It's Alive! Automating Security Response in the Cloud
The challenges facing teams responsible for creating speed and acceleration in the cloud are numerous, but the most dangerous challenge is discerning security signals from infrastructure noise. We can no longer deploy catch-all appliances or wrap hosts in countless layers of agent-based security technology in modern cloud environments. The context and approach to security has changed drastically in this shared ecosystem. It's time for us, as an industry, to acknowledge this shift and equip ourselves for success in the new world before us through security automation. The application of security automation in an API-centric cloud world represents a net new opportunity for defenders to gain an advantage.
In this webcast, attendees will learn:
-how to bridge the communications gap between Information Security Professionals and Engineering/Operations Professionals while improving defense capabilities
-how to draw on the knowledge gleaned from DevOps to create a world where Security-as-Code is commonplace
-how security automation helps to overcome the dire shortage in trained cloud security professionals
-how to secure rapidly growing workloads in the cloud more easily as adversaries are also automating their attacks
RecordedJun 22 201654 mins
Your place is confirmed, we'll send you email reminders
Thomas Robinson, Solution Architect, AWS & Dan Hubbard, CEO, Lacework
Using containers in AWS enables agile orchestration of application capabilities and require less coordination and oversight than on-premises or virtualization infrastructure. While containers allow you to build and release fast, security teams need to assess how they maintain security for these new capabilities.
In this session, experts from AWS and Lacework will explain how to use Amazon Container Services to easily deliver applications, and how to automate container security so you can enable your DevOps team to build fast while remaining secure.
In modern cyber battlefield, we face new threats daily where signatures are not necessarily known. Identifying these anomalies in regular behavior is the core of User Behavior Analysis (UBA). Common UBA applications include detection of malicious insider threats, privilege misuse, and compromised accounts. Analytics tools help make sense of varied information provided by security systems to identify potential risks. At Adobe, we generate vast amounts of security data in form of application, system and other logs. In addition, we have environment context data like employee role details and configuration management database (CMDB) data. This security data is an immense source of security intelligence. If collected diligently, the answers are already present, but the trick is to ask the right questions. This information can be compared against a security standard to find security gaps that need to be remediated, which is reactive security. However, if we use machine learning techniques and other analytics tools to ask the right questions, we can proactively identify anomalous activities.
All of this is part of our broader strategy around Project ZEN – our zero-trust enterprise network initiative first introduced to the ISACA audience at CSX 2018. This talk will dive into more specifics about how ZEN works – specifically around UBA. We leverage UBA to help meet the most recent NIST guidelines around user passwords and remove the need for password changes at regular intervals. We will provide summit attendees with a blueprint they can use for a significant part of their own zero-trust network efforts. We hope that you can learn best practices from our approach that you can leverage in implementing more effective UBA at your organization.
Christopher Scheels, Director of Product Marketing, Cyxtera
Zero Trust is trending. Every expo show floor is inundated with this concept that promises to transform of corporate security from a well-known failed perimeter-centric model. In this session, we will discuss what is Zero Trust, why are enterprises adopting it to fix some of security’s biggest challenges and how to get started.
Pay-al Pan, Senior Solutions Engineer, Okta & James Fang, Director of Product Marketing, Okta
Passwords have been the de-facto standard for authentication in the last 40 years, but end users hate them. Not to mention they aren't considered safe anymore - 81% of hacking-related account breaches leveraged weak or stolen passwords. While password + 2FA is a recommended approach by NIST, 2FA may still be hackable.
WebAuthn promises a safer, phishing-resistant protocol and easier authentication standard for web applications. But can it live up to it's hype? Join this session to learn about WebAuthn and understand how you can build strong auth with WebAuthn into your applications.
Dr. Florian Huber, Research Manager at SYNYO & Mag. Bernhard Jäger, Research Manager and Department Lead at SYNYO
New Services and Tools for Supporting First-line-practitioners and Law Enforcement Agencies.
