Hot Topics – Our Most Popular Format is Back!

Hot Topics are scheduled discussions led by security experts in safe, close-door rooms governed by the Chatham House Rule – where participants are free to share the information discussed, but the identities of the speakers remain anonymous. One of the most popular formats last year, Hot Topics allow attendees to participate in eye-opening, “closed-door” conversations with security practitioners and like-minded peers about what they’re doing to create a more secure enterprise.

See below for the first few Hot Topics we've announced.

Zulkifar Ramzan | CTO, RSA

As more companies have started to implement artificial intelligence (AI) and machine learning (ML) in their businesses, cybersecurity professionals have also begun to consider how these technologies will affect their industry. While AI and ML hold great promise for automating routine processes and tasks and accelerating threat detection, they are not a panacea. Together we will discuss what these technologies can and can't do in a cyber security program through real world examples of possibilities and limits.

Talking points will include:
• What AI & ML really offer cybersecurity in the coming years.
• How the attendees are folding the risks associated with these systems into their overall risk posture so that they know they are spending dollars intelligently.
• Sharing real-world examples showcasing the tech's prospects and restrictions - what challenges and opportunities have attendees seen? 

Salvatore Stolfo | Professor, Computer Science and AI, Columbia University

Active defense has long been a staple of government security teams to protect the nation-state, but the use of these methods at the enterprise level is a source of great debate. Many in the security community fear unregulated vigilantism, or harsh punishments for penetration testers and "white hat" hackers simply looking for vulnerabilities. Recent legislation at the federal and state levels have been proposed to allow corporations to "hack back" when under threat of persistent attacks, but it is too vague and lacks a clear definition of what "hack back" is. In this session, Columbia University Computer Science Professor Salvatore Stolfo will examine the differing degrees of active defense methods. There are strategies organizations can use to protect their data without becoming vigilantes, breaking laws, destroying systems or posing a threat to personal or public safety.

One of these active defense strategies for organizations to consider is non-lethal knowledge attacks against the adversary utilizing scalable deception technology. In this scenario, AI-powered decoy documents feed phony, but highly believable data to the adversary. The attacker essentially self-selects the knowledge attack response by the actions of hacking and exfiltrating the decoy documents. This creates a level of uncertainty that the adversary has succeeded in stealing something of value. In a knowledge attack, the intruder's systems and devices are not affected or intentionally harmed. The key challenge is to avoid interference with the target victim's business processes. This strategy changes the asymmetry of the defender/attacker game, in favor of the defender, and is entirely legal with respect current federal and state legislation.

Owen Bredan | Chief Information Security Officer, InfoSphere Ltd

This session will walk through a number of different case examples for cloud security automation, including forensics, incident response, vulnerability management, and network security.