that you can add filters to learn more about application usage for individual users, along with the threats detected within your application traffic.
A Day in the Life of a Threat Actor
This was by far my favorite session. Unfortunately there is no recording posted for this. Colonel (U.S. Army Retired) Barry Hensley from Dell SecureWorks discussed the latest tactics and techniques adversaries use from operational preparation of the environment down to actions on the objective. We got to see real examples and demonstrations of how a threat actor eludes security controls. Now I’m really paranoid about Social Networking Sites.
What To Do When (Not If) Data Breaches Occur
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=179bfa05-e1b4-4651-bec9-09c83cf80442
Mike Santos, Matt Curtin, and Andrey Zelenskiy delivered a very informative and entertaining session on data breach and incident response. We leaned “The road to hell is paved with failed SIEM implementations” and “Good god your logo is a target. What did you think was going to happen?” All jokes aside, we learned how preparation, identification, containment, eradication, recovery, and follow-up are vital to incident response.
ISO 27001 for Law Firms
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=16a7557c-b66e-48d0-af03-95bd8762c495
This was another excellent session. Jeff Franchetti, Andy Antoniou, and Peter Kaomea gave a humorous intro to ISO27001 and demystified the process for attendees and provided information on how the standard can benefit organizations and help respond to client outside counsel guidelines and security audits.
Vet, Select and Secure the Right Cloud Service Provider
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=9d7b4370-5451-42f3-8f0b-56d913b94ab4
This session had a well moderated panel with some great Q/A. I was more interested in options for securing cloud data. I’m still not sure if the pros outweigh the cons for outsourcing to cloud providers.
Don't Believe the Hype! What Data Leak Prevention Solutions Can and CAN'T Do
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=d4a21c57-34b1-4721-a988-4ae29ec12540
Kathryn Hume and Galina Datskovsky lead an engaging discussion on Data Leak Prevention. It was good to learn about standard security measures, advanced/intelligent security measures, access control and encryption, and designated DLP systems.
Network Access Control: Who Are the People in Your Neighborhood?
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=524d7f80-1eef-437d-a2d9-81631885dbaa
This was an informative session based on two prevailing design philosophies in NAC. It looks like a lot of firms have pre-admission NAC for Wi-Fi.
Sessions I wasn’t able to attend
Practical Approaches to Business-Aligned Security
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=216281b3-f602-497e-9157-03686b8d84e6
A 360-Degree Look at eGRC
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=aa6bc7ef-0a58-4662-915a-38d905a8b51a
Friend or Foe and Trust or No? Application Whitelisting and Active Analysis
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=7cd8343c-7267-477c-a761-2ba9ccbdddf5
The Privacy and Security Know-It-All
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=0c4871aa-28d8-4416-8b23-faf842afe549
Vulnerability Management: If You Only Fund One Security Project This Year...
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=0c746807-efa0-4404-aced-6daa7a9c3a3f
What Are Legal Departments Looking for During Security Audits?
http://connect.iltanet.org/communities/resources/viewdocument/?DocumentKey=e6e96e36-b6df-45b2-9b29-2fd15eca8df5
#LegalSEC