In recent years, Europe has been at increased risk of extremist violence and terrorism – from Islamic fundamentalists, far-right fascist hate groups and others, fueled by online radicalization and encrypted communication networks. At the same time, national and international law enforcement agencies are battling growing networks of organized criminals that are increasingly taking their activities online, using the notorious underground ‘dark web’ to commit illegal acts.
Faced with these threats, the EU-funded TAKEDOWN project (https://www.takedownproject.eu) is developing tools to understand why people turn to terrorism or organized crime, and what can be done to combat the problem. Due to the increasing relevance of the cyber-domain, the project also addressed the issues of (cyber)terrorism and organized (cyber)crime and put a particular focus on the nexus or the hybrids of organized crime and terrorism.
The webinar, presented by the coordinator of the H2020-project TAKEDOWN, will address…
- The outcomes of the research conducted in the project. Focusing on the main conclusions related to the nexus and the hybrids.
- The main practical outcomes of the project the two web platforms, www.firstlinepractitioners.com (for practitioners) and www.fightcrimeterrorism.com (law enforcement agencies and solution providers)
As your workforce becomes more distributed, security is even more critical. Protecting the network is important but it’s no longer enough to secure applications and data. That’s why adoption of a Zero Trust security framework is on the rise.
Interested in more data on how your peers are adopting Zero Trust to protect their apps, data and distributed workforce? Join our webinar where we’ll discuss:
- The full Zero Trust architecture and the steps to get there
- Where organizations struggle in reaching Zero Trust and how to overcome barriers
- Your peer’s top priorities for next year
Bob Gilbert, Chief Evangelist and VP Product Marketing, Netskope
The rapid adoption of cloud and mobile in the enterprise is powering the transformation of legacy IT systems to more modern technology and processes. The business benefits of speed and agility for the enterprise can’t be denied, but the challenge is that security is often not considered a part of this digital transformation. The result is new blind spots are introduced in this cloud- and mobile-first world and legacy security tools are ineffective when it comes to protecting your data.
In this session, we will discuss the new blind spots that exist in today's cloud- and mobile-first world and 5 steps you can take to help ensure that your data is protected.
Join this session to learn:
- About new blind spots that exist in today’s cloud- and mobile-first world
- Why legacy security tools are ineffective
- 5 steps to covering these new blind spots
Cloud is dramatically expanding your attack surface and introducing new visibility challenges into infrastructure security. Without foundational visibility, it’s nearly impossible to execute other cloud security programs supporting compliance, policy enforcement, and vulnerability remediation. Cyber Exposure is a cybersecurity discipline to provide visibility into traditional IT and cloud infrastructure to help you manage and measure cyber risk. Cyber Exposure allows you answer three fundamental questions in your cloud environment:
- Where are we exposed?
- What should we focus on first?
- How are we reducing exposure over time?
Join us as we demystify Cyber Exposure, show how it can help you secure cloud infrastructure, and provide best practices to help you get started on your Cyber Exposure journey.
Yitzy Tannenbaum, Product Marketing Manager at AlgoSec
Cloud computing provides improved security, agility and flexibility. However, integrating this new service into legacy IT environments comes with great concern.
The Cloud Security Alliance has recently surveyed over 700 IT and network security professionals from around the globe on security challenges in cloud environments. In this research, security, data loss and compliance were identified as the top 3 concerns when moving to the cloud. In the face of increasingly complex environments, cloud visibility and expertise are essential to ensuring a manageable, secure and fluent transition to a native cloud, hybrid or multi-cloud environment.
In this webinar Yitzy Tannenbaum, Product Marketing Manager at AlgoSec will review and analyze the findings from the new CSA report “Cloud Security Complexity: Challenges in Managing Security in Native Hybrid and Multi-Cloud Environments”, including:
• Types of cloud platforms being used by companies
• Common challenges faced by companies when moving workloads to the cloud
• The many stakeholder involved in cloud security
• Methods of managing risk and vulnerabilities in the cloud environment
• Causes of network or application outages and the amount of time it took to remediate
Aaron Zander, Head of IT, HackerOne & Gen Buckley, Senior Analyst, Security, and Compliance, Okta
It's easy blame employees for poor password and email hygiene, but in reality, human error isn't going to go away. Every organization will always have a "Kanye" with poor operational security and weak passwords. IT and Security teams have to acknowledge the “desire paths” across the security landscape, and ensure that we not only keep up, but facilitate ease of access while maintaining our security perimeter.
