FS-ISAC Session Descriptions Tuesday, 4 November 10:00 - 10:45 | Keynote

FS-ISAC
Session Descriptions
Tuesday, 4 November
10:00 - 10:45 | Keynote
EC3’s Role in Countering Cybercrime
Broadgate
Troels Oerting, European Cybercrime Centre (EC3)
The presentation will elaborate on the efforts of EC3 in strengthening the law enforcement response to cybercrime in
the European Union. Currently, EC3 provides targeted and effective countermeasures in the areas of cybercrime, child
sexual exploitation online and transnational payment fraud. The expertise is mainly delivered through operational,
technical and forensic support, deployable on the spot or from the high-tech facilities in the Europol headquarters.
Additionally, EC3 specialises in threat assessments of current threats and trends in cybercrime, as well as capacity
building and training. The presentation will also provide an operational insight into addressing cyber threats, by
highlighting EC3’s initiatives in the area such as the newly established Joint Cybercrime Action Taskforce (J-CAT) and
the European Financial Cybercrime Coalition (EU FCC).
10:45 - 11:30 | General Session
Actionable Security Intelligence
Broadgate
Etay Maor, IBM
The financial services sector continues to be a target of evolving distributed denial of service attacks, data breaches,
advanced malware, internal and external fraud. Traditional security measures are no longer sufficient for addressing
the rapid pace of change. Firms with the ability to store and analyze an expanding variety of data in deep context,
combined with forensics from custom data mining and analytics, can reveal the step-by-step actions of sophisticated
cyber criminals and create a true security intelligence platform for real-time prevention, detection, and remediation.
12:00 - 12:30 | General Session
The Growing Problem of Defending Your Brand, Your Customers and Your Business Online
Lou Manousos, RiskIQ
Broadgate
The proliferation of Web properties and mobile apps is occurring rapidly among financial institutions and managing
them is becoming increasingly difficult. Because of this, your online assets face a growing variety of malicious activities
including hijacked web code, infections from malicious advertisements, copycat mobile apps that infect users, and
the theft of your brand, domain names, and other intellectual property. We will discuss how improperly managed
online assets can cause serious harm to you and your customers. We will also review a proactive model for discovery,
monitoring, and the remediation of threats with supporting data from a survey of CISOs.
13:30 - 14:30 | Concurrent Sessions
CISO Panel Intelligence and Information Sharing in the EU
Moderator: Teresa Walsh, Citi; Isabel Maria Gomez Gonzalez, Bankia; Marko Hartwig, Zurich;
Claus Norup, UBS
London Wall
This panel of CISOs will discuss the current state and strategic vision they have for sharing information and cyber
intelligence between peers, government and associations.
Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning, and BGP Hijacks
Mohit Lad, ThousandEyes
Bishopsgate 1
The network is a key component in application delivery and is often a direct or indirect target of security attacks
such as DDoS and BGP hijacking. Mitigation strategies often involve using a third party cloud service without any
visibility into whether the mitigation is working well. Using real life examples, we will show how one can measure the
user perceived impact of an ongoing attack, as well as identify which aspects of the mitigation are not working as
desired. With this detailed availability and performance data at the various layers, financial firms can learn how to
better manage ongoing attacks.
www.fsisac-summit.com | 9
FS-ISAC
Tuesday, 4 November | 13:30 - 14:30 | Concurrent Sessions continued
Adventures in Threat Intelligence
Bishopsgate 2
James Chappell, Digital Shadows Ltd
The security technology community has been evolving threat intelligence capabilities in an attempt to understand
more about the groups that pose a threat to businesses, with a particular focus on the tools and TTP ‘s employed by
threat actors.
The monitoring of open and closed sources plays an important role in identifying these threats providing current
situational awareness to security departments. This session will provide an open and honest assessment of challenges,
opportunities and constraints of the discipline. We will explore the use cases for threat intelligence and explain why
sharing is critical to success of the discipline and profession.
