Deloitte’s Cyber Risk Services help transform legacy IT security into proactive, Secure.Vigilant.Resilient.™ programs using HPE Enterprise Security products. With deep experience across industries, our practitioners strengthen the ability of organizations to thrive in the face of cyber incidents. We help organizations plan and execute an integrated cyber approach to enhance business operations, increase mission performance, and improve customer support–without compromising security or privacy.


At PwC, our purpose is to build trust in society and solve important problems. We’re a network of firms in 157 countries with more than 223,000 people who are committed to delivering quality in assurance, advisory and tax services. Find out more and tell us what matters to you by visiting

PwC's Cybersecurity team of former law-enforcement agents, cyber-forensics and security specialists have global experience helping organizations design and implement cybersecurity programs that are aligned with business objectives. We combine and leverage our diverse business, technical, analytical, regulatory and investigative knowledge and know-how to deliver actionable and sustainable solutions.


Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 411,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives.

Learn more at


Trend Micro Incorporated, a global leader in cyber security solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints.

With over 5,000 employees in over 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organizations to secure their journey to the cloud. For more information, visit


Atar Labs builds ATAR, industry's foremost security operations center management platform which covers automated response, analyst augmentation, collaborative investigations console and SOC KPI management.

Organizations worldwide use Black Duck Software’s industry-leading products to automate the processes of securing and managing open source software, eliminating the pain related to security vulnerabilities, license compliance and operational risk.

Learn more here.


Carahsoft drives value for an extensive ecosystem of IT manufacturers, resellers, system integrators, and consulting partners who are committed to helping government agencies select and implement the best solution at the best possible value.

D3's Incident Response Platform provides 100+ of the Fortune 500 with automation and orchestration, artificial intelligence, case management, link analysis, and root cause resolution capabilities.

Learn more at

Check Point Software, the largest pure-play security vendor globally, protects customers from cyberattacks with an unmatched catch rate of malware and other types of attacks.

Learn more at here.

Digital Shadows monitors and manages an organization’s digital risk across the widest range of data sources within the visible, deep, and dark web to protect an organization’s business, brand, and reputation.

Learn more at


FireEye is the intelligence-led security company. FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks.

Learn more here.

The makers of EnCase®, the gold standard in forensic security, Guidance provides a mission-critical foundation of market-leading applications that offer deep 360-degree visibility across all endpoints, devices and networks, allowing proactive identification and remediation of threats.

Learn more here.


immixGroup, an Arrow Company, helps technology companies do business with the government.

Malwarebytes is the next-gen cybersecurity company that millions worldwide trust. Malwarebytes proactively protects people and businesses against dangerous threats such as malware, ransomware, and exploits.

Learn more here.


Recorded Future delivers real-time threat intelligence powered by machine learning. Our patented technology automatically collects and analyzes information and provides invaluable context to lower risk.

Learn more here.

Securonix radically transforms data security with actionable intelligence. Our purpose-built security analytics platform mines, enriches, analyzes, scores and visualizes data into actionable intelligence on the highest risk threats to organizations. Using signature-less anomaly detection techniques, Securonix detects data security, insider threat and fraud attacks automatically and accurately.

Learn more here.


Siemplify ThreatNexus is the industry's Leading Security Orchestration and Incident Response platform used by security operations management, responders, and analysts as the primary day-to-day workbench.

Learn more here.


Elastic builds software to make data usable in real time and at scale for search, logging, security, and analytics use cases. Founded in 2012, Elastic develops the open source Elastic Stack (Elasticsearch, Kibana, Beats, and Logstash), X-Pack (commercial features), and Elastic Cloud (a SaaS offering).

Learn more at


EdgeSuite enables MSSPs to securely provide their CSP and F1000 customers with real-time, role-based, actionable information from ArcSight and other tools, driving self-service and CSAT.



CrowdStrike is the leader in cloud-delivered endpoint protection. The CrowdStrike Falcon® platform offers instant visibility across the enterprise and protects against all cyber attack types.

Learn more at here.

Learn more at

Acalvio provides Advanced Threat Defense solutions to detect, engage and respond to malicious activity inside the perimeter. The solutions are anchored on patented innovations in Deception and Data Science.

AI, robotics, sensors and agnostic computing… data is at the center of them all. Today’s leaders are big data-driven businesses, informed by real-time insights. Data and apps are already living on a variety of platforms over which you have little control. In parallel, the most stringent data privacy regulation yet—the GDPR—is taking effect and may appear almost in direct opposition to business agility. Join this panel discussion with peers who are driving high-value business outcomes through data de-identification.

