FS-ISAC Session Descriptions Tuesday, 4 November 10:00 - 10:45 | Keynote EC3’s Role in Countering Cybercrime Broadgate Troels Oerting, European Cybercrime Centre (EC3) The presentation will elaborate on the efforts of EC3 in strengthening the law enforcement response to cybercrime in the European Union. Currently, EC3 provides targeted and effective countermeasures in the areas of cybercrime, child sexual exploitation online and transnational payment fraud. The expertise is mainly delivered through operational, technical and forensic support, deployable on the spot or from the high-tech facilities in the Europol headquarters. Additionally, EC3 specialises in threat assessments of current threats and trends in cybercrime, as well as capacity building and training. The presentation will also provide an operational insight into addressing cyber threats, by highlighting EC3’s initiatives in the area such as the newly established Joint Cybercrime Action Taskforce (J-CAT) and the European Financial Cybercrime Coalition (EU FCC). 10:45 - 11:30 | General Session Actionable Security Intelligence Broadgate Etay Maor, IBM The financial services sector continues to be a target of evolving distributed denial of service attacks, data breaches, advanced malware, internal and external fraud. Traditional security measures are no longer sufficient for addressing the rapid pace of change. Firms with the ability to store and analyze an expanding variety of data in deep context, combined with forensics from custom data mining and analytics, can reveal the step-by-step actions of sophisticated cyber criminals and create a true security intelligence platform for real-time prevention, detection, and remediation. 12:00 - 12:30 | General Session The Growing Problem of Defending Your Brand, Your Customers and Your Business Online Lou Manousos, RiskIQ Broadgate The proliferation of Web properties and mobile apps is occurring rapidly among financial institutions and managing them is becoming increasingly difficult. Because of this, your online assets face a growing variety of malicious activities including hijacked web code, infections from malicious advertisements, copycat mobile apps that infect users, and the theft of your brand, domain names, and other intellectual property. We will discuss how improperly managed online assets can cause serious harm to you and your customers. We will also review a proactive model for discovery, monitoring, and the remediation of threats with supporting data from a survey of CISOs. 13:30 - 14:30 | Concurrent Sessions CISO Panel Intelligence and Information Sharing in the EU Moderator: Teresa Walsh, Citi; Isabel Maria Gomez Gonzalez, Bankia; Marko Hartwig, Zurich; Claus Norup, UBS London Wall This panel of CISOs will discuss the current state and strategic vision they have for sharing information and cyber intelligence between peers, government and associations. Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning, and BGP Hijacks Mohit Lad, ThousandEyes Bishopsgate 1 The network is a key component in application delivery and is often a direct or indirect target of security attacks such as DDoS and BGP hijacking. Mitigation strategies often involve using a third party cloud service without any visibility into whether the mitigation is working well. Using real life examples, we will show how one can measure the user perceived impact of an ongoing attack, as well as identify which aspects of the mitigation are not working as desired. With this detailed availability and performance data at the various layers, financial firms can learn how to better manage ongoing attacks. www.fsisac-summit.com | 9 FS-ISAC Tuesday, 4 November | 13:30 - 14:30 | Concurrent Sessions continued Adventures in Threat Intelligence Bishopsgate 2 James Chappell, Digital Shadows Ltd The security technology community has been evolving threat intelligence capabilities in an attempt to understand more about the groups that pose a threat to businesses, with a particular focus on the tools and TTP ‘s employed by threat actors. The monitoring of open and closed sources plays an important role in identifying these threats providing current situational awareness to security departments. This session will provide an open and honest assessment of challenges, opportunities and constraints of the discipline. We will explore the use cases for threat intelligence and explain why sharing is critical to success of the discipline and profession. 15:15 - 16:15 | Concurrent Sessions Introduction to the FS-ISAC’s Federated Cyber Intelligence Repository Aharon Chernin, Soltra London Wall The presentation will begin by describing the need for cyber intelligence standardization. Once the audience has gained an understanding of the need, Aharon will describe the importance of automation in processing of cyber intelligence data. He also plans to show demo’s, screenshots, and screen capture videos of the repository in action so the audience can see the repository function in person. And finally, Aharon will walk through doing a real time install of the repository so that participants can see how easy it is to get running. Using Cyber Defences to Counter Cyber-Enabled Crime David Bailey, BAE Systems Applied Intelligence Bishopsgate 1 The world of crime is changing, morphing and evolving into something far more dangerous than ever before. Cyber Crime is becoming Digital Crime, and for some, Digital Crime is proving to be very profitable indeed. Digital Crime is the convergence of traditional crime with cyber espionage, conducted by criminals with expert knowledge of a specific industry, and supported by cyber experts who enable digital criminals to steal and take control of assets on a previously unimaginable scale. Aggressive Defence Against Account Takeover Malware Don Jackson, Phishlabs Bishopsgate 2 With a thriving market for criminal-to-criminal (C2C) services and a flourishing underground ecosystem of tools and information at their disposal, cybercriminals continue to expand their botnet-based infrastructure, hone attack tactics, and operate their criminal enterprises with practical impunity. Current defensive tactics are clearly not enough to stem the tide of thefts, fraud, and other attacks that pose constant threat the financial sector. A more aggressive defense is needed against advanced account takeover malware – one that applies threat intelligence to disrupt cybercrime operations and profits. 16:45 - 17:45 | Concurrent Sessions (Part 1) Information Sharing in Europe and in the Netherlands Michael Samson, Dutch Payments Association (Part 2) Responsible Disclosure in the EU London Wall Eelco Stofbergen, National Cyber Security Centre; Jan Joris Vereijken, ING (Part 1) The presentation shows the co-operation model of the European FI-ISAC. This model is different from other European co-operation models in the sector. The presentation focuses on the approach and the results of the European FI-ISAC. The second part focuses on information sharing in the Netherlands: the fraud landscape and the public private cooperation and participation model. Finally, the presentation will give a high level overview of the products developed by the Dutch FI-ISAC: the Cybercrime Monitoring and Investigation Service (CMIS) and the Account Monitored Information (AMI). (Part 2) This session will discuss the progress made on an initiative to improve responsibile disclosure in the EU. www.fsisac-summit.com | 11 FS-ISAC Tuesday, 4 November | 16:45 - 17:45 | Concurrent Sessions continued Moar Malware, Less Malware Bishopsgate 1 Marshall Heilman, FireEye This highly technical talk will explore the in-depth functionality of malware leveraged by attackers over the last twelve months to penetrate networks, escalate privileges, maintain persistence, establish command and control channels, and harvest data and ultimately exfiltrate data. This talk will also explore malicious activity perpetrated by attackers without the use of malware. Need for Speed: The Faster You Resolve Cyber Threats, the Better Your Outcomes -It is that Simple Bishopsgate 2 Peter Clay, CSG Invotas The faster you resolve cyber threats, the better your outcomes. It is that simple. Speed matters. It isn’t enough to know you have an intruder. You have to act. You have to act now. We’ve seen what happens when defenses are overwhelmed and attackers have free rein in your network. The time has come for the next generation of automated threat response. The panel will discuss frameworks, capabilities, lessons learned, and valuable insights. Wednesday, 5 November 9:15 - 10:00 | FS-ISAC Member Meeting* Broadgate 9:15 - 11:30 | FI-ISAC Code Red Meeting** London Wall 10:30 - 11:30 | Solutions Showcases*** Broadgate During a Solutions Showcase Members are invited to join us for refreshments and a technology showcase where the latest technical innovations will be on display. In this relaxed setting, attendees get to select up to three technologies they’d like to see. These information-packed 15 minute sessions will be presented by technology experts from our vendor sponsors, will be use-case driven and will be tailored to the unique needs of members. Improving Third-Party Security at European Financial Institutions Broadgate Veracode According to research by IDG, UK enterprises tend to leverage more third-party applications that US companies. Yet the FS-ISAC Third-Party Software Security Working Group, does not contain European members, and none contributed to the “Appropriate Software Security Control Types for Third-Party Service and Product Providers” whitepaper. This presentation will outline why it is time for European financial institutions to formally acknowledge the risk associated with third-party software and create guidance which the industry can follow. It will also provide insight into how the controls were developed in the US and offer tips for successfully creating similar guidelines. Community Structure and Context of International Hacker Community Battelle Memorial Institute Broadgate Battelle has examined the community structure and context of international hackivists via enriching traditional cyber security datasets with social, technological and geopolitical data. Specifically, Battelle has collected millions of events and captured associated data. Using language processing and image recognition, we have identified hacker aliases/ common motifs present in the attacks and constructed a bipartite graph of events the hackers associated with those events. Simultaneously, we correlate event data with the Common Vulnerabilities/Exposures database to identify the vulnerabilities exploited during attacks. Finally, we place attacks in context to the Financial Services Industry by incorporating the Global Database of Events/Language/Tone data set. * FS-ISAC members only ** FI-ISAC members only *** closed to non-silver sponsors www.fsisac-summit.com | 13 FS-ISAC Wednesday, 5 November | 10:30 - 11:30 | Solutions Showcase continued* Best Practices for Privileged Access Broadgate Hitachi ID Systems In an organization with thousands of IT assets, it can be difficult to securely manage access to privileged accounts for several reasons: t There are thousands of privileged passwords. t Administrator passwords exist on each device and application. t It is difficult to coordinate changes to shared passwords. When there are many shared, static passwords, former IT staff retain sensitive access after leaving an organization. It can also be difficult to trace changes back to individuals who made them. Hitachi ID Systems delivers access governance and identity administration solutions to organizations globally. Cross Channel, Cross Enterprise Fraud and the Need for Collaboration Pindrop Security Broadgate Account takeover fraud is increasing as organized