There’s no guarantee on the tech savvy nature or level of care an employee will bring to the table, so we need to move the table closer to them and provide a safe harbor where mistakes are allowed to occur. In this session Aaron Zander, Head of IT for HackerOne, and Gen Buckley, Senior Analyst for Security and Compliance at Okta, will discuss the various ways to enable a security culture without crippling your coworkers.
Organizations in and outside the EU had to take significant measures to revisit the way they stored, shared and processed personal data in preparation to the entry into force of the General Data Protection Regulation (GDPR) on 25 May last year. However, compliance with the GDPR is not a tick box activity, it requires continuous evaluation of data flows in and outside the company.
This webinar brings together Daniele Catteddu, Chief Technology Officer of the Cloud Security Alliance (CSA) and Istvan Lám, CEO of Cloud encryption company, Tresorit to discuss the key learnings since the GDPR entered into force with focus on data breach prevention and mitigation.
The speakers will reflect, in particular, on the following aspects:
- Key learnings from data breach notifications & fines imposed so far
- Best practices for breach detection and reporting
- Challenges regarding the assessment of the severity of personal data breaches
- The most common types of data breaches and how to mitigate their impact
- Assessment of real-case data breaches, determination of what went wrong, and discussion on the implications for compliance with the GDPR going forward
An enterprise has a diverse environment (cloud instances, servers, workstations) in which to try and detect potential security incidents. The ability of an incident response team to work quickly and at necessary scale is imperative when incidents do unfortunately occur. After an initial compromise, attackers often move laterally in an environment, trying to establish a foothold and escalate privileges. While they try to remain stealthy, they almost always leave behind footprints. Detecting and analyzing these footprints quickly and accurately to scope the issue is critical.
This webcast will explore a scalable approach developed by the Adobe security team that relies on open source tools like OSQuery. The goal was to develop techniques that can be leveraged to more quickly and easily investigate large groups infrastructure components for initial triage, basic forensic analysis, and to also help proactively detect threats. Attendees will learn about the techniques we developed that they can then go apply to their own environments to help with their incident response efforts in the cloud.
Robert Healey | Senior Director Marketing, Asia Pacific
Nessus has been around for 21 years now and with over 109,000 vulnerabilities in its scan database, is the undisputed global standard tool for Vulnerability Management, that everyone uses, knows and loves. Nessus is a great tool but unfortunately in any medium or large organization, with Nessus alone, you will soon be buried in a mountain of unprioritised vulnerability data. Join this webinar to see how Predictive Prioritization from Tenable combines asset, vulnerability and threat intelligence data to enable you to reduce the number of vulns you need to address by up to 97%, while significantly improving your overall security.
Steve Manzuik, Director of Security Research at Duo Labs & Keith Brautigam, Director of IAM at Penn State
In this webinar you will learn:
- Real examples from Penn State of how network topology has gotten exponentially more complicated
- Why attackers have shifted from systems-focused to data-focused attacks
- What the evolution of IoT and BYOD-rich environments means for security teams
We’ve come a long way from the days of mainframe systems and a security strategy that ended at the edge of your network perimeter. Few security teams are more familiar with this evolution than those working in higher education: between research labs and large student populations bringing in a fresh wave of their own devices every year, you’ve had a front-row seat to this network metamorphosis.
Penn State's Director of Identity and Access Management, Keith Brautigam, and his team are addressing these new challenges by adopting a zero-trust strategy. Duo is an integral element in that strategy, checking with each new connection whether a user and device should be allowed access. In this session with Steve Manzuik, Duo Lab’s Director of Research, they will explore how the Internet of Things (IoT) is unintentionally driving this perimeter-less movement through devices such as Industrial IoT (aka IIoT), wearables, and a unique new technology that is worth exploring for its wider implications: the hearable.
Join us for an expert discussion on why the perimeter is going the way of the dinosaur, how smart security teams are adapting, and what is coming next.
John Kindervag from Palo Alto Networks & Rob LaMagna-Reiter from FNTS
Much has been written and spoken about Zero Trust and the principles of “never trust, always verify” as a means for enterprises to implement effective network segmentation. As the model has been embraced, Zero Trust evolved to become a strategic Cybersecurity initiative that major enterprises align to in order to prevent successful cyberattacks. However, Is it a security buzz word or a real-world effective security strategy?
Watch as Palo Alto Networks® expert and founder of Zero Trust, John Kindervag discusses the “whys and hows” of extending a Zero Trust architecture to the public and private Cloud and Rob LaMagna-Reiter, FNTS CISO, about their successful Zero Trust cloud operation, the business drivers and strategy, and the technical and cultural challenges and achievements that have quickly delivered the business results and benefits desired.
In a globally connected world where the number of cloud applications consumed by organisations rises daily, the challenges associated with protecting data and individual’s privacy are therefore also on the rise.
In this webcast we will look at some of the challenges associated with privacy including:
- Understanding contractual obligations
- Managing the geolocation of data
- Applying data transfers mechanisms and controls
Greg Mayfield, Sr. Director, Product Marketing & Michael Koyfman, Principal Global Solution Architect at Netskope
Many enterprises have inadvertently exposed proprietary information by failing to properly secure data stored in public cloud environments like Amazon Web Services, Microsoft Azure and Google Cloud Platform. While cloud computing has made it simple to spin up a new server without waiting for IT, this can also be a security nightmare. A simple misconfiguration or human error can compromise the security of your organization's entire cloud environment. Furthermore, "Cloud as an Attack vector"-based threats are increasingly breeding in IaaS, PaaS and SaaS environments to compound organizational risk. Good security hygiene should always be an integral part of any public- or multi-cloud environment, however, this isn’t the reality for many organizations.
Join Netskope for a lively session in which you’ll learn about some common cloud threats and security mistakes made by SecOps and CloudOps admins and how to avoid them.
In this webcast you will learn about:
- How to detect and remediate common misconfigurations in your cloud infrastructure
- How to identify and stop some of the top "Cloud as an Attack vector"-based threats (e.g. cloud phishing, malware, open redirection, coin miner attacks)
- How to follow best practices and maintain continuous compliance in your clouds.
Matthew McKenna, Vice President, International Operations, SecurityScorecard
This webinar will take a case study approach to demonstrate how security ratings can be leveraged to gain insight the cyber risk governance of organisations. Are organisations working in a structured manner to address cyber risk or are they purely reaction driven? We will look at organisations that have been breached in the last 12 months and explore what insights we can gather from trending across multiple security domains, including network security, DNS health, patching cadence, application security and endpoint security. We will explore how security ratings can help us take proactive measures to help mitigate risk to ourselves or our supply chain and collectively apply better and more disciplined governance.
Josh Stella, Co-Founder and Chief Technology Officer, Fugue
Today’s enterprise needs to move fast at scale in the cloud, but the dynamic and complex nature of the cloud has introduced a significant new risk: a data breach due to misconfiguration and human error. In large enterprise cloud environments, it’s not uncommon to have tens of thousands of resources spanning hundreds of AWS accounts. This creates a challenge for security and compliance teams: How can you ensure critical data is secure and your AWS environments always adhere to policy—without deploying an army of cloud security engineers? Join Fugue as we explore why AWS misconfiguration is such a pervasive problem and how you can successfully address it. You’ll learn how to:
- Prevent misconfiguration in your DevOps workflow
- Identify critical misconfiguration events when they occur
- Remediate misconfiguration and drift using automation
- Measure your misconfiguration risk—and your success in addressing it
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.
Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy