Hi [[ session.user.profile.firstName ]]

Cloud Security and Compliance Automation

  • Date
  • Rating
  • Views
  • Compliance Automation for the Cloud Compliance Automation for the Cloud John Martinez - Principal Solutions Architect, Evident.io Recorded: Nov 17 2016 45 mins
    For years, security and operations pros have loathed being involved in a compliance effort. And for good reason—compliance is long and tedious and pulls you away from the “real work” of securing your cloud environments.

    Join us for this webcast to learn how to incorporate automation to alleviate the hard work of compliance testing and produce automated results that will satisfy Ops and GRC.

    Join this webinar to gain a better understanding of:

    -What a typical compliance workflow looks like in the cloud
    -How to measure and demonstrate compliance in your systems and controls
    -The importance of real-time compliance assessment of your entire cloud infrastructure for your organization
    -How Evident Security Platform (ESP) can help you automate your security and compliance workflows in the cloud
  • Programmatic Security Automation for AWS Programmatic Security Automation for AWS John Martinez Recorded: Apr 21 2016 54 mins
    The ability to provision and update infrastructure using APIs also allows flexible and programmatic control of our security choices. These decisions will ultimately help protect intellectual data, content, applications, systems and networks ‘in’ the cloud.

    In this webcast, John Martinez will lead a deep dive discussion and provide a live demonstration of how to improve security awareness between IT, Dev, and Ops teams, as well as provide some real-world (code) examples on how to bring security into your application delivery model to reduce risks with DevOps integration and security and compliance automation.

    In this webcast, attendees will learn about:

    - The Top Ten AWS Security Best Practices, with anecdotes

    - How to use automation to enforce those security best practices

    - Practical coding to gain more visibility into the security aspects of your AWS environment, including:

    - Assuming IAM Roles
    - Inspecting CloudTrail Events
    - Auto-remediation of security group issues
    - Writing a custom signature in ESP

    About the Speaker:

    John Martinez, Principal Solutions Architect for Evident.io, has in-depth experience guiding development teams on AWS and other cloud platforms. He assists them in streamlining creation of cloud applications, optimizing AWS resource usage, and ensures that their AWS infrastructures are properly protected. John specializes in DevOps, automation and continuous solutions, and contributed to the creation of the CIS Foundations Benchmark for AWS Security.
  • CIS Foundations Benchmark for AWS Security CIS Foundations Benchmark for AWS Security Tim Prendergast, Adam Montville, Tim Sandage Recorded: Mar 30 2016 63 mins
    Recently the Center for Internet Security (CIS) published the CIS AWS Foundations Benchmark, the first ever set of security configuration best practices for Amazon Web Services (AWS), and the first that CIS has issued for an individual cloud service provider.

    These industry-accepted best practices go beyond the high-level security guidance already available by providing AWS users with clear, step-by-step implementation and assessment procedures.

    In this webcast, attendees will learn:

    - How the CIS Benchmarks remove guesswork for security professionals about how to implement foundational security configuration measures for AWS accounts

    - How audit teams can consistently evaluate the security of AWS accounts, reducing complexity in managing risk when using AWS for critical, regulated systems

    - How these security checks can be seamlessly integrated into an organization’s security and audit ecosystem with an array of security tools and solutions

    CIS Benchmarks have been the de facto standard for prescriptive, industry-accepted best practices for securely configuring traditional IT components. The release of the CIS AWS Foundations Benchmark into this existing ecosystem marks one of many milestones for the maturation of the cloud and its suitability for sensitive and regulated workloads.

    Panelists:

    Adam Montville is the Sr. Director for Security Controls and Automation at The Center for Internet Security (CIS).

    Tim Sandage is a Senior Risk & Compliance Strategist for Amazon Web Services (AWS).

