Hi [[ session.user.profile.firstName ]]

Preventing AWS Misconfiguration and the Risk of Data Breaches

Today’s enterprise needs to move fast at scale in the cloud, but the dynamic and complex nature of the cloud has introduced a significant new risk: a data breach due to misconfiguration and human error. In large enterprise cloud environments, it’s not uncommon to have tens of thousands of resources spanning hundreds of AWS accounts. This creates a challenge for security and compliance teams: How can you ensure critical data is secure and your AWS environments always adhere to policy—without deploying an army of cloud security engineers? Join Fugue as we explore why AWS misconfiguration is such a pervasive problem and how you can successfully address it. You’ll learn how to:

- Prevent misconfiguration in your DevOps workflow
- Identify critical misconfiguration events when they occur
- Remediate misconfiguration and drift using automation
- Measure your misconfiguration risk—and your success in addressing it
Recorded Mar 28 2019 63 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Josh Stella, Co-Founder and Chief Technology Officer, Fugue
Presentation preview: Preventing AWS Misconfiguration and the Risk of Data Breaches
  • Channel
  • Channel profile
  • CSA's Executive Series - Advancing Cloud SIEM: A Hunter's Experience Aug 12 2020 5:00 pm UTC 40 mins
    Gunter Ollman, CSO - Cloud and AI Security, Microsoft
    Join Gunter Ollman, CSO - Cloud and AI Security, Microsoft in this webinar, where he will discuss how cloud SIEM is advancing, how this is changing the role of the threat hunter and SecOps teams, & what is to come.
  • Dark Web Demystified Aug 6 2020 4:00 pm UTC 60 mins
    Charity Wright, Cyber Threat Intelligence Advisor, IntSights
    Come to the dark side! Charity Wright, a former NSA analyst and current Cyber Threat Intelligence Advisor at IntSights will take you on a tour of the dark web and explain how you can collect and analyze pertinent intelligence from the dark web to neutralize threats outside the wire at the earliest stages of the cyber kill chain. This session will take you on a guided tour of some of the hottest markets and forums for cyber threat intelligence collection in the dark web. See the most popular use cases for intelligence to protect your companies: credential leakage, attack indication, bank cards for sale, PII and PHI for sale, and much more!
  • Tackling Security in the World of Containers and Hybrid Cloud Aug 4 2020 5:00 pm UTC 42 mins
    Lucy Kerner, Global Senior Principal Security Technical Evangelist, Red Hat
    Security teams are increasingly finding it challenging to keep up with the changing risks, compliance requirements, tools, and architectural changes introduced by new technologies - such as containers, kubernetes, software-defined infrastructure, and cloud technologies. As traditional infrastructure evolves to a mix of bare metal, virtual, cloud, and container environments, how can you maintain security, governance, compliance and reduce risk amid this growing complexity?

    Traditional perimeter-based network security does not work in this new world of containers and hybrid cloud. Security teams must rethink their approach to security in this new world with automation and DevSecOps, where security is built-in, continuously addressed, and continuously monitored across the entire application lifecycle, infrastructure lifecycle, and supply chain.

    In this keynote, we'll discuss some prescriptive steps you can take to tackle security successfully in the world of containers and hybrid cloud.
  • Transitioning, Enhancing, and Innovating in the Cloud Recorded: Jul 29 2020 28 mins
    John Yeoh, Global VP of Research, CSA
    Wherever you are in your cloud journey, CSA research is available to help organizations transition to the cloud, enhance security in the cloud, and innovate from the cloud through their consensus-driven research and initiatives. In this session, John Yeoh connects the latest industry research for guidance and insight that is applicable to organizations across multiple cloud security positions from the private and the public sectors. Learn how to utilize resources that leverage cloud security controls frameworks, top threats reports, and more
  • Nefarious Uses of Cloud: A Case Study from Defending a Security Conference Recorded: Jul 29 2020 30 mins
    Wong Onn Chee, CTO, Resolvo & Co-Chair, CSA APAC Research Advisory Council
    As organisations increasingly move to the cloud, so do the attackers. Come and listen to Onn Chee on how the cloud was used to attack a security conference's websites on the cloud, the profile of the attackers from cloud and how did the conference organisers defend against them. In addition, Onn Chee will share on lessons learnt and a new pro-active approach to cloud defense by looking at IoR - Indicators of Reconnaissance - which is the first step in the Cyber Kill Chain, instead of IoC - Indicators of Compromise - to achieve faster and pre-emptive disruption to the Cyber Kill Chain.
  • Visibility & Security Challenges Across Multicloud, Hybrid, & Remote Deployments Recorded: Jul 23 2020 53 mins
    Fernando Montenegro, Principal Analyst, 451 Research & Dan Frey, Sr. Cloud Security Manager, ExtraHop
    Migration to the cloud continues, now with even greater urgency as organizations around the world transition to remote workforces and shift operations off-premises. But cloud environments can expand the attack surface and erase visibility into critical infrastructure and applications, introducing complexity—especially in the case of multi-cloud and hybrid cloud.

    So where are organizations migrating workloads to, and how are they doing it? Are they lifting and shifting legacy applications to IaaS and PaaS, repackaging them using containers, or refactoring for serverless? And what’s happening after migration? Do IT and security operations think they have sufficient monitoring and security for applications running in the cloud, and if not, what are they doing to regain control? And what about hybrid organizations? Do new cloud deployments expose their on-premises infrastructure to new threats, and are their legacy security tools able to detect and respond to novel and fast moving attacks?

    Join us for this webinar to learn how cloud deployments are affecting security and operations teams, and how they are responding to the myriad challenges associated with enabling and securing growing businesses and remote workforces.
  • The Resurgence of Cloud Recorded: Jul 22 2020 22 mins
    David Cass, Vice President Cyber & IT Risk, Federal Reserve Bank of New York
    TBDCloud has seen the typical technology pendulum swing experienced by most innovative technologies.
    Organizations started with the all in cloud first model only to have to later step back and take a more
    moderate approach. Yet cloud continues to thrive. I will discuss:
     Why do organizations struggle with cloud?
     The importance of strategy
     The impact on security, risk and compliance programs
     The impact on business process and operations
  • CSA STAR Town Hall – Everything you’ve wanted to know Recorded: Jul 22 2020 59 mins
    John Yeoh of CSA, JR of CSA, John DiMaria of CSA, and Brianna Hogan of Booz Allen Hamilton
    CSA STAR is being recognized as the international harmonized solution, leading the way of trust for cloud providers, users, and their stakeholders, by providing an integrated cost-effective solution that decreases complexity and increases trust and transparency.

    The STAR Registry holds close to 1000 top Cloud Service Providers that apply to STAR Level 1 and or 2 Self-assessment or certification. Close to 20,000 people each month visit the STAR Registry to view vendor analysis.

    Join CSA’s John Yeoh, Global Vice President of Research; Luciano (J.R.) Santos, Chief Customer Officer; and John DiMaria, Assurance Investigatory Fellow; as they team up with one of the top cloud security consultants from Booz Allen Hamilton to answer your questions in this special CSA Town Hall.
  • Zero Trust: A Five Step Program Recorded: Jul 21 2020 32 mins
    Leya Leydiker and Ganesh Umapathy, Product Managers at Duo
    If you’re eager to learn how you can elevate your Access Management journey, especially with the swift, mass pivot to remote work, don’t miss this webinar. The workforce to protect continues to expand, and everyone needs remote access, bringing more third-party devices and BYOD into the network environment.

    In this session, security and technology experts Leya Leydiker and Ganesh Umapathy, Product Managers at Duo, will share a simple framework for Zero Trust that can help guide your journey. Suitable for organizations of all sizes.
  • Building a Successful Third Party Risk Management Program for a Modern World Recorded: Jul 16 2020 50 mins
    Chad A. Peterson - Director, Security Operations at Optiv Security &Matthew Barth, Senior Sales Engineer at SecurityScorecard
    The challenges that organizations are facing today are increasingly more complex than the past. A global health crisis, an unstable economy and changing dynamics of business risks and opportunities make decision making difficult. These reasons, coupled with ever evolving changes to compliance rules and regulations makes driving a successful Third Party Risk Management Program challenging.

