Sep

Boston, MA

Boston Information Security Forum

Overview Agenda Speakers Sponsors Steering Pricing & Location

September 25-26
Boston Convention & Exhibition Center
Boston, MA

The Boston Information Security Forum brings together experienced IT and information security practitioners for confidential information sharing on the industry's most important issues, technologies, and trends. The two-day Forum includes keynote addresses, technical and strategic roundtable discussions led by IANS' Faculty, networking events, and the opportunity to learn about new technologies.

Why Attend

Gain tangible, real world insights on best practices and lessons learned directly from your peers
Stay current with emerging technologies and early-stage deployments
Connect with the industry's leading minds
Network and connect with other influential senior IT managers and business leaders
Earn 16 Continuing Education Credits

Boston Information Security Forum

The Information Security Forum curriculum is driven by our Steering Committee, our network of industry experts, and by our 2013 content agenda.

Click here to download a copy of the agenda.

TRACK 1: INFORMATION PROTECTION

Information Protection is a fast-growing market driven by a new wave of technology, business, and regulatory trends as well as new threats. A top concern with security professionals is the ongoing proliferation of employee-owned devices in the workplace and the realization that, to date, there is no tool that can stop leakage or data from being stolen. While our industry cannot be 100 percent prepared, hope is not lost. Having a good handle on what attackers might want, where your data resides, and who manages protection of it, and what to do when a breach is identified is a good baseline. Layer on top of that industry-leading tools and skilled professionals who understand attackers’ ideologies and you are creating a top notch information protection strategy. During the roundtable discussions, experts will walk attendees through a series of strategic exercises that challenge them to think more like an attacker in order to better prepare for the inevitable – some form of corporate data loss.

How Compliance Drives Budgets... And Sets us up to Fail
Security Control Commoditization: Really Getting More for Your money?
Mobile Security Deficiencies: Driving Data Loss and Impacting Bottom Lines
MDM, MAM, M?M: Mobile Security Alphabet Soup - What Really Works?

TRACK 2: INCIDENT RESPONSE & PLANNING

If asked, most enterprise information security teams would claim that their incident response (IR) strategy is firmly in place. However, when digging deeper into the specificity of the programs that comprise an overall IR plan, even the most mature teams grapple with various elements. Business alignment is key to navigating audit and logging, metrics, and malware response. So too is having the right resources – people, process, and technology – mapped out in advance of any need, be it a board meeting, an external audit, or a full blown security incident. The roundtable sessions of the Incident Response & Planning track will provide attendees actionable insights they can take away to improve their audit and logging function, metrics, and malware response programs.

Incident Postmortem and Forensics
Developing Your Security Team: Power-ups for Your Staff
Tactical Techniques: Problem Solving on the Fly
Security Metrics: The Quest for Meaning

TRACK 3: THREAT MANAGEMENT

The Threat Management track is a mixed bag of topics ranging from how to prepare your team, to learning best practices for responding to an incident, and everything in between. One key theme that runs through the whole track is: Be prepared! Use past experiences to guide future learning, think proactively rather than reactively, and understand exactly what is at stake every time you make an information security decision for the entire organization. At the end of the Forum, you will come away with ideas that are new and out-of-the-box rather than thinking about security in the same way they have for years.

New Penetration Testing Tools and Techniques
Security Awareness: Educating and Arming End Users
Social Engineering StrategiesApplication
Adaptation and Defense: Are Self-Defending Applications Possible?

TRACK 4: RISK AND COMPLIANCE

This track will bring attendees up-to-date on some of the more pressing legal matters that affect information security teams. It’s enough that the infosec community has security processes, technology, and teams to manage, but add to it the growing list of laws and regulatory demands and security professionals are inundated and overwhelmed by the amount of boxes that must be ticked off on a daily basis. Though laws and government involvement are often negatively perceived among the security community, this track will explain how security professionals can turn the negative into a positive in order to better protect themselves from a policy, contractual, and technological standpoint.

Noncompliance & Case law: What Happens When Things Go Wrong?
The Cloud 2013: Same as it Ever Was?
What Would You Do? A Tabletop Exercise
Conflicts of Interest: Data Protection and Privacy in a Global Economy

TRACK 5: NEXT-GEN OPERATIONS

With the growing number and severity of incidents, information security professionals are looking for ways to better protect their company’s data and employees. In some cases this means leveraging nascent tools and technologies, like cloud and virtualization. Other times it means relying on tried and true tools, like open source, but in a different fashion than in previous years. Whichever methods are chosen, security teams must use them wisely to combat the increasing threats, widening infrastructures, disappearing borders, and loss of control over endpoints. The sessions of the Next-Gen Operations track will help participants think through the ways they can use this next generation of available resources to operate at a higher efficiency level and mitigate risks to their organizations.