15:15 - 16:15 | Concurrent Sessions
Introduction to the FS-ISAC’s Federated Cyber Intelligence Repository
Aharon Chernin, Soltra
London Wall
The presentation will begin by describing the need for cyber intelligence standardization. Once the audience has
gained an understanding of the need, Aharon will describe the importance of automation in processing of cyber
intelligence data. He also plans to show demo’s, screenshots, and screen capture videos of the repository in action so
the audience can see the repository function in person. And finally, Aharon will walk through doing a real time install
of the repository so that participants can see how easy it is to get running.
Using Cyber Defences to Counter Cyber-Enabled Crime
David Bailey, BAE Systems Applied Intelligence
Bishopsgate 1
The world of crime is changing, morphing and evolving into something far more dangerous than ever before. Cyber
Crime is becoming Digital Crime, and for some, Digital Crime is proving to be very profitable indeed.
Digital Crime is the convergence of traditional crime with cyber espionage, conducted by criminals with expert
knowledge of a specific industry, and supported by cyber experts who enable digital criminals to steal and take
control of assets on a previously unimaginable scale.
Aggressive Defence Against Account Takeover Malware
Don Jackson, Phishlabs
Bishopsgate 2
With a thriving market for criminal-to-criminal (C2C) services and a flourishing underground ecosystem of tools
and information at their disposal, cybercriminals continue to expand their botnet-based infrastructure, hone attack
tactics, and operate their criminal enterprises with practical impunity. Current defensive tactics are clearly not enough
to stem the tide of thefts, fraud, and other attacks that pose constant threat the financial sector. A more aggressive
defense is needed against advanced account takeover malware – one that applies threat intelligence to disrupt
cybercrime operations and profits.
16:45 - 17:45 | Concurrent Sessions
(Part 1) Information Sharing in Europe and in the Netherlands
Michael Samson, Dutch Payments Association
(Part 2) Responsible Disclosure in the EU
London Wall
Eelco Stofbergen, National Cyber Security Centre; Jan Joris Vereijken, ING
(Part 1) The presentation shows the co-operation model of the European FI-ISAC. This model is different from
other European co-operation models in the sector. The presentation focuses on the approach and the results of the
European FI-ISAC.
The second part focuses on information sharing in the Netherlands: the fraud landscape and the public private cooperation and participation model.
Finally, the presentation will give a high level overview of the products developed by the Dutch FI-ISAC: the Cybercrime
Monitoring and Investigation Service (CMIS) and the Account Monitored Information (AMI).
(Part 2) This session will discuss the progress made on an initiative to improve responsibile disclosure in the EU.
www.fsisac-summit.com | 11
FS-ISAC
Tuesday, 4 November | 16:45 - 17:45 | Concurrent Sessions continued
Moar Malware, Less Malware
Bishopsgate 1
Marshall Heilman, FireEye
This highly technical talk will explore the in-depth functionality of malware leveraged by attackers over the last twelve
months to penetrate networks, escalate privileges, maintain persistence, establish command and control channels,
and harvest data and ultimately exfiltrate data. This talk will also explore malicious activity perpetrated by attackers
without the use of malware.
Need for Speed: The Faster You Resolve Cyber Threats, the Better Your Outcomes -It is that Simple
Bishopsgate 2
Peter Clay, CSG Invotas
The faster you resolve cyber threats, the better your outcomes. It is that simple. Speed matters. It isn’t enough to know
you have an intruder. You have to act. You have to act now. We’ve seen what happens when defenses are overwhelmed
and attackers have free rein in your network. The time has come for the next generation of automated threat response.
The panel will discuss frameworks, capabilities, lessons learned, and valuable insights.
