Enterprise Security & Risk Management 2020


3 November 2020





Evaluate cutting-edge technology and solution providers through our Live Web Seminars by attending solution provider sessions. Connect with your fellow IAM and IT security leaders and dive into thoughtful conversations spurred by powerful sessions and hear directly from the experts behind the latest IAM innovations.

All sessions will be available on-demand after, so you won’t miss anything.  Session times are subject to change. Participants can also connect with peers and experts to ask questions, share insights, and get the most from the leaders in the industry

PLEASE NOTE: All Conference Sessions (including slides) will be presented in English ONLY
Delegates will be able to attend two seminars at the event ‘live’ as they will run in two sessions.
All event footage will be available on demand for a maximum of 2 hours after the session has closed.



Session 5 @ 14:45
Sponsored by:
The Neighborhood Watch: Using Continuous Monitoring to Increase Visibility and Effectiveness of TPRM programs

Jonathan Ehret, CISSP, CISA, CRISC, VP Vice President, Strategy & Risk, RiskRecon

View Profile

While organizations have devoted countless resources to securing their borders and the precious data that resides within it, many often ship that same data to third parties without much thought as to how that vendor is protecting it for them. For those that are checking the security posture of their vendors, it is often accomplished via the use of a point in time security questionnaire.

But do those questionnaires provide the right visibility? Visibility into our vendors’ security controls and the effectiveness with which they are operating have been and continue to be some of the major challenges in the world of third party risk.

This discussion will cover those struggles, the inherent limitations of the security questionnaire as well as how continuous monitoring tools can be utilized to shed light on the effectiveness of a vendor’s security controls.

Live Stream On Demand


Session 5 @ 14:45
Sponsored by:
Securing cloud environments, staying on top of cloud configurations to prevent data leaks and exposure

Paul ‘PJ’ Norris, Senior Systems Engineer – EMEA, Tripwire International Inc

View Profile

As organizations expand further into the cloud, there continues to be an influx of simple mistakes, such as misconfigurations, that can expose organizations to significant security, privacy and regulatory risks. Security teams are stretched, but must stay on top of expanding cloud use and ensure proper security controls are implemented in these environments and maintain compliance over time.

To understand just how well security professionals are implementing industry best practices for cloud security, Tripwire has conducted some detailed research and will share these findings and actionable recommendations for securing the cloud.

The session will cover:

• Current trends on growing cloud usage and security risks involved
• Organizations’ biggest concerns when it comes to cloud security
• What steps organizations are taking to secure their cloud environments and where they are having the most challenges
• Recommendations on best practices and technologies available to assist with maintaining security and compliance for the cloud

Live Stream On Demand


Session 5 @ 14:45
Sponsored by:
Live cyber attack: Maze ransomware attack simulation

Dave Philpotts, Senior Sales Engineer, Varonis Systems

View Profile

Ransomware gangs like Maze dwell in networks for months, stealing data and leaving backdoors, before they start dropping ransom notes.
Join us as we explain how big-game ransomware gangs operate and showcase common tactics, techniques, and procedures (TTPs), with takeaways that can help you prepare for an attack. Dave will run a step-by-step Maze attack simulation, demonstrating how an IR team should be alerted at each and every phase of such an attack, so as it can respond effectively.

During the session, you will get to see how:

  • a user is tricked into opening an infected Word document
  • a network recon is performed using reverse DNS lookups
  • a service account with admin privileges is kerberoasted
  • sensitive files can be found and exfiltrated using HTTP POST commands
  • the Maze ransomware payload is deployed to encrypt files

Live Stream On Demand


Session 5 @ 14:45
Sponsored by:
Automating Third-Party Risk: The Common Pitfalls to Avoid When Building and Evolving Your Third-Party Risk Management Program

Constantine Malaxos, Director of Strategic Alliances, ProcessUnity

View Profile

Your organization likely has some means for managing third-party risk, but you probably suspect that there remain untapped opportunities to incrementally improve your program. While there is no one right Third-Party Risk Management, there is a model right for you, and incorporating best practices into your processes can have an exponential effect on your results.