    Tim Prendergast, CEO and co-foundeder of Evident.io who also led technology teams at Adobe, Ingenuity, Ticketmaster, and McAfee.
  • Implementing the Top Ten AWS Security Best Practices Implementing the Top Ten AWS Security Best Practices John Robel, Kevin Dillion Recorded: Feb 25 2016 62 mins
    These top ten were put together by AWS security practitioners with over a decade of combined experience securing large AWS deployments.

    Attendees will discover how most of these best practices are very easy to implement and go a very long way to ensuring your success on AWS.

    Join Evident.io's John Robel, Principal Solutions Architect, and 2nd Watch's Kevin Dillon, Solution Architect, for a review of the Top Ten AWS Security Best Practices.

    In this one hour session, attendees will come away with actionable information that can be implemented immediately regarding how to:

    - Disable Root API Access Key and Secret Key

    - Enable MFA Tokens Everywhere

    - Reduce Number of IAM Users with Admin Rights

    - Use Roles for EC2

    - Least Privilege: Limit what IAM Entities Can Do with Strong Policies

    - Rotate all the Keys Regularly

    - Use IAM Roles with STS AssumeRole Where Possible

    - Use AutoScaling to Dampen DDoS Effects

    - Do Not Allow 0.0.0.0/0 Unless You Mean It

    - Watch World-Readable and Listable S3 Bucket Policies

    Date: February 25, 2016

    Time: 1:00pm EST / 10:00AM PST

    Duration: 1 Hour

    Panelists:

    John Robel is a Principle Solutions Architect for Evident.io with over 20 years experience, and his previous role was as a Senior Technical Account Manager at AWS where he managed customer relationships with some of the largest AWS enterprise customers like Netflix and Adobe. John is an AWS Certified Solutions Architect and has been both Cisco Certified as a Network Associate and ITIL Foundation certified.

    Kevin Dillon is a Solutions Architect with 2nd Watch and has over 20 years’ experience building and managing high-performing teams with extensive industry experience with hedge funds and asset management firms. Kevin lives in the New York city area.
  • From Servers to Services - Securing Public Cloud Infrastructure for AWS From Servers to Services - Securing Public Cloud Infrastructure for AWS Jim Reavis, Adrian Sanabria, Tim Prendergast Recorded: Jan 27 2016 64 mins
    Increasingly, security and risk (S&R) professionals must be able to securely migrate workloads to cloud providers like AWS.

    However, properly securing IaaS platforms involves much more than simply migrating physical servers to virtual instances.

    Today's dev teams are building cloud-native applications using IaaS services and APIs into which host-based security tools and network scanners have little to no visibility.

    To successfully defend IaaS infrastructure, S&R pros need to understand the security implications of Infrastructure as Code and and the importance of protecting the IaaS console and management plane.

    Join Cloud Security Alliance Co-founder and Chief Executive Officer of the Jim Reavis, 451 Research analyst Adrian Sanabria, and Evident.io Co-founder and CEO Tim Prendergast as they discuss:

    The differences in attack surface and vectors between on-premises and IaaS infrastructures

    The critical nature of defending the IaaS console and management plane

    How progressive enterprises have implemented effective security configuration and vulnerability management processes
  • SecDevOps: The Marriage of DevOps and SecOps SecDevOps: The Marriage of DevOps and SecOps Alan Shimel Recorded: Jan 15 2016 51 mins
    We’re now seeing a new “marriage” of SecOps and DevOps that is creating a whole new mentality for driving innovation inside and outside of organizations.

    DevOps and security teams are now actively collaborating as peers, rather than in the traditional requester/approver relationship, and making a seat at the table for security professionals.

    DevSecOps is propelling forward-thinking organizations by doing something simple - fostering collaboration of seemingly contradictory teams to align their disparate goals into a singular effort.

    Watch this recorded webcast to learn how leading DevSecOps organizations are bringing operations, engineering and security together to harmoniously detect security problems sooner, respond faster, and protect resources more effectively.