We all know how critical it is to protect financial transaction data due to the growing frequency of data breaches and increased sophistication of cyber attacks. As the processor of over 2,500 transactions per second around the world, including nearly half of all U.S. payment transactions, First Data Corporation had a compelling reason to protect its data! Come and hear lessons learned during the first two years of this process.

ArcSight Activate framework creates alerts with annotations, but the incident response process in SOCs requires the incidents. See how to create incidents automatically in the Request Tracker based on annotation status of alerts. Hear how to avoid the fact that ESM is missing an audit trail for annotations and get tips for how to measure SLAs for incidents and alerts.

ArcSight Management Center offers a single, centralized console for monitoring ADP license consumption. In this informative session, you will learn how ADP license consumption is calculated based on ADP license ingestion reports collected from ADP loggers and ADP connectors.

This session will compare techniques for efficiently ingesting, storing and querying high volumes of incoming event log data in Vertica. Hear about logical and physical designs for data'such as hybrid flex table, text index and triple store, as well as how to achieve high query concurrency when also ingesting data at the same time. See benchmarking results from our Labs tests showing that Vertica can run highly concurrent queries up to two orders of magnitude faster than specialized log processing tools, using 2.8 to 4.5 times less storage and having similar data ingestion times.

The Home Depot, the world's largest home improvement retailer, has been providing hammers, saws, nails, lumber and paint to do-it-yourselfers and pros alike since 1978. In the same spirit, its product security team offers self-service tools and materials to help software developers analyze their source code and deploy applications at scale and speed, matching the pace of agile.

Historically, entities have focused on well-known security compliance requirements such as PCI, FISMA, NIST 800-53 v4 and the Application Security and Development STIG. Now, organizations are moving beyond strictly meeting compliance requirements and starting to make risk-based business decisions about what to remediate and where to allocate resources. We'll answer questions like: What processes, tools and metrics complement these decisions? What can be done to ensure that all programs regardless of project lifecycle state or development methodology are taking advantage of best practices to bake security into the development process? Also, hear a brief discussion of automating the Plan of Actions and Milestones (POA&M) process, continuous assessments and remediation.

Get a comprehensive overview of the new features delivered in ArcSight Data Platform 2.1 and the value they bring to the world of intelligent security operations.

Increase the ROI of your investments by collecting and analyzing enterprise machine data by applying best practices in scaling the ArcSight Event Broker. Learn how to use your Event Broker at the speed and scale of your ever-growing needs for volume. Customize it to the types of security event data collected and used in the ArcSight Intelligent SOC.

With the growing number of customers adapting to the Activate Framework, ArcSight R&D has developed two tools to help you find the content you need from the ArcSight Marketplace: the Content Configurator and the Content Brain. In this session, you will learn how the two technologies meld with Activate packages and expand our coverage of challenging security use cases. We will discuss why you should be using the Configurator and Content Brain to get the most out of your ESM implementation.

Have you ever thought that there was not enough information on OS security hardening in ArcSight install guides? We have too. As ArcSight is one of the core security solutions in the environment, it should be hardened and secured. So we set out to make ArcSight installation-compliant with CIS Benchmark, a list of recommended technical settings for operating systems, middleware, software applications and network devices. The benchmark is a concise, prioritized set of cyber practices created to stop today's most pervasive dangerous cyber attacks. It helps organizations effectively implement a cyber security strategy and has been shown to dramatically improve security posture when applied. We have experience applying CIS controls one by one all the way from packages check to SELinux configuration. We do not recommend going this way alone from the very beginning. We can share our experience on best-practices, traps, challenges and ways how to overcome them.

Hear how the Internal Revenue Service (IRS) enabled all of its Network Node Manager (NNMi), Operational Manager (OM) and Network Automation (NA) web servers with the Common Access Card (CAC) X.509 authentication. That card is required for anyone needing to access the systems. You'll gain insight into the long and drawn-out configuration within the tools, and understand why the IRS believes CAC is more reliable than Single Sign-On (SSO). Learn how the IRS set up certificates and enabled the OM, NNM and NA systems to talk with new certificates.


Recent advances in operating system level virtualization (software containers) allow us to simplify the number of traditionally complex administration tasks related to distributed deployment. While the technologies originate from the cloud environment, they are general enough to be leveraged by the products installed on customer premises. In this session, you will learn about software containers and their orchestration as well as how the technology is used to deploy ArcSight Investigate.