Wednesday, 5 November
9:15 - 10:00 | FS-ISAC Member Meeting*
Broadgate
9:15 - 11:30 | FI-ISAC Code Red Meeting**
London Wall
10:30 - 11:30 | Solutions Showcases***
Broadgate
During a Solutions Showcase Members are invited to join us for refreshments and a technology showcase where the
latest technical innovations will be on display. In this relaxed setting, attendees get to select up to three technologies
they’d like to see. These information-packed 15 minute sessions will be presented by technology experts from our
vendor sponsors, will be use-case driven and will be tailored to the unique needs of members.
Improving Third-Party Security at European Financial Institutions
Broadgate
Veracode
According to research by IDG, UK enterprises tend to leverage more third-party applications that US companies.
Yet the FS-ISAC Third-Party Software Security Working Group, does not contain European members, and none
contributed to the “Appropriate Software Security Control Types for Third-Party Service and Product Providers”
whitepaper.
This presentation will outline why it is time for European financial institutions to formally acknowledge the risk
associated with third-party software and create guidance which the industry can follow. It will also provide insight
into how the controls were developed in the US and offer tips for successfully creating similar guidelines.
Community Structure and Context of International Hacker Community
Battelle Memorial Institute
Broadgate
Battelle has examined the community structure and context of international hackivists via enriching traditional cyber
security datasets with social, technological and geopolitical data. Specifically, Battelle has collected millions of events
and captured associated data. Using language processing and image recognition, we have identified hacker aliases/
common motifs present in the attacks and constructed a bipartite graph of events the hackers associated with those
events. Simultaneously, we correlate event data with the Common Vulnerabilities/Exposures database to identify
the vulnerabilities exploited during attacks. Finally, we place attacks in context to the Financial Services Industry by
incorporating the Global Database of Events/Language/Tone data set.
* FS-ISAC members only
** FI-ISAC members only
*** closed to non-silver sponsors
www.fsisac-summit.com | 13
FS-ISAC
Wednesday, 5 November | 10:30 - 11:30 | Solutions Showcase continued*
Best Practices for Privileged Access
Broadgate
Hitachi ID Systems
In an organization with thousands of IT assets, it can be difficult to securely manage access to privileged accounts
for several reasons:
t There are thousands of privileged passwords.
t Administrator passwords exist on each device and application.
t It is difficult to coordinate changes to shared passwords.
When there are many shared, static passwords, former IT staff retain sensitive access after leaving an organization. It
can also be difficult to trace changes back to individuals who made them.
Hitachi ID Systems delivers access governance and identity administration solutions to organizations globally.
Cross Channel, Cross Enterprise Fraud and the Need for Collaboration
Pindrop Security
Broadgate
Account takeover fraud is increasing as organized fraudsters use a combination of phone and online tools to setup
and execute attacks. Fraudsters move between the online and phone worlds, calling both call centers and consumers.
Furthermore, they’re working across institutions, with reconnaissance and attacks on multiple targets. In this panel,
we will discuss the technical and organizational changes and the collaboration required to stem cross-channel and
cross-institution attacks. Issues include regulatory and privacy concerns of data sharing, logistics, tools already in
place such as CYFIN and how they work.
Akamai Cloud Security Solutions: Protecting Banks Worldwide
Broadgate
Akamai Technologies
In this Showcase, Akamai will demonstrate an attack against two banking web sites – one in the clear, and one
protected by Akamai. The demonstration will show how these attacks can compromise an unprotected site and how
Akamai is able to detect and stop these attacks automatically, in real-time, from the cloud.
Innovative Authentication Techniques for Beating RATs and Men-in-the-Middle
Authentify
Broadgate
Remote Access Trojans (RATs), man-in-the-middle (MITM) exploits, and purloined credentials are still persistent
threats that harvest legitimate user credentials or invade authenticated sessions “post-login.”
Financial Institutions, however, need not choose user convenience over stronger authentication to defeat these threats.
Authentify’s xFA technology offers strong authentication that can be administered flexibly throughout a transactional
session. The user will likely accept security hurdles once invested in a session rather than at login.