Cloud Security: What You Need to Know to Not Get Burned
Ronin or Samurai: Insourcing vs. Outsourcing Web Application Testing
Virtualization: Why "Going Virtual" is Riskier Than You Think
Open Sourcing Your Way to Better Security

Keynote Speakers

Peter Kuper

IANS

Faculty

Peter Kuper is a Partner with In-Q-Tel, the strategic investing firm that identifies, adapts, and delivers innovative technologies to support the missions of the US Intelligence Community. Peter actively seeks and works with private companies with a particular focus on security and enterprise software. Previously, Peter was the lead software analyst for Morgan Stanley where he published industry leading investment reports and led over 18 public transactions. In total, Peter was a Wall Street analyst for 15 years offering him the opportunity to work with some of the most talented executives of both public and private companies and the world’s leading investment professionals. As a visible voice for the software industry, Kuper has given numerous presentations to professional and government groups and has been interviewed on CNBC, Bloomberg Television, and quoted in The Wall Street Journal, BusinessWeek, and The Financial Times. He has also published articles in IEEE Magazine. Peter currently serves as an advisor to the Pacific Northwest National Lab and is a Faculty Member for IANS.

Alex Hutton

IANS

Faculty

Alex Hutton is a big fan of trying to understand security and risk through metrics and models. Currently, Alex is the director of risk management for a top 25 bank. A former principal for Research & Intelligence with the Verizon Business RISK Team, Alex also helped produce the Verizon Data Breach Investigation, the Verizon's PCI Compliance report, was responsible for the VERIS data collection and analysis efforts, and developed information risk models for their Cybertrust services. Alex is the veteran of several security start-ups.

Alex likes risk and security so much, he spends his spare time working on projects and writing about the subject. Some of that work includes contributions to the Cloud Security Alliance documents, the ISM3 security management standard, and work with the Open Group Security Forum. Alex is a founding member of the Society of Information Risk Analysts, and blogs for their website and records a podcast for the membership. He also blogs at the New School of Information Security Blog. Some of his earlier thoughts on risk can be found at the Riskanalys.is blog.

Speakers

Adam Ely

Industry Experience:

Adam Ely was most recently the CISO of the Heroku business unit at Salesforce. Prior to Salesforce, Adam led security operations, application security, and compliance for TiVo where he was responsible for all risk management and technical security functions. Before TiVo, Adam led security functions within The Walt Disney Company and was responsible for security operations and application security of Walt Disney web properties including ABC.com, ESPN.com, and Disney.com.

David Etue

Industry Experience:

David Etue brings experience including security program leadership, management consulting, product management, and technical implementation. David is the vice president of corporate development strategy at SafeNet, where he is responsible for SafeNet's strategic decisions regarding product and solution partnerships, as well as mergers and acquisitions. He was previously the cyber security practice lead at management consultancy PRTM, VP of Products & Markets at Fidelis Security Systems, led General Electric's global computer security program, and held various positions in technology strategy, operations and product management. He is a Certified Information Privacy Professional, a graduate of GE’s Information Management Leadership Program, and a certified Six Sigma Green Belt.

Diana Kelley

Industry Experience:

Diana Kelley is an internationally recognized security expert with 20 years of IT security experience. She founded SecurityCurve in April of 2003 to provide risk-focused advisory services to enterprises and deliver strategic, competitive knowledge to security software vendors.

Prior to returning to SecurityCurve in January 2008, she was VP and service director for the Security and Risk Management Strategies (SRMS) service at Burton Group. Diana was the executive security advisor for CA’s eTrust Business Unit where she was responsible for advising customers on strategic security solutions and helped guide CA’s security business. Prior to that, she served as the VP of security technology for Safe3W, Inc (acquired by iPass) and was the GM of a development group at Symantec Corp and the media spokesperson for the company on the 2000 “Proactive Security Tour”. She was the VP of corporate development for LockStar and helped the company succeed in being named to the Red Herring “Top 50 Companies in the Digital Universe.”

At The Hurwitz Group, Diana was the senior security analyst and served as a manager in KPMG’s Financial Services Consulting practice, where her clients included Bank of America, GE, and Merrill Lynch. At Dataware Technologies, she was the manager, corporate systems.
Diana speaks frequently at major conferences: RSA, BlackHat, InfoSec World,NetWorld/InterOp, The Internet Security Conference, and ComDex.

She has authored numerous articles, columns, white papers, and research documents, and co-authored Cryptographic Libraries for Developers.

Dave Lewis

Industry Experience:

Dave Lewis has over 15 years industry experience. He has extensive experience in IT operations and management. Currently, Dave works in the information security practice for Advanced Micro Devices. Dave is the founder of the popular security site Liquidmatrix Security Digest.

Prior to his current role, Dave worked in the finance, healthcare, entertainment, and critical infrastructure verticals. He has worked for a defense contractor as a security consultant to clients such as the FBI, US Navy, Social Security Administration, US Postal Service, and the US Department of Defense.

Ed Moyle

Industry Experience:

Ed Moyle is a 15+ year veteran of information security as well as an industry-recognized thought leader, advisor, writer, and manager. Ed is currently a founding partner of SecurityCurve and a senior security strategist with Savvis, providing strategy, consulting, and solutions to clients worldwide.

Prior to this, Ed was a senior manager within CTG’s global information security solutions practice, where he provided C-level guidance across a wide segment of industry, including healthcare, telecommunications, energy, and financial services.

Ed was VP and information security officer for Merrill Lynch Investment Managers (MLIM) where he was responsible for coordinating all aspects of information security within the business unit. MLIM (now BlackRock Asset Management) consisted of approximately 2,500 employees with over US$500 billion in assets under management. During his tenure at Merrill, Ed developed firm-wide cryptographic solutions for secure data transfer, secure key management, authentication, and data integrity.

Before joining Merrill, Ed worked within the federal sector for Computer Science Corporation (CSC) where he consulted to the Department of Defense JCALS (Joint Service Computer Aided Acquisition and Logistics System) program. Ed was responsible for security engineering activities, including platform security, security evaluation activities, and vendor evaluation/deployment activities (e.g. Symantec ESM, vFind, SSH, etc.).

Ed was lead developer and manager of R&D at ICT (International Creative Technologies,) where he oversaw all development activities of CyberSignOn™, a biometric single-signon and secure data storage platform. Ed was responsible for all aspects of product design, product development, organization/staffing of all technical teams, and development of product technical strategy. At Trintech Systems, Ed managed all security activities involving the PayWare™ mAccess product. Ed was responsible for analysis of industry security trends, planning/strategy for application security initiatives, information security governance activities (specifically, refinement of the application security review process), and gathering of critical marketing/business intelligence. Ed is co-author of Cryptographic Libraries for Developers, and a frequent contributor to the information security industry as author, public speaker, and analyst.

Marcus Ranum

Industry Experience:

Marcus J. Ranum is a world-renowned expert on security system design and implementation. He is recognized as an early innovator in firewall technology and the implementor of the first commercial firewall product. Since the late 1980's, he has designed a number of groundbreaking security products including the DEC SEAL, the TIS firewall toolkit, the Gauntlet firewall, and NFR's Network Flight Recorder intrusion detection system. He has been involved in every level of operations of a security product business, from developer, to founder and CEO of NFR. Marcus has served as a consultant to many Fortune 500 firms and national governments, as well as serving as a guest lecturer and instructor at numerous high-tech conferences. In 2001, he was awarded the TISC "Clue" award for service to the security community and the ISSA Lifetime Achievement Award. Marcus is chief of security for Tenable Security, Inc., where he is responsible for research in open source logging tools and product training. He serves as a technology advisor to a number of start-ups, established concerns, and venture capital groups.

Randy Sabett

Industry Experience:

Randy V. Sabett, J.D., CISSP, is counsel at ZwillGen. He advises clients on information security, privacy, IT licensing, and intellectual property. Randy has over 20 years of infosec experience, including as an NSA crypto engineer and a CISSP. He works closely with companies in helping them develop strategies to protect and exploit their information and IP based on various evolving business models, including SaaS, mobile applications, cloud, and more traditional client/server architectures. Specific areas on which he focuses include federated identity, digital and electronic signatures, state and federal information security and privacy laws, venture capital, legislative matters, government contracting, identity theft, and data breaches. He also drafts and negotiates a variety of technology transaction agreements.

Randy served as a commissioner for the Commission on Cyber Security for the 44th Presidency and has been recognized as a leader in privacy and data security in the 2007 – 2011 editions of Chambers USA: America's Leading Lawyers for Business. He has been recognized as one of the Top 50 Under 45 by the American Lawyer’s “IP Law and Business” and is listed in the International Who’s Who of Business Lawyers. He also maintains an active security clearance. Randy teaches Information Policy as an adjunct professor at George Washington University and is on the faculty of IANS. Randy also participates on the advisory boards of various information security start-up companies. He holds two U.S. patents, one in the area of information security (U.S. Patent No. 6,981,149) and the other in the area of active noise cancellation (U.S. Patent No. 5,440,642). He is also a frequent lecturer and author on issues involving information security, and has appeared on or been quoted in a variety of national media sources.

Dave Shackleford

Industry Experience:

Dave Shackleford is Lead Faculty at IANS. He is the founder and principal consultant with Voodoo Security, and has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. Dave is also a SANS analyst, instructor, and course author, as well as a board member with the SANS Technology Institute. He is a VMware vExpert, and has extensive experience designing and configuring secure virtualized infrastructures. He's the author of the Sybex book "Virtualization Security: Protecting Virtualized Environments", leads the Atlanta chapter of the Cloud Security Alliance, and co-chairs the CSA Top Threats to Cloud Working Group. Dave has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and has also worked as a security architect, analyst, and manager for several Fortune 500 companies.

Aaron Turner

Industry Experience:

Aaron Turner is a recognized expert in mobile security and information protection. He is currently the president of IntegriCell, a mobile risk management consultancy. Prior to IntegriCell, Aaron was the co-founder and CEO of RFinity, a mobile security technology startup formed as the result of research conducted at the U.S. Department of Energy’s Idaho National Laboratory (INL). While at INL, he collaborated with a team of information security experts to design the world’s first large-scale testing effort to evaluate how critical infrastructure has become dependent on computing systems and the resulting vulnerabilities that those dependencies cause.

Aaron’s focus on critical infrastructure and technology began while working for over seven years at Microsoft in many of the company’s security divisions. Significant projects that Aaron worked on while at Microsoft included creating and deploying the company’s first global information security readiness curriculum, facilitating interactions between Microsoft technologists and US Law Enforcement, participating in the resolution of global-scale security incidents such as Code Red, Slammer and Blaster, and working with security experts in more than 25 countries around the world to develop information security programs.

Platinum

Palo Alto Networks

Palo Alto Networks is the network security company. Its next-generation firewalls enable unprecedented visibility and granular policy control of applications and content at up to 20Gbps with no performance degradation regardless of port,protocol, evasive tactic or SSL encryption.

Session: Coming Soon!

There is a new generation of Internet applications that traditional firewalls cannot see. They play host to various malware and find creative ways to penetrate your firewall by disguising themselves, hiding in SSL tunnels, and targeting multiple ports to find entry points. Gone are the days of lone, brute force attackers out to steal credit cards. The new breed of predators on your infrastructures and applications are highly organized, evasive, and patient. Join Palo Alto Networks in this session where you'll learn practical strategies to safeguard your network.

Product Categories: Application Security,Firewall,IDS/IPS,Threat Management

See our video: http://youtu.be/6P-DeIckipE

Sophos

We help organizations keep data safe and block the growing number of complex threats. We protect everywhere and offer complete security with our full range of endpoint, encryption, email, web, network security and UTM products. We make our products easy to install and use so you spend less time managing security.

Session: The Role of Anti-Virus in Today’s Enterprise

Blocking the latest threats is more difficult than ever. This session will be an open discussion on the role anti-virus plays in your enterprise today, where it is most effective and how you supplement it to better fortify your defenses.

Product Categories: Data Leak Prevention,Data Protection,Messaging/Email Security,Mobile

See our video: http://youtu.be/x0LL63rXc6E

Gold

Bromium

Bromium is re-inventing endpoint security to protect users across the enterprise from advanced threats. Rather than relying on signatures to prevent cyber attacks, Bromium leverages hardware-enforced isolation to protect endpoints from known and unknown threats. Bromium also provides unprecedented threat behavior intelligence that enables security teams to bolster security defenses. Bromium also provides unprecedented visibility and analysis of attack behavior, enabling security teams to bolster security defenses. For more information on Bromium, visit www.bromium.com.