This session will outline the new way of deploying ArcSight products at scale, first introduced as part of Event Broker 2.0 and Polaris 1.0. We'll discuss how container and container orchestration technologies make it easy to deploy, scale, replicate and upgrade the ArcSight infrastructure.

Paladion worked closely with Dubai's Road Transport Authority (RTA) to develop over 40 ArcSight use cases covering 13 different applications and the overall IT infrastructure. Paladion integrated more than 100 devices as well as 13 RTA applications, each which involved custom parser development for integration for security monitoring. RTA received the following benefits from this swift implementation: Real-time log analysis, complemented by formulated response action, aimed at both identifying attacks underway and preventing attacks before they occur, Enhanced visibility into system-wide activities, both normal and suspicious. Knowing the who, what, when and why of users and data entering and exiting RTA systems Ability to profile and thumbprint normal or expected activity patterns. Ability to conduct a forensic analysis ? Compliance with global regulatory standards. Deterrence of internal attackers by regular monitoring and alerting operations.

In this session you will learn about new features implemented in Event Broker 2.1. We will demonstrate how Event Broker leverages Apache Kafka streams for event transformation and routing as well as how to implement management and configuration of Event Broker with ArcSight Management Center. See how Event Broker integrates with ESM, Investigate and Vertica. Lastly, view the new deployment model based on Container and Kubernetes as well as the updated roadmap.

ArcSight Connectors can now send security events to an Event Broker destination where they can be processed in various ways. Three different formats are available: CEF 0.1, CEF 1.0 and binary. The first two formats may be consumed by ArcSight Logger or other CEF-aware consumers while the third may be consumed by ArcSight ESM. This session covers how to configure and use this new capability.

ArcSight Management Center (ArcMC) has powerful new features for monitoring and managing an ArcSight Event Broker and its health. Additionally, ArcMC offers a single, centralized console for monitoring ADP license consumption in various practical deployment topology scenarios that can be used depending on the business needs.

Threats can't hide from the eye in the sky. The integration of a network access control solution with the ESM provides ArcSight with the ability to see and learn about all the devices on the network, including Internet of Things (IoT) devices. With the ESM in command, the NAC can take action orchestrating real-time response. Network access control solutions provide the ArcSight ESM with an amazing amount of detail and capabilities to enable compliance and endpoint auditing, gain visibility into the network, restrict access of devices based upon their security posture and automate incident response. Learn how the integration of ArcSight ESM and NAC solutions will enable information security analysts to gather information from the console and through automation?as well as readily enforce security policies and mitigate threats.

In this session, we'll select some OWASP vulnerabilities as sample attacks to ArcSight ESM, as well as attacks such as sql injection and password file access. We will compare tools and discuss automation framework approaches. We'll demonstrate code for data- and behavior-driven tests (UI e2e and Restful API) on a local Jenkins server to show a typical continuous integration process with only open-source or free tools. In addition, we'll explore integration with our in-house STORM framework.

Do you ever find yourself on the 'the road less traveled' security path, and wish someone would have warned you about potential pitfalls? Hear from someone who has been there and gain insight into the five digital asset security risks you should know about. You will enjoy the stories, see key learnings and understand what you need to do as you head down this path. The risks to your revenue, brand, customers and competitive edge are very real. Join the leading expert in digital asset security and performance engineering to know where to focus first. Mitigate some of the higher profile risks, which you and your team may not even be aware of yet.


As our organization has explored the world of hunt in the past few years, we have documented both our successes and failures. These have been instrumental in creating our tried-and-true approach methodology of Hunt. During this session, you will be guided through our successes and failures to help you make an educated and informed decision toward building your own Hunt Operations strategy.

In this session, you will see how to use machine learning on event logs to identify compromised user accounts in near real-time. Since compromised user accounts are used in many attacks, i.e. lateral movement of threats, identifying them early can stop attackers in their tracks. We define a context around user authentication events, extract relevant features from events in the context, classify the events as anomalous or benign and identify compromised user accounts. Our experiments on real-world data show that our approach is reliable, scalable and effective.

Arcsight Logger’s enhanced search allows each user to run multiple searches concurrently with improved performance. The new reporting capabilities in ArcSight Logger introduce multi-tabs for reports and report objects, improved navigation, closer integration to MS Office, new drag and drop dashboards and more visualizations including Tree Map, Scatter Plot, Funnel, etc. In this session you will learn how to have concurrent searches running on Logger and build rich reports and dashboards.

See a demo of an improved Quick Flex tool. We'll cover how to create a parser quickly for flex connector with added features of Auto Regex generation, operations testing, mapping validation and more efficient validation of CEF data.

Learn the leading-practice approach to building use cases, starting from requirements-gathering through use case build-out. We will take you through all the steps to develop a real-life use case right before your eyes, including deliverables such as reports, dashboards and rules. ArcSight Activate methodology will be demonstrated for building the content.

Has content management got you down? Too many cooks in the SOC kitchen? Broken rules never getting fixed? Correlation rules stale and stagnant?

Leverage ArcSight cases to implement a content development life-cycle and change the interaction between analysts, system engineers and content developers from looking like a "Three Stooges" episode into an effective feedback hyperloop.

In order to evolve into an intelligent security operations center, a development methodology needs to be adopted and followed across your security groups. Having a formalized development life-cycle is essential in driving products across the finish line.

We will show you how to take these development best practices and incorporate them into your SOC dev workflow, all within ESM cases and 6 development phases implemented in the form of case folders. Within this cycle, analysts and system owners can create content requests, attach actual ESM base events and pass requests to engineering all without leaving ArcSight.

Ever wonder where those missing fields are hiding? This presentation will examine event log sources such as Windows and ForcePoint, and how to find and add critical missing fields to create a much richer ArcSight environment. Hear how to use variables, mapping files, parser overrides and pre-persistence rules to enrich ArcSight events, add more context and make events more usable to help identify threats more easily.

ArcSight Connectors are a significant portion of the installation process at a customer site. This session covers a feature that simplifies the installation of Connectors for enterprise customers who deploy to a high number of servers and may install multiple connectors per server. Learn how to achieve a workflow in which all the installation information is captured up front, then how a single click deploys and installs to many target nodes.

ArcSight has evolved to provide an even more meaningful monitoring solution. Hear how its configuration settings can be fine-tuned to have the platform available with 0 downtime. These configuration settings may be deployed from OS, ESM, Logger and MySQL level. View first-hand some real-time performance measurement scripts and dashboards to understand and configure the parameters for maximum throughput and minimum downtime.

In just two years, humanity went from BlackEnergy, the first attack that caused power outage to the global WannaCry epidemic. And just one month later, we experienced the first AI cyber weaponry disguised as ransomware. APT actors use autonomous malware that makes decisions on the fly based on industry peer infrastructure and specific weaknesses.

To stand a chance, we need a fusion of reactive, proactive and predictive principles to stay ahead of cyber threats and to reduce the risks to the minimum. ArcSight ESM has all the capabilities to gather any digital data—we just need continuous data acquisition, quality, use cases and intelligence.

We add CKC & ATT&CK to track and respond to ultimate 11 tactics and 191+ techniques that attackers use to break defenses. ArcSight can be both an early-warning system and a last line of defense backed by an AI expert system, empowering your team with real-time intelligence for rapid decisions and defensive actions. The time to change the game is now!

In this session we will discuss how ArcSight Investigate is tuned for security tasks rather than being simply an Vertica query interface. In addition, we will demonstrate how you may use the preset queries, fieldsets and visualizations to create a dashboard that efficiently solves a security task.

In this session you will learn about implementing search capabilities for ArcSight Investigate and other ArcSight software accessing a hybrid data lake where hot data is stored in Vertica and cold data is stored in Apache Hadoop. This session will cover functionality, example use-cases and architecture of the solution.

In an era of overwhelming attacks from a volume perspective, swift investigation is critical for effective threat response. In this session we will demonstrate how ArcSight Investigate visual analytics can boost analysts, efficiency and accelerate investigation through a hands-on investigation of common cyber security threats: ransomware, beaconing, hunting and more.

In this session you will learn about the latest innovation in the ArcSight portfolio--ArcSight Investigate. Hear about this intuitive investigation solution that gives your security analysts 10 times faster search capabilities than other tools in security.

The Home Depot, the world's largest home improvement retailer, has been providing hammers, saws, nails, lumber and paint to do-it-yourselfers and pros alike since 1978. In the same spirit, its product security team offers self-service tools and materials to help software developers analyze their source code and deploy applications at scale and speed, matching the pace of agile.

