Introducing HubbleStack: a free, open source project to help automate compliance
Organizations have difficulties handling security auditing and compliance that can be scaled across many teams with varying infrastructure. Adobe found themselves in the same situation and in need of a tool that could provide a window into the complexities of their infrastructure. As a result HubbleStack was developed -- a free open source project.
Just like the Hubble telescope gives us a window into the complexities of our universe, HubbleStack gives a window into the complexities of your infrastructure. It includes components for information gathering, file integrity monitoring, auditing, and reporting. This webcast you learn:
- Detail on the HubbleStack project
- How Adobe has made use of it across all of its cloud services
- How you can get and try out HubbleStack for yourself
- How you can help us move HubbleStack forward
- How you and others can contribute to the development of Hubblestack
RecordedJan 17 201850 mins
Your place is confirmed, we'll send you email reminders
Todd Thorsen, Senior Manager of Security, Risk and Compliance, Code42
The data security world changes so quickly it can be hard to keep up with the latest threats to corporate data. With countless stories of breaches, phishing scams, insider threats, government whistleblowers and cyber warfare, 2018 was the year all eyes turned to security teams and their role within an organization. In this webinar, a panel of security experts will recap the year in data security, with critical lessons learned, tips for security teams, a few fun stories and more.
Join us to hear from your security peers about what they learned in 2018 and what they expect from the year to come.
Zero Trust is quickly becoming the dominant security model for the cloud, shifting the perimeter from the network to the people and devices that make up a modern workforce. As a model with many moving parts, the immediate question is where to start?
This session will focus on:
- The full Zero Trust reference architecture and steps to get there
- Why Identity is the foundational layer to build contextual access controls from
Yitzy Tannenbaum, Product Marketing Manager at AlgoSec
As the network estate grows in size and complexity, the enterprise security team is responsible for ensuring a unified, comprehensive network security policy. But how can the team be sure about application connectivity and the correct implementation of change requests when applications span the breadth of on-premise, private and multi-cloud environments, each with its own security controls? In the face of application migration to multiple clouds, how can the enterprise be sure about its risk and compliance posture at all times?
In this enlightening webinar, Yitzy Tannenbaum, Product Marketing Manager at AlgoSec, will explain how unified security policy automation can help you:
•Obtain complete visibility across the entire network estate
•Maintain uniform security policy across complex multi-cloud and hybrid environments
•Monitor multi-cloud and hybrid network-security configuration changes to properly analyze and assess risk and to maintain compliance posture
•Generate audit-ready reports for major regulations, including PCI, HIPAA, SOX and NERC, on demand
•Correctly provision application connectivity flows with zero touch across the myriad security controls in hybrid environments
Are your C-suiters putting valuable company IP at risk through careless data practices? If they're like most business leaders, they are. Nearly three-quarters of CEOs admit they’ve taken IP, ideas, and data from a former employer, and 95 percent admit to keeping a copy of their work on a personal device.
A new report from Code42 and Sapio Research raises startling concerns about the role of human emotions in risky data practices such as these. The Data Exposure Report includes feedback from nearly 1,700 security, IT and business leaders in the U.S. and Europe.
Attend this webinar to learn about:
- The ways business leaders and employees put data at risk
- How lack of data visibility hampers the ability of IT departments to protect data
- Strategies for keeping your valuable IP safe--whether you experience a data breach or not
Want to transition on-premises workloads to the cloud, but are concerned about consistently securing access? Join us for a webinar where we discuss how you can easily and effectively apply secure access policies throughout your cloud migration, regardless of your infrastructure complexity or architectural starting point. By utilizing a modern, cloud-ready security architecture, you can maintain – and in fact, improve – your enterprise security controls throughout the entire migration process.
In this webinar, Jason Garbis, CISSP – Vice President of Products at Cyxtera, will discuss
- Challenges (real and perceived) that enterprises face when moving to the cloud
- Managing policies and permissions for cloud vs. on-premises workloads
- The pitfalls of inconsistent security
- How to secure any application, on any platform, anywhere.
This webinar is for IT / Security leadership (director, VP, CISO, CIO).
As we all know, cybersecurity is often a game of cat and mouse - attackers are always trying to outsmart us defenders. At Adobe, we face the same issues and concerns as all the other major companies. We must ask ourselves simple questions with non-simple answers: How do we ensure that all assets are protected? How do we ensure that our employees are secure from the outside threats? How can we mitigate future emerging threats? Attackers will always try to find the next unconventional attack that will bypass our security systems and our security mindset. In this case, how do we protect our self from the unknown? We believe machine learning techniques can assist us in this defense. This presentation will discuss one of our current machine learning innovations that is helping us detect anomalies in command lines. Command line interfaces are frequently used by users, system administrators and applications alike. Many applications launch console scripts to perform tasks, especially in cloud services where conformity in service environments is also helpful for security. When they can, attackers do like to leverage those native system capabilities. This presentation will discuss machine learning methods developed by Adobe computer scientists to help detect anomalies in command line scripts and calls to help prevent these types of attacks.
Serverless architectures and FaaS services such as AWS Lambda make application development scalable, easy, and cheap. Plus, there’s no server to maintain or patch! But just because there’s no server doesn't mean there’s nothing to secure. Serverless services and their dependencies still need to be used and configured correctly, which is why it’s important to maintain security visibility into your serverless architecture.
Join CloudPassage for an introduction on protecting serverless applications and underlying infrastructure and learn:
- What a serverless application looks like from a security perspective
- What threats, risks, and potential vulnerabilities could be leaving your organization exposed
- Steps you can take to secure your serverless architecture
Data breaches can happen to any organization, so it's important to understand your organization's risk of a data breach. But where should you start your assessment? What practical and pragmatic steps can you take?
In this presentation, we'll discuss the myths vs. the realities on how:
- Breaches happen
- The rapidly growing cloud and SaaS adoption changes the game for
- Identity-driven security can help reduce the probability of a breach happening to your organization
More than 90% of reported data breaches and security incidents in 2016 involved a successful phishing attack*. Attackers rely on phishing as a primary strategy because it continues to be both effective and efficient, as users remain the most vulnerable attack vector.
The best defense against phishing is proactively educating your users, through a shame-free campaign that prepares them for real-world phishing attempts. Along with teaching your users what to watch for, an internal phishing exercise can result in faster user reports of possible phish attempts and reinforce your security response plan.
In this webinar, you will learn how to:
- Quickly and easily assess your security posture
- Help build the business case for addressing your organization’s security needs
- Build and deploy effective phishing simulations within minutes
- Identify vulnerable users and devices
- Increase the speed of user reporting for possible phishing messages
* Verizon 2017 Data Breach Investigations Report, page 30
Jason Eubanks, CRISC, ISO 27001 Lead Auditor, Principal Consultant, Lockpath
Organizations with mature, enterprise-wide information security risk management programs enjoy a competitive advantage, thanks to ISO 27001 certification that signifies an international standard for safeguarding information. In this webinar, Lockpath's Jason Eubanks, a governance, risk management, and compliance (GRC) consultant and former ISO auditor, will share the business case for earning ISO 27001 certification and the critical role of technology in implementing a successful information security management system (ISMS).
•Challenges and pitfalls with ISO 27001 certification
•Tips on establishing and maturing an ISMS
•Strategies for preparing and passing ISO audits
•Technology's role in earning and maintaining certification
Learn how ISO 27001 can give you a competitive advantage and strategies for earning certification. Register now to attend this educational webinar.
Chris Wysopal, Co-Founder and Chief Technology Officer at CA Veracode
Not only do cryptocurrencies rely on blockchain for their security, but they also rely on an ecosystem of software that runs exchanges, wallets, smart contracts and more. This software ecosystem, as well as the infrastructure on which it runs are required to be secure. Whether you are a builder, investor, or consumer- this webinar will help you learn how to identify the vulnerable aspects of the software that powers the cryptocurrency ecosystem - and how to avoid them.
Users whose digital lives are increasingly mobile don’t want to be tied to their desks, and an effective security strategy must be flexible enough to protect access from boardrooms and bars, cubicles and coffee shops alike. To do this, companies must ensure that users and their devices meet the same security controls, whether they’re outside or inside the network perimeter.
Duo adopted the “zero-trust network” model to solve this challenge. All networks and devices are treated as untrusted until proven otherwise, and their health is checked each time a user connects to a protected resource. This approach depends on visibility into whether basic device and network security standards are met. It also requires the ability to enforce granular policy controls based on the results of that health check.
The perimeter is disappearing, and it’s not coming back… find out how you can get a head start on what’s next.
On-prem vs Cloud-based security? It’s an ongoing debate that SecOps teams face daily.
With cloud adoption continuing to be a top business initiative, SecOps teams must adapt or risk falling behind. As most on-prem security tools don’t work in the cloud and suffer limitations, SecOps teams are faced with a myriad of new technologies and tools to implement to protect their critical assets. This can be overwhelming as numerous options abound.
As the attack surface evolves and expands in the cloud, understanding the current state of assets and assessing their risk is an essential first step. Achieving continuous visibility and protection is then the following challenge. This webinar will discuss the opportunities and benefits that SecOps teams face by utilizing cloud-delivered security solutions vs. traditional on-prem solutions.
Scott Hogrefe, VP of Marketing at Netskope, and Doug Cahill, Senior Analyst at ESG
New research from Enterprise Strategy Group and Netskope shows that there are business ramifications when it comes to your approach to cloud security.
Join senior ESG cybersecurity analyst Doug Cahill and Netskope VP Marketing Scott Hogrefe for this webinar to get a deep dive into this research and understand how being a cloud "Discoverer," "Controler," or "Enabler" can make a difference for your organization and your career.
