The number of digital Identities and the complexity of authorizations is strongly rising, especially if we start adding the identity of billions of things which will be connected in the coming years. Exploding data quantities will be the result, making it more and more necessary to use new approaches, like big data analytics or behavioral analytics, to identify threats in nearly realtime. The challenge is that these approaches are young disciplines and as such immature. In this track, we will explore the current status and create an adoption roadmap for the next 3 years.
After attending this block of sessions you will be able to
- Describe behavioral intelligence and its role in preventing cyber-attacks
- List the different methods of risk-based security in relation to behavioral intelligence
This block qualifies for up to 3 Group Learning based CPEs depending on the number of sessions you attended.
What If the Future of Security Means Not Knowing It’s There?
For the modern enterprise, agility is the name of the game. What does that mean for enterprise security? How can security practices and policies evolve at the same rate as the business, while simultaneously adapting to an anywhere, anytime, any device IT environment that faces an increasing number of increasingly complex security threats?
As the real world becomes more real-time, security will need to adjust by transitioning from a highly structured, policy-based, block-and-interrupt model to an identity based, adaptive architecture that relies on an information rich environment, advanced analytical capabilities and more automation to become a ubiquitous, passive presence. In this panel discussion, a group of identity and security thought leaders will examine how identity, cloud and emerging tech are enabling new and innovative security solutions for the borderless enterprise, and the adjustments, challenges and opportunities that these solutions will create for businesses.
User Discovery: Changing Best Practices and Protocol Convergence
The simple question of “who are you” is a problem with changing importance in the identity industry. Reigning best practice in authentication has favored a stateless model, where all users are treated as strangers when a session is not detected, regardless of high likelihoods of recurring usage by a single person on a given browser or device. This best practice is now under challenge, as multifactor authentication more tightly binds user identity to devices, and as security context, identity context, device context, geographical location and user consent become common and important parts of authentication ceremonies. Pamela Dingle will discuss how identity protocols are combining to attempt to correctly identify the user in advance of the authentication moment, and the advantages of this guessing game for identity and security architects.
IAM as a Service Best Practice: B.Braun Melsungen AG
Experiences with IAM as a Service and/or IAM Managed Service
Many organizations today raise the question whether they could and should move their IAM infrastructure to the cloud (IAM as a service) or run it as a managed service. However, many IAM infrastructures still primarily support on-premise applications, thus this would be about connecting back to the on-premise IT infrastructure. So, does IAM in the cloud or as managed service only work well for organizations that run most of their IT in the cloud anyway? And what about customizations? IAM deployments commonly are heavily customized – will this work in such environments as well? Or is it anyway the better approach to rely more on standards for IAM processes etc.? And what about the risks of running IAM, which deals with the sensitive areas of identity and access, outside of the enterprise? Is it too much of a risk? The panelists will discuss these and other questions around when and why to move IAM to the cloud and when to better leave it on-premises.
The Anthem Breach and how it could have been Avoided
In January, Anthem Healthcare, the US’s second-largest health insurer, reported that the personal records of as many as 80 million individuals were compromised. Many so-called “security gurus” quickly called out the company for two flaws that were felt to be the major causes of the breach. The gurus were wrong. Kuppinger-Cole analyst Dave Kearns will guide you through the most likely vector for the attack, why the gurus’ recommendations wouldn’t have stopped the attack and also tell you the two things that could have prevented this breach
Risk Based Realtime Security Through Behavioral Intelligence: Concepts and Market Maturity
Behavioral Intelligence is simply taking the actions someone is performing and comparing them to previous actions. For example, keystroke biometrics – monitoring the way people enter data on a keyboard (such as a username/password combination) – is one example of Behavioral Intelligence used in a risk-based security system. This session will explore different methods of risk-based security using Behavioral Intelligence, where the market is today and what could be coming in the near future.