Hi [[ session.user.profile.firstName ]]

Joining the Cloud Cyber Intelligence Exchange

CSA, along with support from key corporate members like Rackspace and Intel, has been incubating a new intelligence exchange within the CloudCISC Working Group. Join CSA and technology partner TruSTAR to discuss:
- The challenges of building effective intelligence exchange
- How the CloudCISC exchange is designed differently
- How you can get involved in the growing collection of vetted CSA members exchanging intelligence everyday!
Recorded Aug 2 2016 44 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Patrick Coughlin, TruSTAR
Presentation preview: Joining the Cloud Cyber Intelligence Exchange

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Top 10 Public Cloud Security Recommendations Dec 14 2017 5:30 pm UTC 60 mins
    Matt Keil of Palo Alto Networks
    Offering organizations of all sizes the benefits of agility and scalability, the adoption of public cloud continues at a pace rivalled only by that of the early days of the Internet era. As was the case then, the speed of adoption often means that “good enough” security is viewed as acceptable. With the underlying premise that the public cloud is someone else’s computer, and an extension of your network this session will cover public cloud security concerns, what the shared security responsibility model really means and recommendations for protecting your public cloud workloads and data.
  • 5 Steps to Prevent AWS Data Exposures Dec 6 2017 5:00 pm UTC 60 mins
    Brandon Cook and Anant Mahajan of Skyhigh
    Amazon Web Services has strong security features, but customer misconfigurations have led to a series of very public data exposures over the last few months from Verizon, Dow Jones, Accenture, and Patient Home Monitoring.

    And now, we are seeing different misconfigurations leading to a new AWS exposure, dubbed GhostWriter, whereby third parties can alter content in S3 buckets, enabling bad actors to use the exposure to conduct MITM phishing and malware attacks.

    In this webinar, we will outline the proven steps you can take to prevent AWS data exposures, including a Skyhigh Security Cloud demo of:
    •Auditing AWS to identify and correct unsecure/noncompliant configurations
    •Preventing employee access to 3rd party GhostWriter-exposed S3 Buckets
    •Detecting compromised accounts and malicious insiders working with AWS

    About the speakers:

    Brandon Cook, VP, Marketing
    Brandon Cook leads the product marketing team at Skyhigh Networks and has over a decade of experience in the tech industry identifying and developing new markets. Prior to Skyhigh, Brandon worked at Sequoia Capital, Symantec, Clearwell (acquired by Symantec), and IBM. As a regular contributor to the Cloud Security Alliance (CSA) events and blogs and author of the quarterly Cloud Adoption and Risk Report, he has expertise in "shadow IT", cloud security, cloud governance, and cloud regulatory compliance. Brandon holds a B.S. in Economics from Duke University.

    Anant Mahajan, Senior Product Manager
    As a senior product manager, Anant Mahajan heads up Skyhigh’s IaaS product for AWS, Azure and Google Cloud. Prior to Skyhigh Networks, Anant led Druva’s Governance product offerings and has a successful track record of driving product innovation in the Cloud Security, Data Protection, eDiscovery and Compliance space. Anant is a software engineer by training and holds an MBA from Imperial College London.
  • Cloud Security for Startups - From A to E(xit) Nov 23 2017 12:00 pm UTC 60 mins
    Moshe Ferber of CSA Israel and Shahar Maor of Outbrain
    Cloud computing perform amazing things for startups, providing young companies with access to enterprise grade infrastructure . But also act as a double edge sword. Lack of proper security controls can lead to multiple challenges varying from longer sales cycles to losing customers & investors trust.
    The Cloud Security Alliance identified those unique challenges and developed a cloud security for startups guidelines.
    In the upcoming webinar, the guidelines co-authors will explain the 3 phases security strategy that is recommended for your cloud based startups.
  • Security Anthropology: How Do Organizations Differ? Recorded: Nov 16 2017 53 mins
    Wendy Nather with Duo Security
    When planning a go-to-market strategy, it’s common practice to build detailed marketing and sales personas for key security individuals such as the CISO, the IT administrator, the developer, and the end user. Each of these roles has different needs and priorities when considering a security tool, and sales strategy recognizes the need to address each of them. Organizations have different types of business drivers, priorities, constraints, and capabilities as well: for example, an 80-year-old manufacturing company may not care what cute new IoT ideas you might have.

    These organizational personas must be considered when searching out peers for benchmarking. Security decisions made only by looking at other companies in the same industry doesn’t provide enough data, because there are many other variables that come into play. Building a security anthropology model for comparing organizations provides more context to better design products and services to align with their needs, while helping the security community speak the language of the users it’s serving. Join us for a discussion on how we can excavate a better approach with Wendy Nather, Principal Security Strategist at Duo Security.

    SPEAKER INFO:
    Wendy Nather is a former CISO in the public and private sectors, and past Research Director at the Retail ISAC (R-CISC) as well as at the analyst firm 451 Research. She enjoys extreme weather changes while shuttling between Austin and Ann Arbor.
  • Protecting Corporate Data When an Employee Leaves Recorded: Nov 2 2017 56 mins
    Michael Osterman of Osterman Research and Drew Neilson of Druva
    Employees leave organizations each year, but did your sensitive data leave with them? Osterman Research found that 39% of companies are not sure that they have recovered all corporate data assets, posing a significant risk in terms of data breach, regulatory and compliance implications, while leaving IT trying to locate and contain sensitive information.

    This presentation with Michael Osterman, president of Osterman Research, as he shares new research, and Drew Nielsen, Director of Enterprise Security, Druva. Key learnings include:

    * Understanding your organization's data vulnerabilities for data exfiltration
    * Recommended technologies, policies, and procedures to protect critical information
    * Preparation that can save IT time from potential audits, investigations or litigation
  • CISO Challenges with Cloud Computing Recorded: Oct 31 2017 60 mins
    Moshe Ferber of CSA Israel
    Cloud computing provides companies with unprecedented access to robust, scalable infrastructure, but on the other hand, cloud adoption is accompanied with various challenges for security professionals. In this presentation, we will examine cloud security challenges according to based on the different cloud services out there, review the current trends and discuss cloud strategies based on market sector.
  • Market State of Cloud Security Recorded: Oct 24 2017 55 mins
    Nick Mendez of Optiv
    Optiv will be sharing their insights on the market state of cloud security and how enterprises should bolster their security programs for the evolution of cloud. We will cover what we see in the field from the cloud security maturity state of most organizations to the IaaS/PaaS security trends that will impact your cloud deployment plans. At the end of this webinar, you will learn how you can accelerate cloud deployments securely so you gain a competitive edge in today’s market.
  • CASB 2.0: The Next Frontier for CASB Recorded: Oct 17 2017 50 mins
    Deena Thomchick of Symantec
    The rapid adoption of cloud applications and services has fueled the need for new security solutions, such as Cloud Access Security Brokers (CASBs). But how do these systems weave into your overall security infrastructure? There are many intersections to consider, such as DLP, Advanced Malware Protection, Web Security and Endpoint where organizations are navigating how to best integrate cloud security into their environment. This talk will explore this next frontier of CASB solutions.
  • Securing the Open Enterprise - API Security Threats, Risks and Solutions Recorded: Oct 10 2017 53 mins
    Ron Speed of TrustedImpact
    Enterprises around the globe are rapidly opening up their back-end systems and databases to the outside world using APIs. Drivers for doing this include everything from improving customer service, to monetizing corporate information assets and meeting regulatory requirements. For businesses and systems, however, that were never designed to be opened up to the outside world, APIs can expose them to a whole new range of major security threats and attacks. This webinar will examine this important and growing industry trend from a vendor-agnostic perspective, including:
    - What are the emerging threats and risks with APIs?
    - What API security controls and practices should be considered and how can cloud-based solutions assist?
    - What to look for when evaluating API security solutions?

    About Ron
    Ron, an IT risk, security and compliance executive, has 20+ years experience in international leadership roles, including Big 4 consulting and financial services. He specializes in “building bridges” between business and IT and working strategically with organizations looking to securely adopt new and emerging technologies, such as cloud, mobility, APIs, big data and IoT. Ron’s a recognized thought leader in such areas as cloud risk management and Fintech / blockchain security.
  • Internal Bug Hunts: Squashing Security Bugs on a Budget Recorded: Sep 19 2017 47 mins
    Pieter Ockers - Sr Program Manager at Adobe
    Far too often, testing software for security flaws falls into the “nice-to-have” category, taking a backseat to the demands of the marketplace and inflexible feature release schedules. In addition to the expense of hiring an outside security testing team, testing for and fixing obscure security bugs is a brake on an engineer’s ability to put new code in the hands of their customers. Fortunately, there is a workaround to this dilemma that will allow you to promote application security awareness while helping to reduce security bugs in your applications.

    An internal bug hunt contest - in which your employees compete for prizes by finding and reporting security bugs - enables you to harness the creativity and problem-solving skills of your workforce while reducing security bugs in your applications. It can also help promote a culture of security awareness - without a large security testing budget.

    An internal bug hunt contest can you help you:

    • Find and remediate vulnerabilities before external entities can exploit them
    • Provide a safe platform for your application owners to test for security bugs
    • Promote application security awareness
    • Engage employees outside of the central security team who want to explore the security domain

    In this webcast, you will learn how an internal bug bounty program can help you find security flaws in your applications before criminals or spies, while improving the security culture at your company.
  • Challenges in Data Privacy Recorded: Sep 14 2017 40 mins
    Craig Scoon, Consultant in the Risk Advisory Service at Deloitte
    There are many challenges for data privacy legislation within a boundary-less cloud computing and World Wide Web environment. Despite its importance, there is limited research around data privacy law gaps and alignment, and the legal side of the security ecosystem seems to constantly be playing catch-up.
    This research is supported by STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) (https://stratus.org.nz),
  • State of Cloud Adoption in Asia Pacific (APAC) Recorded: Sep 13 2017 36 mins
    Ekta Mishra, Research Analyst of CSA and David Siah, Country Manager of TrendMicro Singapore
    Cloud as the enabler of Internet of Things (IoT) and data analytics, the incorporation of cloud computing is critical for the successful implementation of these leading-edge technologies. Countries and organizations moving towards Industry 4.0 are highly dependent on cloud computing, as it is the basis for this revolutionary transition. However, complications and confusion arising from regulations (or lack thereof) surrounding cloud usage hinder cloud adoption.

    During this webcast, we will discuss some of the findings from the CSA “State of Cloud Adoption in Asia Pacific (APAC) 2017” report and examine the availability and affordability of cloud computing in the APAC region.
  • Privacy Level Agreement Code of Conduct for CSPs: a compliance tool for GDPR Recorded: Aug 17 2017 60 mins
    Nicola Franchetto of ICT Legal Consulting
    Nicola Franchetto will discuss in a practical and business oriented way, the new provisions of the GDPR and how the PLA Code of Conduct supports compliance with the forthcoming EU Data Protection Legislation. More precisely, Franchetto will highlight the true privacy compliance “game changers” introduced by the GDPR and offer the audience practical inputs on how to set up a sound and effective corporate Data Protection Compliance Programme, which will also include having a PLA in place with Cloud Service Providers.
  • Backup & Recovery: Your Get out of Ransomware Free Card Recorded: Aug 9 2017 62 mins
    Andrew Nielsen, Chief Trust Officer of Druva and Jim Reavis, CEO of CSA
    Ransomware has become a major concern for organizations around the globe. The U.S. Department of Justice reports that an average of 4,000 ransomware attacks occur daily. These ransomware attacks aren’t just targeting laptops and other end-user devices either. Servers are equally at risk of ransomware attacks as well. There’s good news though - your backup data can be difference between being held hostage and easily recovering from an attack.

    Join security experts, Andrew Nielsen, Chief Trust Officer from Druva and Jim Reavis, CEO of Cloud Security Alliance to learn:

    ●The top vulnerabilities exploited for endpoints and servers
    ●Proactive strategies to protect data before a malicious attack occurs
    ●How to avoid paying the ransom by leveraging your backup data

    All registrants will receive a free copy of Druva’s Annual Ransomware Report: 2017 Survey.

    About the speaker....
    Andrew (aka Drew) has more than 15 years of experience in information security, primarily focused on security architecture and product definition. At Druva, Drew is responsible for defining the security and compliance direction of products and services, and his background in both the private and public sectors gives him unique perspective on current and emerging security trends. Prior to Druva, Drew held various security architecture and product roles at FireEye, Hitachi Data Systems, Silicon Valley Bank, and Raytheon.
  • "Cloud-First" Ransomware - A Technical Analysis Recorded: Jul 27 2017 43 mins
    Bob Gilbert and Sean Hittel of Netskope
    Cloud services have emerged as the preferred attack vector of some of the most dangerous and innovative cloud malware exploits of the past six months. Why?  Because many organizations don't inspect their cloud SSL traffic for malware and the same functionalities of the cloud dramatically increase productivity (sync, share, collaborate, etc) also provide ransomware developers with a perfect medium for faster delivery of malware payloads to more targets.

    Join Netskope chief evangelist, Bob Gilbert, and Threat Detection Engineer, Sean Hittel, for a fascinating look at how malicious actors now design ransomware to make best use of popular cloud services to hide in plain sight, and do more damage in less time. 
     
    Bob and Sean will provide technical analyses of recent malware campaigns discovered or documented by Netskope Threat Research Labs and how to defend against them.  These include:
     
    • Virlock, which encrypts files and also infects them, making it a polymorphic file infector 
    • CloudFanta, which uses the SugarSync cloud storage app to deliver malware capable of stealing user credentials and monitoring online banking activities
    • CloudSquirrel, which takes advantage of multiple cloud apps throughout the ransomware kill chain with the intent to steal and exfiltrate user data
    • The Zepto variant of Locky ransomware, now distributed both by popular cloud storage apps and via DLL
  • Cloud Services and Encryption: Facts, Myths, Perceptions Recorded: Jul 19 2017 61 mins
    Paul Rich of Microsoft
    Encryption and terms like "BYOK" have surged to the forefront of cloud service discussions. Both security and compliance stakeholders express great interest in encryption and its apparent promises. However, the expectations built upon encryption and control of encryption keys are often founded on assumptions that fail under scrutiny. In this session we will examine the top myths of cloud encryption and look at factors that have contributed to the growing misperceptions. We will also examine regulatory and legal pressures that impact encryption in this this fascinating and evolving area of cloud services and data privacy.