What you'll learn by attending this webinar:
- Find out if the risks from threats or data loss increase as you change your strategy
- Understand the steps other organizations are taking to improve the maturity of their cloud security strategy
- See how you compare to other organizations
Scott Pack, Lead Cloud Security Engineer, and Dhwaj Agrawal, Computer Scientist at Adobe
As one of the first companies to commit wholly to the cloud, we have learned a lot about how to keep our security hygiene levels up even as we support rapid development and deployment cycles. Part of this effort is the development of an internal tool called MAVLink. MAVLink enables us to collect and analyze security data from our cloud infrastructure providers, provide context for application and log data sources, and collect evidence of security controls to make the best decisions possible in keeping Adobe and our customers safe from threats.
This presentation will discuss…
- Why we developed MAVLink
- MAVLink's major capabilities
- How MAVLink integrates with our cloud infrastructure providers including AWS and Microsoft Azure
- How we are using MAVLinkto constantly improve our cloud hygiene
We hope this information will be useful to you as you consider your own best practices and tooling around cloud applications. It will be a serverless cross-cloudy security adventure!
Mark Bowker, Senior Analyst at Enterprise Strategy Group and Swaroop Sham, Senior Product Marketing Manager at Okta
Securing your workforce and users, in the cloud, and on the go can be difficult. A recent Enterprise Strategy Group (ESG) survey discovered that for nearly 75% of organizations, a username and password was the only barrier between a determined attacker and access to your critical resources.
Identity Access Management (IAM) can help you drive a security-first approach with usability that your users love and authentication strategies that match your business needs. But IAM doesn’t always have a clear owner.
Join this webinar featuring Enterprise Strategy Group, Senior Analyst, Mark Bowker, and Okta to discover how:
- Adaptive multi-factor authentication (MFA) benefits your users and admins
- Identity protects cloud and on prem applications
- To go beyond MFA to manage secure access
- Identity fits and integrates into your IT and Security stacks
Cliff Turner, Senior Solutions Architect at CloudPassage
In this webinar, we'll cover the following...
•Review top six risks with today’s cloud service providers.
•We will analyze these risks, consider the business impact and show
you how to proactively manage cloud risk by automating security for
your cloud management accounts.
•We will use the AWS CIS foundation benchmarks and the CIS Controls to
guide our selection of examples for our discussion.
•With a growing attack surface, it’s important to be aware of the
risks associated with cloud technology in order to secure and manage
Finding a balance between a pleasant user experience and stringent security requirements can be a challenge. The need to use a certain username and password for some services while saving additional credentials for other services can contribute to a headache for both security pros and users. Is it even possible to balance security and enhancement of the overall user experience? Adobe believes this is possible. We want to help you achieve this balance by sharing our framework known as Project “ZEN.”
Project ZEN at Adobe is an initiative based upon principles found in zero-trust frameworks. Since there is no “off-the-shelf” solution to fully deliver on these principles today, ZEN is an investment in pioneering technology and policies to make the path to a zero-trust network more efficient and attainable.
In this session you will: (a) learn about the principles behind Adobe ZEN, (b) understand the Adobe experience so you can start your own journey by leveraging existing security technology investments and targeted automation technologies, and (c) explore common issues you might encounter along the journey, with guidance on overcoming those issues.
According to Gartner, the IaaS market grew at a blistering 42.8% in 2017 - twice as fast as SaaS. But, despite last year’s AWS data exposures at Verizon, the RNC, and Dow Jones, most cloud security projects focus on SaaS.
We’ve worked with AWS and hundreds of IaaS security professionals to develop a tried and true practice specifically designed to protect IaaS environments and the applications and data within them. Join this
session and discover:
- Common yet preventable scenarios that result in the loss of corporate data from AWS, Azure and GCP
- IaaS security best practices for: security configuration auditing, S3 data loss prevention
operations, user and admin behavior monitoring, and threat prevention
- Step-by-step guidance on how to gain visibility across all workloads, protect against advanced threats, and discover insights into lateral threat movements
- Recommendations for creating a successful DevOps workflow that integrates security
Enterprises are taking advantage of the economies of scale of cloud computing and migrating applications to public and private clouds. The new technology offers many advantages, but also requires taking a step back and evaluating whether existing network security tools and processes are relevant and effective in these new environments. To maintain their security posture, network security professionals need unified visibility and control as deployments spread to and across clouds. This is critical both to ensure that cloud payloads are protected against the growing number of attacks and breaches and also to satisfy regulatory compliance requirements such as PCI, HIPAA and NERC.
In this webinar, Anner Kushnir, VP of Technology at AlgoSec, will share insights on the latest cloud security technologies and best practices for maintaining full-blown corporate security governance as enterprises deploy their applications in the cloud. Attendees will learn:
•How to quickly bring enterprise network security best practices to cloud and hybrid deployments
•How to gain full visibility into cloud network topology and filtering
•Proactively uncover gaps in the compliance posture
•How to ensure continuous compliance as part of policy change management
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.
Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy