SecureWorld Detroit 2022

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Ransomware is a specific and extremely harmful type of malware used by cybercriminals to extort money from individuals, organizations, and businesses. The infections block access to your data until you make a ransom payment, at which point you’re supposed to regain access. In reality, nearly 40% of the victims who pay the ransom never get their data back and 73% of those who pay the ransom are targeted again later – which is why everyone must protect against ransomware. In the past year, targeted ransomware attacks against government agencies, educational establishments, and healthcare providers have raised the stakes for those charged with protecting organizations. Ransomware attacks not only damage business, but also put health, safety, and lives at risk.

Active Directory has become a popular pathway for ransomware attacks. The main reason cybercriminals target Active Directory is because it serves as a gateway to the rest of the network as a service for managing, networking, grouping, authenticating, and securing users across corporate domain networks. Users and computers rely on Active Directory to access various network resources. As such, cybercriminals understand that ransomware attacks on Active Directory can wreak havoc on any organization, making it an excellent extortion mechanism.

In the fight against ransomware, organizations need to strategically prepare to protect against and respond to attacks. However, many IT organizations struggle to prioritize the appropriate initiatives to combat and mitigate the impact of ransomware. With more tools, technologies and processes than ever, a comprehensive ransomware security program is a must to help detect, prevent, respond and limit the overall exposure to ransomware and other destructive attacks. This comprehensive training course will help organizations to design, build, and manage a comprehensive Ransomware Security Program.

Part 1: Ransomware Overview (90 Minutes)

1.1 – Background & Introduction

• What is ransomware?
• How do ransomware attacks work?
• How ransomware attacks have evolved (2016) – WannaCry and Petya / NotPetya
• How ransomware attacks have evolved (2021) – REvil and Ryuk
• Top six Ransomware Attacks of 2021 / 2022

1.2 – Today’s Ransomware Problem

• Human Operated Ransomware Attacks (Double Extortion)
• Supply Chain Attacks
• Ransomware as a Service (RaaS)
• Attacking Unpatched Systems
• Phishing Emails
• Penetration Testing Tools (Cobalt Strike)

1.3 – Ransomware Attacks against Information Technology (IT) Networks and Systems

• Ransomware attack stages (initial access, lateral movement, privilege escalation, extortion, encryption)
• The Ireland Health Service Elective (HSE) ransomware attack
• How Conti Ransomware works
• Lessons learned from the HSE Ransomware Attack

1.4 – Ransomware Attacks against Operational Technology (OT) Networks and Systems

• Ransomware attack stages (initial access, lateral movement, privilege escalation, extortion, encryption)
• The Colonial Pipeline ransomware attack
• How DarkSide Ransomware works
• Lessons learned from the Colonial Pipeline Ransomware Attack

Part 2: Understanding Ransomware Attacks (90 Minutes)

2.1 – The MITRE ATT&CK Framework

• What are the current Attack Models and how do they work?
• What is the MITRE ATT&CK Framework?
• What are MITRE Tactics?
• What are MMITRE Techniques?
• What are MITRE Procedures?
• What is the MITRE D3FEND Matrix?

2.2 – Mapping Ransomware Tactics, Techniques, Procedures (TTPs) to MITRE ATT&CK

• Mapping REvil Ransomware to the MITRE ATT&CK Framework
• Mapping Conti Ransomware to the MITRE ATT&CK Framework
• Mapping Maze Ransomware to the MITRE ATT&CK Framework
• Mapping Ryuk Ransomware to the MITRE ATT&CK Framework
• Mapping DarkSide Ransomware to the MITRE ATT&CK Framework

2.3 – Pen Testing Tools and the MITRE ATT&CK Framework

• The Pen Testing Execution Standard (PTES)
• NIST SP 800-115 Technical Guide to Information Security Testing and Assessment
• The Cobalt Strike Penetration Testing Platform
• Mapping Cobalt Strike to the MITRE ATT&CK Framework

2.4 – Understanding Cyber Threat Intelligence (CTI)

• What is Cyber Threat Intelligence (CTI)?
• How does Cyber Threat Intelligence Work?
• Who are the main providers of Cyber Threat Intelligence?
• What are the main themes of Cyber Threat Intelligence in 2021?

Part 3: Building a Ransomware Security Program (90 Minutes)

3.1 – Ransomware Security Controls / Guides

• CISA_MS-ISAC Ransomware Guide
• Higher Education Ransomware Playbook
• CSBS Ransomware Self-Assessment Tool
• NIST IR 8374 – NIST Cybersecurity Framework (CSF) Guidance on Ransomware
• US Government Interagency Technical Guidance – How to Protect your Networks from Ransomware
• Canadian Centre for Cyber Security Ransomware Playbook

3.2 – NIST SP 1800 Practice Guides on Ransomware

• NIST SP1800-25 – Identifying and Protecting Assets Against Ransomware and Other Destructive Events
• NIST SP 1800-26 – Detecting and Responding to Ransomware and Other Destructive Events.
• NIST SP 1800-11 – Recovering from Ransomware and Other Destructive Events

3.3 – Free Cybersecurity Tools and Services > https://www.cisa.gov/free-cybersecurity-services-and-tools

• Tools that focus on reducing the likelihood of a damaging cyber incident
• Tools that focus on detecting malicious activity quickly
• Tools that focus on responding effectively to confirmed incidents
• Tools that focus on maximizing resilience to a destructive cyber event

3.4 – Building a Ransomware Security Program

• Cybersecurity Program Assessment: based on CIS Security Controls Scorecard
• Ransomware Program Assessment: based on CISA MS-ISAC Ransomware Controls Scorecard
• Develop a Plan of Action and Milestones (POA&M)
• Document an Executive Summary
• Conduct Read Team, Blue Team, Purple Team and Table-Top Exercises

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

This roundtable discussion is for our Advisory Council members only.

Participating professional associations and details to be announced.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

Cloud security is hard, not least because cloud platforms change so quickly.  This talk presents several lessons learned from security teams struggling to get their arms around the sprawl of modern infrastructure, using practical analogies from pandemics and earthquakes.

This presentation offers a fundamental approach to creating a foundation for an application security program that holistically addresses findings by creating a conduit between the information security teams—who often discover the issues—and the development teams, who know the application better than anyone and can re-mediate issues in the best possible fashion.

2020 was the year of ransomware and the pandemic, and many organizations realized their IR wasn’t up to snuff, and others did not listen to external professionals helping and were re-compromised. Have you really tested your Incident Response processes? How about having a detailed post-mortem after an event? Have you looked at your cyber insurance policy to see who you are supposed to be using for assistance? This session will review going through an actual incident and what was good and what was missing in the recovery, alerting (oops, the customers are involved), and finding the root cause, and whether cyber insurance was worth it.

This presentation presents a practical approach to incident command for managers at all levels, irrelevant of cyber expertise. Managers of all types are asked to take charge in critical situations and can benefit from leveraging proven crisis management processes during ransomware response.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

The cloud saved many businesses when the pandemic hit. Some were already there and found new ways to thrive. For others, it was their first jump. It’s been almost two years now. Our panel will share what we’ve learned in this journey to the cloud—from doing more with less, to the ever-present insider threat risk, to supporting our DevOps teams like never before.

Security teams are struggling to keep up with the myriad of attack vectors looming. As we emerge from the pandemic, now is the time to focus and adjust your Incident Response plan. There is a new set of tools and technologies helping squash attacks, but what happens when they fail? What’s in your IR plan that addresses the unknown, and how are your preparing? What has worked and what has not? Join our panel of experts in a valuable discussion focusing on current threats and how your company can be better equipped during these unprecedented times.

Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.

Come to the Registration desk in the lobby to check-in and get your badge. SecureWorld staff will be available throughout the day if you have any questions.

Your opportunity to visit our solution vendor partners, whose sponsorship makes SecureWorld possible! Booths have staff ready to answer your questions. Look for participating Dash For Prizes sponsors to be entered to win prizes.

Discussion topic and agenda TBD.

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

Key Takeaway:
You’ll leave with an executable roadmap to improving the security of your applications.

This session will be high-level and cover the various elements of a comprehensive application security program and how the pieces fit together. We’ll also review the various secure development models to equip you with a choice of standards you can adopt. Finally, we’ll cover sequencing and speed so you can follow a path to achieving your own AppSec nirvana.

Presentation level: GENERAL (InfoSec best practices, trends, solutions, etc.)

This session uses the story of traversing a gorge wall leading to the base of a Central American waterfall to convey the principles of risk management.  The story illustrates a practical way to structure risk management to prepare practitioners and managers to identify and create opportunities.

Attendees will learn three risk management principles that enable organizations to recognize business and enterprise opportunities.

Protecting the edge of your network isn’t enough in a world where anyone can access data from anywhere. The principles of Zero Trust turn the traditional perimeter-centric model on its head and focus on securing what matters most: the data.

See how a data-centric approach to security can help you defend against ransomware, APTs, and insider threats.

We’ll break down how to get to Zero Trust, covering how to:

• Identify sensitive data with scalable classification
• Create an audit trail around sensitive data
• Architect microperimeters by limiting who has access to data
• Monitor for potential threats
• Use automation for remediation and response

Learn about what Zero Trust means and concrete steps you can take to implement it in practice.

Every organization is concerned with third-party risk. No one wants to be the next Target breach. This session will examine the components of third-party risk management and give you some leading practices on how to develop a workable and sustainable process.

Advisory Council – VIP / INVITE ONLY

Visit the Exhibitor Hall for vendor displays or connect with attendees in the Networking Lounge.

Everyone says you’ve got to bake security into the development process, but it doesn’t always get done. Speed to market and “other considerations” can get in the way of good, clean secure code. Some developers share code or borrow from open-source platforms on the internet. Is that safe? How do you work with your DevOps teams to create a collaborative, proactive environment where they have the time and resources to build that security in from the beginning? How do you deal with burnout and fatigue? Our panel will address these concerns and more to help you get a handle on securing the code.

If we’ve learned one thing from the pandemic it’s that cybercriminals do not take breaks. They are constantly retooling and trying new approaches. They collaborate—often better than we do. It is time for us to join forces, identify the most likely of risks to our organizations, and strengthen our networks. We’ve got to get our developers on board, as well, as it’s got to be secure before it goes to market. And what about all the careless clicking from employees?

It’s a huge task, but we don’t have to do it alone. Join our panel of experts as they unpack the current threat landscape and offer ideas on how to start making effective changes within your organization.

Having an effective security program is more than just having great technology. It’s about turning data into information and information into action. True success comes in the form of the business “wanting” you involved because they trust you and value the services your team provides. It doesn’t happen overnight and like any other part of your program, it needs to be deliberately designed in.

As organizations embark on a cloud-first strategy, they often find they’re placing excessive trust in their cloud service provider to protect the sensitivity of their organization’s assets, especially sensitive data. During this presentation, we provide an overview of how the cloud service provider requires you to participate in a shared security model and how your organization can retain control of your sensitive data encryption. In other words: your data, their cloud! We’ll discuss and show how using newer tools and techniques—that include split trust, ubiquitous data encryption, and contextual access—reduce and mitigate implicit trust in your cloud provider along with allowing you to manage your own encryption and manage access to your data in the cloud.

Visit the solution sponsor booths in the Exhibitor Hall and connect with other attendees.

Participating sponsors will announce their Dash for Prizes winners. Must be present to win.