    Key takeaways:
    - The fact and fiction in myths about cloud encryption
    - The importance of thinking of encryption within legal frameworks
    - How to spot encryption snake oil
  • How and Why to Build an Insider Threat Program Recorded: Jun 20 2017 37 mins
    Jadee Hanson of Code42
    Jadee Hanson, Director of Security at Code42, provides a behind-the-scenes look at what it's really like to run an insider threat program -- a program in which you can take steps to prevent employees from leaking, exfiltrating, and exposing company information. This webinar will provide cloud security professionals with insider threat examples (and why you should care), recommendations for how to get buy-in from key stakeholders, and lessons learned from someone who has experienced it firsthand.

    About the speaker:
    Jadee Hanson, CISSP, CISA, is a security professional with more than 13 years of experience. Jadee’s passion for security was born out of a computer science internship and developed into a profession with her first role at Deloitte. After 5 years and a lot of travel, Jadee’s consulting experience led her to Target Corp. where she spent 8 years on its security team, building many of the security programs and functions that exist today. Currently, Jadee is the Director of Security at Code42. In addition to her day job, Jadee is also the founder and CEO of a nonprofit, Building Without Borders.
  • Security Automation Strategies for Cloud Services Recorded: Jun 15 2017 60 mins
    Peleus Uhley of Adobe
    Security automation strategies are a necessity for any cloud-scale enterprise. There are challenges to be met at each phase of developing and deploying security automation including identifying the appropriate automation goals, creating an accurate view of the organization, tool selection, and managing the returned data at scale. This presentation will provide the details of various of open-source materials and methods that can be used to address each of those challenges.

    About the speaker:
    Peleus Uhley has been a part of the security industry for more than 15 years. As the Lead Security Strategist at Adobe, he assists the company with proactive and reactive security. Prior to joining Adobe, Peleus was a senior developer at Anonymizer, and a security consultant for @stake and Symantec.
  • 4 Lessons IT Pros Have Learned From Managing ​Outdated Endpoint Backup Recorded: Jun 13 2017 41 mins
    Aimee Simpson of Code42, Shawn Donovan of F5 Networks, and Kurt Levitan of Harvard University
    Today's organizations face complex challenges as a result of exponential data growth and rapidly evolving ​cyberthreats. Furthermore, as companies move to cloud, it's inevitable that technologies will need to be replaced -- and what may have worked five years ago is no longer a viable solution for today's mobile workforce.

    In this session, you'll hear​ from IT professionals at F5 Networks and Harvard University, as well as​ a Code42 expert​ as they ​discuss:
    - Why all endpoint backup isn't created equally
    - How outdated or insufficient backup solutions leave you with gaps ​that put user data at risk
    - ​​What technical capabilities you should ​look for in your next ​backup solution

    About the speakers:
    Aimee Simpson is a Solutions Marketing Manager at Code42 where she helps internal audiences understand what’s happening in the category and influences product decisions through customer and market research. She has always worked in the technology industry, having launched her career at the data storage company Compellent Technologies.

    Shawn Donovan is a Windows System Engineer at F5 Networks where he works with a variety of Microsoft enterprise technologies as well as other products such as Cisco Ironport and Code42 backup solution.

    Kurt Levitan is a Technical Architect at Harvard University where he is responsible for designing and implementing technology solutions, and leading a team of system administrators who provide endpoint management services for the university
  • How Financial Services can Leverage the Cloud Securely to Drive Business Recorded: May 25 2017 32 mins
    Miguel Ramos of Forcepoint
    Though one of the most mature industries in cybersecurity, the Financial Services industry has seen some of the largest explosion of innovation and technology. While startups and innovators are focused on speed to market and leveraging cloud infrastructure and cloud platforms as a service, the need for security in financial technologies is paramount.

    In this session, Miguel Ramos will use case studies and his experience to outline key steps that can be taken to secure financial technology innovators, and explain how traditional, cloud and potentially even blockchain technologies can be used by corporations to ensure the security they need to drive business forward.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Joining the Cloud Cyber Intelligence Exchange
  • Live at: Aug 2 2016 4:00 pm
  • Presented by: Patrick Coughlin, TruSTAR
  • From:
Your email has been sent.
or close