Session: Re-inventing Endpoint Security

Bromium has pioneered new endpoint security technologies that protect enterprises from advanced threats. Rather than relying on detection to prevent attacks, Bromium leverages hardware-enforced isolation to protect endpoints from even “undetectable” threats, while providing actionable intelligence on malware behavior - enabling IT to understand attack intents and bolster existing defenses.

Product Categories: Data Protection,Incident Response/Forensics,Threat Management

See our video: http://youtu.be/8iOY9laRKBk

General Dynamics Fidelis Cybersecurity Solutions

General Dynamics Fidelis Cybersecurity Solutions provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today's sophisticated advanced threats and prevent data breaches. Our customers can face advanced threats with confidence through use of our Network Defense and Forensics Services and our award-winning Fidelis XPS™ Advanced Threat Defense Products.

Session: A Broad Spectrum Approach to Network Threat Defense

Join us to learn more about a broad-spectrum approach to advanced threat defense to attain visibility over the entire threat life cycle. We’ll talk about malware, C2 and exfil detection, and the challenge we all face to spot and stop the bad stuff before it causes irreversible damage.

Product Categories: Data Leak Prevention,Data Protection,Incident Response/Forensics,Threat Management

See our video:

Silver

Cenzic

Cenzic provides the leading application security intelligence platform to continuously assess Cloud, Mobile and Web applications to reduce online security risk. Today, Cenzic secures more than half a million online applications and trillions of dollars of commerce for Fortune 1000 companies, all major security companies, government agencies, universities and SMBs. Learn more at www.cenzic.com.

Session: Coming Soon!

Organizations are facing new challenges protecting their sensitive information, data, and financial records. The threat vectors are changing rapidly and thus waiting for the next breach before taking action is simply unaffordable. Join John Weinschenk, Cenzic's CEO and President, to learn why you need to rethink your security strategy to extend to applications in development, production and across your supply chain.

Product Categories: Application Security

See our video: http://youtu.be/BBIJk3w8irc

Corero

Corero Network Security, an organization's First Line of Defense, is an international network security company and the leading provider of Distributed Denial of Service (DDoS) defense and next generation security solutions. As the First Line of Defense, Corero's products and services stop DDoS and server targeted attacks, protect IT infrastructure and eliminate downtime.

Session: DDoS in the Enterprise: Defending against an evolving threat landscape

If you are attending this forum, you rely on the Internet to conduct business. This makes you a DDoS target. DDoS attacks, volumetric and application layer, can take your business down and compromise confidential information. Learn why traditional technologies, including firewalls, won’t protect against DDoS and how to stop them.

Product Categories: Data Protection,Firewall,IDS/IPS,Threat Management

See our video: http://youtu.be/H5xtjbqy7JM

CounterTack

CounterTack, the industry’s first and only in-progress attack intelligence and response solution provider, was born out of the critical need to develop new security approaches for enterprise and government organizations. The Detection Gap persists despite massive investments and continuing advancements in security technologies, with cyber attacker innovations outpacing cyber defenses. CounterTack is leading the way on new approaches for deeper security intelligence monitoring and faster attack response.

Session: Detect, Disrupt, and Respond

The Detection Gap continues to be a top priority cyber security problem. According to VirusTotal.com, 50% or more of the known malware is undetectable on any given day. This session features a live demo of Event Horizon®, the first commercially available solution, using CounterTack’s patented Deep System Inspection technology. Event Horizon® enables enterprises and government organizations to detect, disrupt, and respond to the wide array of previously undetectable attacks.

Product Categories: IDS/IPS,Incident Response/Forensics,SIM/SIEM,Threat Management

See our video: http://youtu.be/VpZM2v6aUig

Cyber-Ark

Cyber-Ark® Software is a global information security company that specializes in protecting and managing privileged users, applications and sensitive information to improve compliance, productivity and protect organizations against insider threats and advanced external threats. With its award-winning Privileged Identity Management, Sensitive Information Management and Privileged Session Management Suites, organizations can more effectively manage and govern data center access and activities, whether on-premise, off-premise or in the cloud, while demonstrating returns on security investments.

Session: ID Weaknesses in Your Privileged Accounts

Did you know that more than 90% of advanced attacks involve the compromise of privileged accounts? Are yours protected? In this session, learn how a comprehensive privileged account security strategy enables organizations to defend against external attacks and insider exploits, detect malicious behavior as it is happening, and mount an immediate, effective response.