fraudsters use a combination of phone and online tools to setup and execute attacks. Fraudsters move between the online and phone worlds, calling both call centers and consumers. Furthermore, they’re working across institutions, with reconnaissance and attacks on multiple targets. In this panel, we will discuss the technical and organizational changes and the collaboration required to stem cross-channel and cross-institution attacks. Issues include regulatory and privacy concerns of data sharing, logistics, tools already in place such as CYFIN and how they work. Akamai Cloud Security Solutions: Protecting Banks Worldwide Broadgate Akamai Technologies In this Showcase, Akamai will demonstrate an attack against two banking web sites – one in the clear, and one protected by Akamai. The demonstration will show how these attacks can compromise an unprotected site and how Akamai is able to detect and stop these attacks automatically, in real-time, from the cloud. Innovative Authentication Techniques for Beating RATs and Men-in-the-Middle Authentify Broadgate Remote Access Trojans (RATs), man-in-the-middle (MITM) exploits, and purloined credentials are still persistent threats that harvest legitimate user credentials or invade authenticated sessions “post-login.” Financial Institutions, however, need not choose user convenience over stronger authentication to defeat these threats. Authentify’s xFA technology offers strong authentication that can be administered flexibly throughout a transactional session. The user will likely accept security hurdles once invested in a session rather than at login. Authentify’s demonstration illustrates how authentication technologies including digital certificates, biometrics, finger-swipe gestures, or KBA, used in an engaging way “post-login,” defeat RATs, MITM, and other threats without sacrificing user experience. 12:30 - 13:00 | General Session The Ever Changing Global Threat Landscape Tim Hind, iSight Broadgate During his talk, Mr. Hind will outline the contours of the current global threat environment, discuss important trends within each threat actor group, examine the crossover of tools and techniques between these groups and provide examples and case studies illustrating these developments. * closed to non-silver sponsors www.fsisac-summit.com | 15 FS-ISAC Wednesday, 5 November | 13:15 - 14:15 | Concurrent Sessions Cyber Attack Against the Payment Processes EU and US London Wall Chalres Bretz, John Salomon, & Ralph Smith, FS-ISAC A review of the 2014 CAPP, (Cyber Attack Against the Payment Processes) exercise will start the session. Charles Bretz, FS-ISAC’s Director of Payment Risk will present summary results from the September 2014 cyber threat exercise. John Salomon and Ralph Smith from the FS-ISAC’s European staff will lead the discussion about European institutions and associations who have expressed interest in creating a cyber threat exercise that simulates an attack on European financial institutions’ payment operations. There will be an open dialog for members in the audience to comment and provide feedback about a potential European cyber attack exercise in the first half of 2015. The Role of Big Data in Cyber Fraud Detection Bishopsgate 1 Eric Thompson, RSA Mobile and online services sit at a nexus characterized by pressure to grow business across digital channels while minimizing the risks of a sophisticated cyber threat landscape. Fortunately, these channels also come with an exponentially growing mountain of data, and organizations that can capture, store, harness, utilize, and profit from the increasing amounts and velocity of that data can gain competitive advantage. This session will examine how information security teams are working to leverage the enormous amounts of information available to improve threat and fraud detection and the challenges that stand in their way. Security Architecture at the Speed of Business Bishopsgate 2 Charles Clarke, Morgan Stanley Keeping systems secure across thousands of software developers and hundreds of projects all running at full speed is a constant challenge. Morgan Stanley addresses this problem with two cooperating teams: Security Architecture and Security Blueprints. SecArch helps internal software teams comply with policy and secure their software designs, while security specialists from SecBlue work with technology experts to produce reusable blueprints and guidance. The process identifies and tracks risks and captures lessons for the future. We show the process, the results, and some of our dashboards that give executive management a view into the process, its output, and its impact. 14:30 - 15:15 | CISO Panel The Changing Role of the CISO Moderator: Simon Hales, HSBC; Santiago Minguito, Banco Sabadell; Hem Pant, ING; Emma Smith, RBS Broadgate A panel of CISOs from EU based firms will discuss top of mind issues, including: With the ever increasing Regulator and Board concern over cyber security, are CISOs comfortable that these stake holders understand the issues? Is the development of the UK Penetration Testing standard (CBEST) a good thing and will it drive the right behaviour in the industry and with peer regulatory bodies? Can a CISO be an effective risk and operations manager with today’s need for increasingly effective and independent (evidenced) operational risk management? Are CISO’s today ready to be executive board members, or will we continue to be subordinate to another executive? Birds of a Feather Lunch FS-ISAC’s Birds of a Feather Lunch is a great way to connect and interact with your direct peers. Join us on Tuesday, 4 November, from 12:30 – 13:30 in Broadgate for lunch and discussion. The tables will be labeled as follows: t t t t Associations Banks and Credit Unions Brokerage and Securities Card Companies t t t t Clearing Houses and Exchanges Insurance Payments Payment Processors www.fsisac-summit.com | 17