Join our session and learn how to:

  • Rate the maturity of your current assessment process
  • Create the building blocks of an effective and efficient assessment process – both pre- and post-contract
  • Employ new techniques that reduce vendor fatigue, speed responses, and shorten review cycles
  • Identify key relationships that are critical to your program’s success
  • Avoid the common pitfalls that prevent success when building a TPRM program

Live Stream On Demand


Session 6 @ 15:45
Sponsored by:
Now That Ransomware Has Gone Nuclear, How Can You Avoid Becoming the Next Victim?

Javvad Malik, Security Awareness Advocate, KnowBe4

View Profile

There is a reason more than half of today’s ransomware victims end up paying the ransom. Cyber-criminals have become thoughtful; taking time to maximize your organization’s potential damage and their payoff. After achieving root access, the bad guys explore your network reading email, finding data troves and once they know you, they craft a plan to cause the most panic, pain, and operational disruption. Ransomware has gone nuclear.

Join us for this webinar where, Javvad Malik, KnowBe4’s Security Awareness Advocate , will dive into:

– Why data backups (even offline backups) won’t save you
– Evolved threats from data-theft, credential leaks, and corporate impersonation
– Why ransomware isn’t your real problem
– How your end users can become your best, last line of defense

Live Stream On Demand


Session 6 @ 15:45
Sponsored by:
Extended Detection and Response (XDR) is the new EDR – what you need to know to get started

Grant McDonald, Director Solutions Marketing, BMC Software

View Profile

The expanding attack surface has pushed the limits of Endpoint Detection and Response (EDR) tools. IoT, multiple server environments, and increases in remote work offer more entry points and opportunities to deliver malicious payloads undetected. Many are moving to adopting an Extended Detection and Response (XDR) model in order to get greater context on threats for incident responders and to ensure security across the enterprise. Building an effective XDR model has a number of challenges however. From mitigating alert fatigue and automating manual tasks to addressing complex environments made of collections of tools – the perceptions of new burdens may seem to outweigh the benefits. In this session we will look at how to reduce those challenges by building an effective foundation that can serve as a framework for building and maintaining your XDR strategy. You’ll learn a practical place to begin, how to automate more of your security workflows to reduce alert fatigue while establishing controls across every device, system and environment in your enterprise.

Live Stream On Demand


Session 6 @ 15:45
Sponsored by:
Calculating ROI for Security: Why This Is So Difficult? Do You Need It?

Ilia Sotnikov, Vice President of Product Management, Netwrix Corporation

View Profile

The ongoing stream of data leaks and other breaches of consumer trust is a top concern for executives at organisations around the world. To make sound decisions about cybersecurity strategy, especially during challenging times like these, when budgets are tight, they need accurate assessments of the effectiveness of proposed security investments. However, providing those estimates of ROI can be extremely difficult for CISOs, who often struggle to quantify the expected impact of security measures.

Join us for this educational session to learn the 4 key benefits of a security investment — and how to effectively communicate the associated value to senior decision makers. Armed with this information, you will be well positioned to convince them to make cybersecurity investments right now.

Live Stream On Demand


Session 6 @ 15:45
Sponsored by:
Secure Work Anywhere: Supporting the New Normal from Corporate Policies to Security Practices

Scott Bridgen, GRC Consulting Director, OneTrust

View Profile

The global pandemic and impacts stemming from COVID-19 shook up operations across the globe. Both, security and cultural impacts stemming from the pandemic continue to emerge for businesses. As organizations have navigated their way through return to office scenarios, there are a number of new employee expectations and employer considerations to think through. Rather than only focusing on the point-in-time circumstances of “secure work-from-home” operations, many organizations are considering a proactive “secure-work-anywhere” policy. In this webinar, we’ll highlight what aspects of secure work anywhere have been successfully in place prior to regional waves of quarantine, supporting productivity through employee mental and physical health considerations, privacy considerations for employees personal environments, empowering your plan with innovative solutions and technology.

• What disciplines and business structure have already been operating “secure work anywhere”?
• How can the extent of your internal governance policies can help or inhibit your employees ability to execute their job effectively?
• Considerations to balance security-based monitoring and employee privacy rights within personal environments
• Technology and innovative strategies to put your “secure-work-anywhere” plans in motion.

Live Stream On Demand


We are pleased to inform you the Virtual Platform is now open at https://whitehallmedia.6connex.eu/event/esrm/login

You must have registered for the event first before you can access the platform

If you are a delegate register here

If you are an exhibitor register here