Product Categories: Data Leak Prevention,Data Protection,Insider Threats

See our video: http://youtu.be/kyvGmofozko

Cybertap

Cybertap LLC is an innovative team of professional engineers, program managers, and security experts with a vision to integrate the best-of-breed cyber forensics, analysis & security technologies. Our first product, recon cyber analysis software, is a transformational visual forensics application that improves time to resolution, increases productivity and presents big data information in an easy to learn, use and understand visual context.

Session: Analyzing Your Network Traffic

Cybertap Recon is an innovative solution for analyzing real-time or stored network traffic. Combining advanced and comprehensive search techniques with big data analytics, we identify, correlate, and visualize information and relationships. This session will demonstrate just how easy it can be to quickly obtain usable and actionable information for any kind of threat or security remediation.

Product Categories: Data Leak Prevention,Incident Response/Forensics,Insider Threats,SIM/SIEM

See our video: http://youtu.be/Hl7rotyvmOQ

ForeScout

ForeScout delivers automated solutions for Network Access Control, mobile security, threat prevention and endpoint compliance. We offer a range of BYOD solutions including an integrated approach combining both network and endpoint security. Over 1,400 global enterprises and military installations rely on ForeScout to protect their networks and sensitive data.

Session: Dynamic Monitoring & Remediation

Compliance frameworks require endpoint integrity, host defenses and access controls. You’ve invested in systems and security management to reduce exposures, but diverse devices, threats, access and state changes challenge IT capacity. This session examines a reference architecture for dynamic monitoring and remediation, and shares how NAC facilitates IT responsiveness and continuous compliance.

Product Categories: IDS/IPS,Insider Threats,Mobile,Threat Management

See our video: http://youtu.be/VpZM2v6aUig

Fortinet

Fortinet, a global provider of IT security, delivers customer-proven solutions that protect and control the IT infrastructure, thus reducing threats, optimizing performance, improving business processes, and reducing costs.

Session: Combating APT with Unified Threat Management

Today’s advanced persistent threats (APTs) are challenging both IT personnel and network security vendors. While the signature approach to malware abatement is not going away overnight, additional, dynamic safeguards need to be implemented now in order to effectively combat these threats at all layers in rapid fashion.

Product Categories: Application Security,Firewall,IDS/IPS,Insider Threats

See our video: http://youtu.be/qMvV2L6pXMw

IBM

IBM Security offers one of the world’s broadest, most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force® research and development, provides the security intelligence to help holistically protect people, infrastructure, data and applications for protection against advanced threats in today’s hyper-connected world.

Session: Understanding the IBM X-Force 2012 Annual Trend and Risk Report

In this session, IBM research experts will dive into findings from the latest X-Force report--including improvements seen in vulnerability disclosures, new attack opportunities presented by social media and a significant increase in network security breaches driven by SQL injection and cross-site scripting vulnerabilities. Now that you understand the current threat landscape, where should you start to build security into your enterprise and how can you make it work together? IBM will also provide an integrated, live, demonstration show casing options to protect against threats and strategies for end-to end Security Intelligence.

Product Categories: Application Security,IDS/IPS,SIM/SIEM

See our video:

Invincea

Invincea is the premier innovator in malware threat detection, end-user threat protection, and pre-breach forensic analysis. Invincea provides enterprise network coverage against the largest attack surface for cyber-breach – spear-phishing, watering hole attacks, poisoned search results, and user-initiated infections.

Session: Stop Malware in Its Tracks

How Invincea's unique, secure virtual containers create a malware airlock on every end point. Invincea's unique approach to behavioral based malware detection that kills zero-days in their tracks. How Invincea's protection for the web browser, PDF reader, complete Office suite, .zip and .exes can stop all types of attacks against your users. How real-time capture of forensic information related to the breaches Invincea stops can better inform your security teams.

Product Categories: Data Protection,Incident Response/Forensics,Threat Management

See our video:

PhishMe

PhishMe.com provides organizations the ability to train their employees and customers about the risks of spear phishing. With over 3.5 million individuals trained, PhishMe has proven that its trainings can reduce the threat of employees and customers falling victim to phishing attacks by up to 80 percent.

Session: Thwarting Advanced Threat Actors - A Holistic Approach

Recently, there has been an uptick in the news filled with successful spear phishing attacks. People, we believe, are a critical part of an organization's security posture. PhishMe will discuss a holistic strategy for thwarting the advanced threat actors and how to conduct security awareness programs that focus on employee behavior modification.