Historically, entities have focused on well-known security compliance requirements such as PCI, FISMA, NIST 800-53 v4 and the Application Security and Development STIG. Now, organizations are moving beyond strictly meeting compliance requirements and starting to make risk-based business decisions about what to remediate and where to allocate resources. We'll answer questions like: What processes, tools and metrics complement these decisions? What can be done to ensure that all programs regardless of project lifecycle state or development methodology are taking advantage of best practices to bake security into the development process? Also, hear a brief discussion of automating the Plan of Actions and Milestones (POA&M) process, continuous assessments and remediation.

Walk through the building blocks that can be introduced to mature an application security program and easily injected into a DevOps pipeline. These blocks include complete, end-to-end automation of both dynamic and static analysis using Fortify WebInspect and Fortify SCA while leveraging common industry technology for bug tracking and continuous integration. This session will include a demo of what has been put together using various technologies.


Create a world-class automated Dynamic Application Security Testing (DAST) program with Fortify WebInspect and WebBreaker. Take theory into practice by seeing how your architects, developers and QA teams can perform security testing on their applications as part of the development lifecycle. Key discussion points will include how WebBreaker, an open-source project, will centrally manage your WebInspect scans by reducing complexity, increasing reliability and visibility, while supporting enterprise scalability. Additionally, we will discuss common challenges with all open-source and commercial DAST products, implementing automated security testing into a DevOps pipeline.

Traditional Software Development Life Cycle (SDLC) models such as waterfall and spiral have enforced dynamic scanning only in the final pre-production phase. This has resulted in delayed detection of vulnerabilities with high remediation costs. The recent move by many teams to a DevOps model has demanded changes to the traditional way of doing Dynamic Application Security Testing (DAST). The new model requires shorter scans, with faster time to results along with appropriate prioritization. This talk will discuss ways of using Fortify WebInspect in a DevOps shop. By leveraging various innovations such as incremental scanning, scan reuse and scan merge, WebInspect can be configured in various ways to fit many SDLCs. We will also discuss a specific case of detecting privilege escalation in such situations, and demonstrate ways to implement different workflows.

With a growing number of organizations adopting DevOps strategies, the ability to embed security testing into the DevOps process becomes even more critical. DevOps allows organizations to develop and release new features and functions at a lightning-fast pace. But the wrong approach to security will fail quickly. Merito has helped many companies when they have attempted and failed to implement application security in their DevOps processes. There are numerous reasons for the challenges, ranging from improper technology implementation to lack of vision and understanding. In this session, you will hear about how companies that failed at application security and turned to Merito and Fortify to rebuild a successful, secure DevOps program.


Learn how Coca-Cola FEMSA, a Fortify on Demand customer, implemented its application security program. The session will cover how to design and implement a business strategy for an application security program through enablement of business processes such as legal, supplies, human resources and internal control to achieve the objectives of the program.


The Application Security track keynote will showcase the innovations taking place in application security to accelerate automation, speed and agility. We will begin with the latest findings from Mainstay Research on the state of Software Security Assurance (SSA), with a focus on the advantages and value of integrating security into your DevOps initiatives. Learn more about market-differentiating advancements in machine learning, built-in scanning and speed-to-production. Hear key updates on how the Fortify roadmap and Fortify ecosystem is driving the future of AppSec.

As the challenges to data privacy continue to grow, our capabilities will also grow to support you with effective security solutions. Please join Reiner Kappenberger, Head of Global Product Management for our Data Security group, to learn about the latest innovations to the data security product line. Understand how we can help meet your data-centric security needs for General Data Protection Regulation (GDPR) and PCI compliance; big data, IoT, hybrid cloud, mobile and omni-channel payments adoption; data-centric audit and protection; and more.

Continuous integration and continuous delivery (CI/CD) provide an opportunity to 'shift security left' and speed your product release process. But getting started can be difficult. Disengaged security groups, the need for late life-cycle compliance/audits and the time it takes to perform security scans/testing activities are all roadblocks to fast delivery. Join Jeffery Payne, Founder and CEO of Coveros, in exploring how numerous companies have incrementally integrated security capabilities into their emerging DevOps pipelines. Mr. Payne will lead a dynamic panel of industry leaders who have successfully modernized their software development process while securing it at the same time. Take home practical advice on how to get started with security integration, avoid common pitfalls during your journey and engage everyone from developers to operational personnel in your security mission.