    Speakers:

    Alan Shimel – Devops.com
    Gene Kim – Former CTO, Tripwire
    Shannon Lietz – DevSecOps leader, Intuit
    Tim Prendergast – CEO, Evident.io
  • Security Automation for DevOps Security Automation for DevOps Tim Prendergast, Allan Shimel, Andrew Storms Recorded: Dec 3 2015 61 mins
    As organizations move more deeply into continuous development and deployment modalities, the importance of implementing continuous security behaviors becomes non-negotiable. Cloud environments undergo dramatic changes during deployments, auto-scaling events, and through natural growth. While static data center environments were simple enough to be evaluated by humans, the dynamic nature of cloud environments are too complex to adequately secure without automation. Your operational tools deliver continuous monitoring and alerting — why doesn’t your security suite?

    Join DevOps.com Editor-in-Chief Alan Shimel, Andrew Storms, Vice President of Security Services at New Context, and Evident.io cofounder and CEO Tim Prendergast as they discuss why DevOps shops need to automate key functions in order to ensure their Cloud Infrastructure Security.
  • Security Fundamentals for DevOps Shops Security Fundamentals for DevOps Shops Alan Shimel - Devops.com Editor-in-Chief; David Mortman - Distinguished Engineer Dell; Tim Prendergast, CEO Evident.io Recorded: Nov 10 2015 63 mins
    There is no single path to a DevOps approach that works for every organization, but there are fundamental principles and techniques used by the DevOps elite that can be applied to improve security operations and efficiency in the cloud.

    In this video you'll learn ways you can adapt your organization’s processes and behaviors to gain can huge efficiencies for your security operations in the cloud:

    -How to establish shared goals and collaboration between IT and DevOps
    -How to integrate security into the overall development and deployment processes and tool-chain
    -How faster feedback loops improve not only quality, but security as well
    -What powerful security capabilities you can enable via API enabled security solutions
    -How to layer your defenses to augment your existing security
  • Orchestrating Security in the Cloud - A SANS Survey Orchestrating Security in the Cloud - A SANS Survey Dave Shackleford, Analyst, SANS Institute - Andrew Maguire, Senior Director of Product Marketing, Evident.io Recorded: Sep 23 2015 63 mins
    This webcast summarizes the results of a new SANS survey that examines organizational use of public and private clouds and seeks to determine their best practices in securing content that traverses through both ecosystems.

    Attend this webcast to learn:
    *How organizations use the cloud
    *What types of information they store in the cloud
    *What concerns they have about data security
    *How much they rely on cloud service providers and what difficulties they face
    *What security and data protection technologies they use in the cloud environment
    *How they manage cloud users
    *And much more.
  • Beyond the Scan - Implementing Effective Vulnerability Management for the Cloud Beyond the Scan - Implementing Effective Vulnerability Management for the Cloud Rick Holland, Principal Analyst at Forrester Research, Tim Prendergast, CEO and Co-founder, Evident.io, and Theodore Kim, Sen Recorded: Jul 28 2015 60 mins
    Security incident disclosures and vulnerability warnings are being released at an alarming rate, posing a major challenge for Security & Risk (S&R) Professionals. Additionally, firms that adopt virtualized and public cloud infrastructure like AWS are quickly finding that their traditional vulnerability management solutions and processes were not designed for these dynamic, elastic, and API-services centric architectures. An April, 2015 Forrester Research, Inc. report entitled “Market Overview: Vulnerability Management” stated that the vulnerability management technology space has evolved and will help " S&R Pros repair their strained or broken processes and move past low-impact checkbox scanning to proactive, risk-based assessments."

    Join guest speakers Rick Holland, Principal Analyst at Forrester Research, Tim Prendergast, CEO and Co-founder, Evident.io, and Theodore Kim, Senior Director, SaaS Operations at Jobvite, to learn about:
    * The state of vulnerability management and why Forrester recently said "security and risk pros can't keep up with the tsunami of vulnerabilities."
    * How public cloud infrastructure like AWS adds to vulnerability complexity and has created the the need for new cloud native solutions
    * How Jobvite has implemented an effective security configuration and vulnerability management process for AWS