Anatomy of a Data Breach: And What to Do if it Happens to You

Anatomy of a Data Breach:

And What to Do if it Happens to You

June 22, 2023

11:00am - 5:00pm ET

A full-day virtual event on the missteps and vulnerabilities that lead to security incidents and breaches – and how to respond to an attack.

As the saying goes, it’s not a matter of “if” your organization will suffer a cyberattack: it’s a matter of “when.” That conventional wisdom amid today’s complicated and active threat landscape may seem overwhelming, but knowing the most common vulnerabilities and oversights that threat actors typically abuse – as well as the best practices for responding to a security incident -- can make all the difference in protecting your sensitive data from an attacker who has made their way into your network. Is your organization ready to respond when a cyber attacker intrudes?

Learn the main causes of a data breach and the keys to an conducting an effective incident response in a new virtual event: Anatomy of a Data Breach: And What to Do if it Happens to You. This free, one-day online conference in Q2 2023, produced by the editors of Dark Reading, offers a look at some of the most common vulnerabilities that lead to enterprise data breaches, as well as the latest tools and best practices for incident response. You’ll get insight on how to find and fix the security vulnerabilities in your organization – before the attackers find them. You’ll learn state-of-the-art practices and techniques to protect your data from ransomware, cyber extortion, and other current threats. Best of all, you’ll get insight on what to do when you’ve discovered a compromise, and how to limit its impact.

If you want to learn how today’s most dangerous breaches occur – and how to respond if your organization gets hit -- then this virtual event is for you. Register today.

Topics Include:

A deep dive into how the most damaging data breaches occur, and what vulnerabilities they exploit

How to identify and remediate security vulnerabilities in your network

Key steps to ensure that both your internally developed apps and your third-party software are free of dangerous vulnerabilities

What to do if you suspect your data has been compromised

How to mitigate the damage from an attack

Building blocks for a solid incident response plan

And much more!

Agenda

Keynote

11:00am - 11:45am ET

Cybersecurity Missteps and Oversights That Leave Your Enterprise Open to Attack

Sponsored by: Mandiant

Data breaches happen — often due to an oversight or unknown vulnerability in an IT infrastructure that attackers spot and exploit first. In this keynote presentation, a top cybersecurity expert will shine light on some of the most common security flaws and mistakes that can lead to an attack, and how to pinpoint and remediate these weaknesses in your IT infrastructure.

Keynote

12:15pm - 1:00pm ET

Takeaways from Real-World Data Breaches

Sponsored by: Palo Alto Networks

In this keynote address, a top security researcher will detail and analyze trends in real-world data breaches of the past year – including the most popular attack vectors and exploited vulnerabilities – and explain the lessons learned and best practices for defending against these attacks.

Panel

2:15pm - 3:00pm ET

Finding and Fixing Software Vulnerabilities That Endanger Your Data

Sponsored by: Invicti, Mend

Software vulnerabilities are at the heart of a data breach. While vendors regularly release patches and updates to their products, how do you know which flaws truly threaten your organization and require immediate attention? How do you ensure your own development team is writing secure code? In this panel discussion, experts will discuss how to identify, assess, and prioritize the risk of an attacker exploiting the latest vulns in your systems. They will offer strategies for using DevSecOps for your internal apps as well as building a sound patching policy for third-party software.

Panel

3:15pm - 4:00pm ET

How Attackers Target Today’s Hybrid Endpoints

Sponsored by: CardinalOps, Delinea

The endpoint traditionally has been the focus of the first stage in a cyberattack, as attackers attempt to gain a foothold in their targets. How can you detect a threat that has infiltrated the endpoint or a user’s account in order to halt its spread further in your network? What can you do to assess and ensure your users’ various devices and online credentials are protected? In this panel discussion, experts will provide insight into threats to the ever-evolving endpoint and how best to protect these devices – and your user accounts – from becoming pawns in a data breach.

Panel

4:15pm - 5:00pm ET

Cyber Incident Response Guide: A How-To

Sponsored by: Cyderes, Wiz

Cyberattack attempts and threats are inevitable, but damaging data breaches don’t have to be. There are some key steps, strategies, and technologies, to help ensure a security event doesn’t escalate, including proactive threat-hunting, detection of even the most well-hidden threats, and mitigation methods. What actions should you take if you think your network was compromised? In this panel discussion, experts in incident response will offer a look at how best to respond to a security incident, including a look at the role of emerging tools such as eXtendedDetection and Response (XDR), orchestration, and state-of-the art IR practices.

Anatomy of a Data Breach:

June 22, 2023

11:00am - 5:00pm ET

Speakers

Amitai Cohen

Threat Researcher, Wiz

Amitai leads the Attack Vector Intelligence team at Wiz, where he manages investigations of threats to cloud environments and works to advance research and detection methodology. Amitai is also a maintainer of the cloudvulndb.org open-source project, and co-hosts the "Crying out Cloud" podcast.

Prabhath Karanth

CISO, Navan

Prabhath Karanth is a senior security leader with 18+ years of leading global, cross-functional teams across hyper-growth startups, Fortune 100 and Big 4 consulting firms. He now leads the security and trust organization for the business travel corporation Navan (formerly Trip Actions), and is responsible for product security and more.

Shannon Lietz

Devsecops.org founder and Rugged Evangelist

Shannon Lietz is a 30+ year award-winning technology and security industry veteran, who has held numerous roles throughout her career with a focus on Offensive Security, Application Security, Cloud Security, DevSecOps, and Threat Intelligence. Shannon has worked for and consulted with many of the Fortune 500.