Product Categories:

See our video:

Qualys

Qualys is a pioneer and leading provider of cloud security and compliance solutions with over 6,000 customers in more than 100 countries. The QualysGuard Cloud Platform and integrated suite of solutions helps organizations simplify security operations and lower the cost of compliance, delivering critical security intelligence on demand.

Session: Presenting a Hard Target to Attackers to Secure Your Enterprise

Recent security breaches of leading organizations indicate that conventional security products are inadequate. But there is a way out: With an accurate inventory of IT systems and web applications, secure base configuration, diligent patching and segmented network design, organizations boost their immunity to opportunistic attacks, raising the bar against targeted attacks.

Product Categories: Application Security

See our video:

Sourcefire

Sourcefire®, Inc. is world leader in intelligent cybersecurity solutions. Trusted by organizations and government agencies in more than 180 countries, Sourcefire’s solutions, including industry-leading next-generation network security appliances and advanced malware protection, provide customers with Agile Security® for continuous protection in a world of continuous change.

Session: Network Protection for Sophisticated Threats

The network security paradigm for 2013 will center around two emerging trends: controlling applications and identifying and stopping malware. This session demonstrates how Sourcefire technologies leverage both device-based and network-based sources to give administrators visibility and control over malware and applications before, during, and after an attack.

Product Categories: Application Security,IDS/IPS,Incident Response/Forensics,Threat Management

See our video: http://youtu.be/l5lHkEr9uB8

Trusteer

Trusteer is the leading provider of endpoint cybercrime prevention solutions that protect against financial fraud and data breaches. Hundreds of organizations and online banking providers, and millions of end users rely on Trusteer to protect their computers and mobile devices from online threats that are invisible to legacy security solutions.

Session: Coming Soon!

Trusteer is the leading provider of endpoint cybercrime prevention solutions that protect organizations against financial fraud and data breaches. Advanced information-stealing malware enables APT’s and targeted attacks on enterprises. In this session, Trusteer will demonstrate a new approach to stopping zero-day application exploits and data exfiltration.

Product Categories: Application Security,Data Leak Prevention,Data Protection,Threat Management

See our video:

Varonis

Varonis is the leading provider of comprehensive data governance software with installations worldwide that span firms in financial services, government, healthcare, energy, media, education, manufacturing and technology. Varonis gives organizations visibility and control over their data, ensuring only the right users have access to the right data at all times.

Session: Eliminating Data Security Threats

Though many have successfully implemented robust authentication solutions, Information Security organizations have traditionally struggled with manual authorization processes, auditing actual access activity, and implementing associated detective controls. Varonis Systems, a global leader in data governance presents a universal methodology to eliminate data security threats through authentication, authorization, auditing, and alerting.

Product Categories: Data Protection,Insider Threats,Messaging/Email Security,SIM/SIEM

See our video: http://youtu.be/_MJNJb49rTY

WhiteHat Security

Session: Coming Soon!

Product Categories: Application Security,Data Leak Prevention,Data Protection,Threat Management

See our video:

The Steering Committee

The Steering Committee is a consortium of the region’s top senior information security executives from Fortune 1000 companies, large government agencies, and academic institutions. These executives guide and shape the curriculum and agenda, ensuring the event is relevant and exciting for participants.

Check back soon for a listing of our Steering Committee Members.

Steering Committee

Don Anderson

VP of IT and Information Security
Federal Reserve Bank of Boston

Jennings Aske

CISO
Partners Healthcare

Scott Baron

Director, Digital Risk & Security Governance
National Grid

Kevin Burns

CISO
Commonwealth of Massachusetts

Tim Byrd

Senior VP, Enterprise Security
Bank of America

Patti Enfanto

Director, Information Security
American Tower Corporation

Tony Faria

AVP, CISO
FM Global

John McKenna

Vice President, IT Strategy & Planning
Liberty Mutual

John Quinn

Executive VP, Information Risk
RBS Citizens

Kim Ritze

Global Director IT Security
PAREXEL International

David Saul

SVP, Chief Scientist and CISO
State Street Corporation

Bill Telford

Director, Security & Information Protection
Sanofi S.A.

Search

Boston Information Security Forum

Keynote Speakers

Speakers

The Steering Committee

Steering Committee

Location Information

Next Event

Upcoming Events

Latest Research

Free Research