    Throughout this webinar, our speakers - Optiv’s Director of Security Operations, Chad Peterson, along with SecurityScorecard’s Lead Systems Engineer, Matt Barth - will discuss:
    - Strategies on how to accurately and efficiently assess your high priority vendors.
    - Best practices on how to create a Third Party Risk Management Program that is efficient but can scale effortlessly using automation and technology.
    - Why going beyond the questionnaires and risk scores by providing the human element to third party vendors will build a sturdy foundation for a program that is equipped for the future
  • Update on FedRAMP with an Introduction with John Yeoh, Global VP of Research, CS Recorded: Jul 15 2020 22 mins
    Zach Baldwin, Program Manager for Strategy, Innovation, and Technology, General Services Administration
    Mr. Baldwin will define and discuss several new initiatives that FedRAMP is working on in response to feedback for their users including: Open Security Controls Assessment Language (OSCAL), Threat-based Risk Profiling, and Agency Liaison Program. These initiatives are all interrelated and designed to simplify the FedRAMP process, grow the cloud security marketplace and provide guidance to CSPs.
  • Emerging Top Threats in Cloud Computing – What We Can Do About Them Recorded: Jul 15 2020 47 mins
    Moderator : Jim LIM, Panelists: Raju CHELLAM | Nigel LIM | Steve NG
    With cloud becoming the preferred IT infrastructure, understanding the emerging security threats is important. A recent CSA study showed that traditional cloud security issues (such as DDoS, shared technology vulnerabilities, CSP data loss and system vulnerabilities) that are under the responsibility of CSPs are now overshadowed by the need to address security issues that are situated higher up the technology stack which are the result of senior management decisions (such as misconfiguration, inadequate change control, and a lack of cloud security architecture and strategy). Please join our panel of industry experts to appreciate the shifts in cloud security issues.
  • Cloud IAM is the New Perimeter, Learn How to Govern It or Lose Control Recorded: Jul 14 2020 62 mins
    Tyler Smith, Sr Cloud Security Engineer, Allstate & Chris Hertz, VP of Sales - Cloud Solutions, DivvyCloud by Rapid7
    Strong IAM governance is the key to preventing data breaches and limiting the blast radius should a security incident occur. Join Tyler Smith, Senior Cloud Security Engineer at Allstate, along with Chris Hertz of DivvyCloud by Rapid7 for a discussion on why managing cloud IAM is so complex, what challenges this creates for IT and cybersecurity professionals, and how leading organizations like Allstate are governing cloud IAM to reduce risk and the chance of a data breach.

    Key takeaways include understanding how to:
    - Gain visibility to assess, prioritize and remediate improper permission combinations that grant unintended or overly permissive access.
    - Establish and maintain least privilege.
    - Limit cloud security blast radius.
  • Shift Left and Shift Down in the Cloud Recorded: Jul 9 2020 60 mins
    Brian Price, cloudtamer.io|Nicholas Hughes, EITR Technologies|Joe Foster, NASA|Chris Pollard, cloudtamer.io
    How Automation, Templates, and Autonomy Deliver Security with Agility in the Cloud

    Organizations are moving more workloads to the cloud. At the same time, industry surveys indicate that security remains high on the list of reported cloud challenges. The goal remains the same: enable teams to use the cloud to drive agility and innovation while remaining secure and compliant in the process.

    The concept of shift left - moving security earlier in the development process - is a recognized tactic to improve your security posture. We'd add to that the concept of shift down. When you shift down your security efforts properly, you put in place the boundaries developers can work within without hampering productivity and innovation.

    In this webinar, you'll get proven tactics and real-world examples to help you ensure security in the cloud with minimal impact to agility:

    - Identifying and implementing automation opportunities to ensure security without labor-intensive efforts

    - Creating and rolling out a templatized approach to security that gives cloud teams autonomy and jumpstarts development