Authentify’s demonstration illustrates how authentication technologies including digital certificates, biometrics,
finger-swipe gestures, or KBA, used in an engaging way “post-login,” defeat RATs, MITM, and other threats without
sacrificing user experience.
12:30 - 13:00 | General Session
The Ever Changing Global Threat Landscape
Tim Hind, iSight
Broadgate
During his talk, Mr. Hind will outline the contours of the current global threat environment, discuss important trends
within each threat actor group, examine the crossover of tools and techniques between these groups and provide
examples and case studies illustrating these developments.
* closed to non-silver sponsors
www.fsisac-summit.com | 15
FS-ISAC
Wednesday, 5 November | 13:15 - 14:15 | Concurrent Sessions
Cyber Attack Against the Payment Processes EU and US
London Wall
Chalres Bretz, John Salomon, & Ralph Smith, FS-ISAC
A review of the 2014 CAPP, (Cyber Attack Against the Payment Processes) exercise will start the session. Charles Bretz,
FS-ISAC’s Director of Payment Risk will present summary results from the September 2014 cyber threat exercise. John
Salomon and Ralph Smith from the FS-ISAC’s European staff will lead the discussion about European institutions and
associations who have expressed interest in creating a cyber threat exercise that simulates an attack on European
financial institutions’ payment operations.
There will be an open dialog for members in the audience to comment and provide feedback about a potential
European cyber attack exercise in the first half of 2015.
The Role of Big Data in Cyber Fraud Detection
Bishopsgate 1
Eric Thompson, RSA
Mobile and online services sit at a nexus characterized by pressure to grow business across digital channels while
minimizing the risks of a sophisticated cyber threat landscape. Fortunately, these channels also come with an
exponentially growing mountain of data, and organizations that can capture, store, harness, utilize, and profit from
the increasing amounts and velocity of that data can gain competitive advantage. This session will examine how
information security teams are working to leverage the enormous amounts of information available to improve threat
and fraud detection and the challenges that stand in their way.
Security Architecture at the Speed of Business
Bishopsgate 2
Charles Clarke, Morgan Stanley
Keeping systems secure across thousands of software developers and hundreds of projects all running at full speed
is a constant challenge. Morgan Stanley addresses this problem with two cooperating teams: Security Architecture
and Security Blueprints. SecArch helps internal software teams comply with policy and secure their software designs,
while security specialists from SecBlue work with technology experts to produce reusable blueprints and guidance.
The process identifies and tracks risks and captures lessons for the future. We show the process, the results, and some
of our dashboards that give executive management a view into the process, its output, and its impact.
14:30 - 15:15 | CISO Panel
The Changing Role of the CISO
Moderator: Simon Hales, HSBC; Santiago Minguito, Banco Sabadell; Hem Pant, ING; Emma Smith, RBS
Broadgate
A panel of CISOs from EU based firms will discuss top of mind issues, including: With the ever increasing Regulator
and Board concern over cyber security, are CISOs comfortable that these stake holders understand the issues? Is the
development of the UK Penetration Testing standard (CBEST) a good thing and will it drive the right behaviour in the
industry and with peer regulatory bodies? Can a CISO be an effective risk and operations manager with today’s need
for increasingly effective and independent (evidenced) operational risk management? Are CISO’s today ready to be
executive board members, or will we continue to be subordinate to another executive?
Birds of a Feather Lunch
FS-ISAC’s Birds of a Feather Lunch is a great way to connect and interact
with your direct peers. Join us on Tuesday, 4 November, from 12:30 – 13:30 in
Broadgate for lunch and discussion. The tables will be labeled as follows:
t
t
t
t
Associations
Banks and Credit Unions
Brokerage and Securities
Card Companies
t
t
t
t
Clearing Houses and Exchanges
Insurance
Payments
Payment Processors
www.fsisac-summit.com | 17