Travelport is a GDS focused on building software to help travel companies and corporations deliver the exceptional experiences demanded by today's traveling public. Fortify is the foundation of the software security testing for our travel products and services. The Software Security Team at Travelport is transforming the way we protect our travel solutions by continually maturing the software security program and ensuring that we are naturally integrated into the various SDLC workflow methodologies. In order for our Software Security Team to stay relevant in today's fast-paced digital world, we have focused on process and technology to meet the ever-changing needs of over 2000+ developers and 20 + software languages.


We all know how critical it is to protect financial transaction data due to the growing frequency of data breaches and increased sophistication of cyber attacks. As the processor of over 2,500 transactions per second around the world, including nearly half of all U.S. payment transactions, First Data Corporation had a compelling reason to protect its data! Come and hear lessons learned during the first two years of this process.

The value of data is in constant flux due to aggregation, correlation and usage. Hear how new cryptographic models including quantum cryptography, homomorphic cryptography and blockchain protect both the current and future value of data, allowing business professionals to create, use and dispose of data with the confidence that it will be protected over time.

Organizations across every industry are building data reservoirs to provide the analytic insights required to compete. Recent data breaches have the attention of executives and board members, leading companies to lock down their data assets. However, this has prevented organizations from providing wider access to data insights. In this session, Roni Schuling shares her experience enabling enterprise data governance for data-centric protection at Principal Financial Group, describing its initial implementation with Apache Hadoop for the marketing function. By leveraging shifts in focus within the C-suite as an impetus for change, Roni worked with the team to create a statements-of-direction for data protection, including an understanding of threats and compliance requirements. Principal has made progress overcoming organizational resistance and the belief across the business that, "We need access to clear data. Join Roni to learn new ways of accelerating how to protect your organization from breaches.


When high-value, sensitive or regulated data needs protecting, you must first examine the security, analytics and data-movement needs of the entire enterprise. As encryption solutions share little to no compatibility, robust key management is critical to accessing and moving encrypted data safely. Keys must not be exposed on databases or applications where they might be discovered, stolen or used to unlawfully access sensitive data. Keys must be readily available to authorized identities for business purposes. However, stateless keys are created the moment protected data needs decrypting. These keys are never inventoried. Existing for mere milliseconds, they are destroyed immediately upon use, which greatly reduces the attack surface against them. This presentation will explain how Stateless Key Management mitigates the risk of successful attacks against encrypted high-value, sensitive or regulated data, yet enables analytics and movement of it around the enterprise network without fear of re-identification.

The EU General Data Protection Regulation (GDPR) is a quickly emerging challenge for any organization that collects EU citizen data from anywhere in the world. Anyone unprepared for the May 2018 deadline faces the risk of material fines, sanctions and possibly even class-action lawsuits. CISOs must therefore take related legal and compliance risks seriously. But at the same time, because data is the currency of business success, getting this data under control also provides significant upside to the business as you can break down data silos and leverage this information for strategic insight and value creation. Learn how to protect sensitive data, mitigate data breach risk and empower your organization's digital business transformation by adopting technologies such as cloud, Apache Hadoop and information governance solutions, while also complying with this important regulation.

Are you experiencing an explosion of e-commerce transactions and you're challenged to remain PCI-compliant and safe from a data breach, but you also want to provide an amazing consumer experience? You need to maintain a fine balance between security and a positive consumer experience. Data breaches and the associated costs are increasing in frequency. Hackers are getting more sophisticated in how they hack into applications. Enterprises not only have to deal with costs related to breaches, but their annual PCI audit costs as well. In this session, we delve into the ways you can mitigate risk associated with a data breach. This includes potentially reducing PCI audit costs with data-centric payment security solutions across different e-commerce channels such as web, mobile and voice-activated systems.

The clock on GDPR is ticking with the May 2018 enforcement date looming. All businesses that handle EU citizen data will eventually be impacted. Compliance risks are material to many US and global firms, with fines and remediation costs potentially an order of magnitude larger than all other regulations combined. This session will take a practical view to illustrate how SecureData maps specifically to GDPR requirements. We'll walk through practical customer use cases involving EU data in a large enterprise, with Big Data and hybrid enterprise IT examples. Attendees can learn how our advanced FPE technology solves complex regulatory issues quickly, while also enabling data-driven organizations to increase the use of data for decisions, even under aggressive regulatory controls.