    - Using and integrating technology solutions to help speed access to and use of the cloud in a compliant manner
  • 2020 State of Federal Cloud Security: A Practitioner’s Perspective Recorded: Jul 8 2020 31 mins
    Dr. Mari Spina (Principal Cyber Security Engineer, The MITRE Corporation)
    Understanding threats and shared responsibility that all Federal agencies have is key to building confidence in security. How has the government and Industry addressed these challenges and are they making progress? Dr. Spina will build on her assessment from the 2018 and 2019 Federal Summits and talk about success areas and challenges.
  • 2020 State of CASB - CSA Research Recorded: Jul 8 2020 58 mins
    John Yeoh, VP of Research, CSA & Itir Clarke, Senior PMM, Proofpoint
    With the shift to work from home, cloud security is a bigger concern than ever. As the network perimeter is replaced by a user-defined security perimeter, enterprises need a people-focused approach to threat detection and data protection in the cloud. Organizations have adopted or plan to adopt Cloud Access Security Brokers (CASBs) to help them.

    Join Proofpoint and CSA experts as they discuss the findings of a newly conducted research among security professionals to determine the needs of enterprises from CASBs, and whether or not their expectations are being met.

    In this session, they will explore:

    - Where is CASB on the adoption curve?
    - How security professionals use CASB for visibility, compliance, data security, threat protection and access control
    - Effectiveness and next evolution of CASBs
  • A Practitioner’s Guide to Cloud Security and Compliance Processes Recorded: Jul 7 2020 62 mins
    Kolby Allen, Senior Architect, Zipwhip & Jason Needham, Senior Director of Cloud Security, VMware
    Are you trying to transform your organization into a savvy cloud security shop? This session will look at some of the biggest and most common challenges for maintaining security and compliance while scaling a public cloud environment, and will make practical recommendations for implementing effective processes based on successful cloud security journeys.

    Join this session to learn more about:

    - Common vulnerabilities and threats that increase security and compliance risks
    - Balancing governance with the flexibility needed for developer productivity
    - Specific steps you can take to measure and improve security posture
    - Lessons learned from scaling these processes to support a growing cloud environment
  • Data Privacy and Security Threat Concerns in the Age of COVID-19 Recorded: Jul 2 2020 57 mins
    Etay Maor, Chief Security Officer, IntSights & Chris Strand, Chief Compliance Officer, IntSights
    Businesses are facing escalating security threats in the wake of the COVID-19 pandemic, which raises questions about the security of everyone’s private and personal data. Many companies are struggling with resource strains, operating in a remote environment, and disrupted supply chains. The pressure of compliance with data protection regulations only adds fuel to the fire.

    Join IntSights for a webinar on July 2nd as their data privacy experts will break down:

    • Key findings from IntSights' report on data security in the healthcare sector
    • Steps businesses can take to help accelerate their efforts to enhance data protection
    • How the application of cyber threat intelligence can enhance the visibility and understanding of organizational data security policies
  • Reducing Compliance Costs with DevSecOps Principles in the Hybrid Cloud Recorded: Jul 1 2020 22 mins
    Daniel Domkowski - Speakers Software Delivery Specialist Red Hat
    58% of organizations are now viewing security compliance requirements and costs as a barrier to entering new markets. Their only choice is to reinvent their approach to compliance. While the vast majority of enterprises are turning to the public cloud to simplify innovation, 93% are invested in more than one cloud. Considering security models and controls vary widely across public providers, and even more so between the cloud and on-premise environments, the most cost effective approach to compliance is one based on principles and behaviors that are cloud and environment agnostic. Enter DevSecOps in the Hybrid Cloud.
  • Accelerating Hybrid Cloud Migration with Continuous Security Analytics Recorded: Jun 30 2020 46 mins
    Chris Collard, Program Director - QRadar Cloud Security, IBM
    As organizations take advantage of various cloud services for innovation and growth challenges arise at every phase of the security strategy, migration, monitoring, and threat management cycle. How do you detect what services are being used, monitor configuration drift of containers and other resources? How do you ensure your organization is collecting the right data and performing deep packet inspection on flows to ensure attacks are quickly detected?

    Join this webinar to learn how to approach your multi cloud journey and obtain visibility into each part of this fragmented infrastructure as if it was your own.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Preventing AWS Misconfiguration and the Risk of Data Breaches
  • Live at: Mar 28 2019 5:00 pm
  • Presented by: Josh Stella, Co-Founder and Chief Technology Officer, Fugue
  • From:
Your email has been sent.
or close