Tanya Janca

CEO and Founder, We Hack Purple

Tanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community, podcast, and training company that revolves around teaching everyone to create secure software.

Mike Heller

Director of MDR Services, Kudelski Security

Mike Heller is the director of MDR services for the United States. With responsibility for overall service delivery, Mike oversees teams of analysts, engineers, and engagement managers to ensure a first class client experience and protection against cyber threats.

Vern McCandlish

Principal Security Analyst, Dragos Threat Operations Center

Vern McCandlish works as a Principal Security Analyst in Dragos’ Threat Operations Center, where he focuses on using digital forensics to do incident response and help build new capabilities for detecting attacks. He also serves as an Adjunct Professor of Cybersecurity at Utica College.

Jacky Fox

Cybersecurity Lead, Europe & Ireland, Accenture

Jacky leads Accenture’s security practice in Europe and in Ireland. She has 20+ years’ experience in technology and cybersecurity consulting. Jacky holds an MSc in Digital investigations and Forensic computing, a GCFA and a GICSP. She has worked across multiple industry sectors including public sector and financial services.

Ashlie Blanca

Consulting Director, Palo Alto Networks Unit 42

Ashlie Blanca is a Consulting Director at the Unit 42 McLean, Virginia office, who has deep experience as a cybercrime investigator. Ashlie joined the team in 2018, after four years with the analytics company Novetta, where she was an intrusion analyst assigned to the U.S. Department of State.

Keith Mokris

VP of Product Marketing, Orca

Keith Mokris leads product marketing and evangelism for Orca Security where he is focused on helping enterprises secure their cloud environments and applications. Previously, he was Director of Product Marketing for Prisma Cloud, led product marketing at Twistlock, and NowSecure, a mobile security startup.

Jeanette Sherman

Senior Manager, Product, Mend.io

Jeanette Sherman has spent her cybersecurity career working to understand and relieve the struggles of security leaders as they work to secure open source.

Chris Maroun

Sr. Director, Field Technology Office, CyberArk

As a Senior Director for the Field Technology Office at CyberArk, Chris Maroun is responsible for the solution strategy of all products that reside within the CyberArk portfolio. After a decade with CyberArk, his responsibilities now include working with company leaders and executive management.

Adam Markert

CISSP, Principal Solutions Architect, CyberArk

Adam is a Principal Solutions Architect for CyberArk software and primarily helps enterprise customers in the Eastern U.S. secure their critical infrastructure. Previously, he held senior security architecture and systems administration roles, and maintains CISSP and multiple AWS and Azure certifications.

Nader Zaveri

Senior Manager, Incident Response & Remediation Mandiant, Google Cloud

Nader Zaveri has over 15 years of experience in IT security, infrastructure, and risk management. Nader has led hundreds of incident response investigations related to on-prem or cloud-based environments. He has helped investigate and understand the storyline of the attack for the most allusive threat actors such as nation-states.

Tony Goulding

Senior Director, Technical Product Marketing, Delinea

Tony is a cyber security evangelist at Delinea helping deliver cloud identity security solutions to secure modern enterprises and stop the leading cause of breaches — privileged access abuse. Internally he’s a Senior Director in Technical Product Marketing, involved with product positioning and messaging, analyst relations, and more.

Dr. Kall Loper

Vice President, Digital Forensics and Incident Response, Cyderes

Kall Loper is Cyderes’ Vice President of Digital Forensics & Incident Response. He has been a partner-level practice lead at a global consulting firm, the U.S. Department of Justice, and has founded a forensics firm. Kall has worked in several capacities for the Federal government in programs that distribute funds toward various initiatives.

Frank Catucci

CTO and Head of Security Research, Invicti

Frank Catucci is a global application security technical leader with over 20 years of experience, designing scalable application security-specific architecture, partnering with cross-functional engineering and product teams. Frank is a past OWASP Chapter President and contributor to the OWASP bug bounty initiative.

Dan Raywood

Senior Editor, Dark Reading

Dan Raywood is Senior Editor of Dark Reading, covering Middle East and Africa for DR Global. With 15 years experience of covering cybersecurity as a journalist, editor, analyst and product marketer, he has also featured on global news channels discussing cybersecurity issues.

Fernando Montenegro

Senior Principal Analyst, Cybersecurity, Omdia

Fernando is a Senior Principal Analyst on Omdia’s cybersecurity research team, based in Toronto, Canada. He focuses on the Infrastructure Security Intelligence Service, which provides vendors, service providers, and enterprise clients with insights and data on network security, content security, and more.

Becky Bracken

Senior Editor, Dark Reading

Becky Bracken has built a decades-long journalism career with a focus on cybersecurity issues and serves as an editor for Dark Reading.

Tara Seals

Managing Editor, News, Dark Reading

Tara Seals has 25+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine.

Phil Neray

VP of Cyber Defense Strategy, CardinalOps

With 20+ years of cybersecurity experience, Phil comes to CardinalOps from Microsoft Security, which he joined after the acquisition of CyberX, an early innovator in IoT/OT security monitoring. He previously held executive roles at IBM Security/Q1 Labs, Guardium (acquired by IBM), Veracode, and Symantec.

Kelly Jackson Higgins

Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties.

Alex Pinto

Senior Manager of the Data Breach Investigation Report team, Verizon Threat Research Advisory Center

Alex Pinto is the senior manager of the Data Breach Investigations Report team in the Verizon Threat Research Advisory Center. His teams are responsible not only for the Verizon DBIR, but support security research and thought leadership in the organization.