Government agencies are increasingly challenged to protect their most valuable data. However, endpoint or network security can't stop attackers alone, and malevolent insiders create additional risk. An effective solution lies in protecting the data itself across systems. Recent NIST security recommendations with FIPS validation make ground-breaking Format-Preserving Encryption (FPE) technology in SecureData available to 'de-identify' sensitive data, rendering it useless to attackers, while maintaining usability and referential integrity for business processes and applications. FPE protects decades-old legacy systems and modern, advanced IT infrastructures alike with an innovative, data-centric approach to security that performs and scales for today's demanding environments.

Key challenges to ingesting data into the data lake are security, speed and reliability, where edge nodes have been the bottleneck. We will explore how Kylo and NiFi enable you to build high-performance, robust solutions for cleansing and protecting data as it is ingested. These open-source frameworks enable rapidly adding new data sources with schema discovery, using point-and-click configuration for encryption, data cleansing and normalization. NiFi offers a robust, high-performance framework that can cleanse and encrypt data during the ingestion process. In this session we will cover: Enterprise data protection strategies for Big Data. The benefits of NiFi compared to frameworks like Apache Spark, Storm and Kafka. The power of flow-based programming for performance and reliability Gain a better understanding of how Kylo and NiFi are great complements to the data lake to help add new data sources rapidly.

As data is increasingly harvested and monetized, traditional IT security and controls approaches are leaving enterprises progressively vulnerable to data breaches, particularly in the Enterprise Resource Planning (ERP) space. In this session, Deloitte: Presents the case for data encryption within your enterprise's SAP systems through SecureData, Gives a live demo of solutions in action, Guides the audience through the key drivers and challenges in securing data within SAP & Presents industry-specific use cases for data encryption within SAP.

The new GDPR law goes into effect on May 25, 2018 and impacts more than just European Union member countries. It applies to all countries that do business in the EU. Compliance to this regulation means big changes for IT departments across the world in terms of data privacy and how you design new systems. Non-compliance fines can reach up to 10 million euros, or 4% of an organization’s global annual revenues (whichever is higher), so you need to be prepared!


With the onset of cloud computing and the ability to dynamically allocate and scale data sets on a nearly unlimited amount of storage, data encryption challenges are on the rise. Various factors - including contractual, internal, regulatory and legal, make encryption a requirement and result in a trade-off between security and usability. This session includes how sensitive data such as PHI and PII can be handled in the cloud. The discussion will cover: How to implement encryption on public cloud infrastructures and have the confidence of meeting contractual obligations without breaking the bank. Some gotchas to be aware of, such as performance, audit and scope creep in the new world. What the exception process looks like. The uplift from a development and operational perspective for onboarding a new client Join this session to learn more!

DevOps teams are building applications faster than ever before, and utilizing large amounts of open-source software to increase agility. However, that introduces the possibility of open-source security risk. The landscape of attacks has changed in recent years, with cyber-attacks increasingly happening on the application layer. This means DevOps teams need to be involved in the security process.


Every day seems to bring more threat intelligence feeds, each claiming to help find a particular attacker or piece of malware. While information-sharing is an important step in empowering network defenders, it must be done sensibly. Having a larger pile of indicators does not automatically make the network more secure or the security team more effective. Threat intelligence must be managed to be effective. To understand the context of a hit, indicators must be linked to reporting and tied to the analytic use case. Mapping external threat intelligence to your internal threat model is key. Analysis is needed to ensure that intelligence is relevant to the organization and aligned to the security tooling available. In this session, we will show the importance of this management and discuss methodologies for effective management and organization of threat intel.

Often, good security is described as a triumvirate good of process, technology and people, with all three elements critical to ensure well-rounded protection against threats. We'll explain how good processes are irrelevant if you don't ensure that people and technology are at the center of good security design.

The people element of cyber security is often neglected for "sexier" technology. However, without the right people to implement, control, program and monitor the technology, it becomes prone to human complacency, malicious use or intentional or unintentional misuse.

Hear how the often-depicted equilateral triangle of cyber security is outdated and how people (or human) and technology aspects of security are far more important than good processes to ensure adequate protection against internal and external cyber security threats.

Isosceles security describes how human-centered technology solutions will become the future of cyber security with less import placed on process and more direction focused on cutting-edge technology designed in consideration with human factors and resulting behaviors.

This presentation is authored by Dr Tim Doyle a behavioral psychologist and adjunct lecturer at Deakin University in Melbourne, Australia and Ben Walker a cyber security practitioner and researcher from Melbourne, Australia.