Hi [[ session.user.profile.firstName ]]

Scaling Cloud Forensics & Incident Response with OSQuery

An enterprise has a diverse environment (cloud instances, servers, workstations) in which to try and detect potential security incidents. The ability of an incident response team to work quickly and at necessary scale is imperative when incidents do unfortunately occur. After an initial compromise, attackers often move laterally in an environment, trying to establish a foothold and escalate privileges. While they try to remain stealthy, they almost always leave behind footprints. Detecting and analyzing these footprints quickly and accurately to scope the issue is critical.

This webcast will explore a scalable approach developed by the Adobe security team that relies on open source tools like OSQuery. The goal was to develop techniques that can be leveraged to more quickly and easily investigate large groups infrastructure components for initial triage, basic forensic analysis, and to also help proactively detect threats. Attendees will learn about the techniques we developed that they can then go apply to their own environments to help with their incident response efforts in the cloud.
Recorded May 23 2019 50 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Sohini Mukherjee, Security Analyst & Andres Martinson, Sr. Security Engineer, Adobe
Presentation preview: Scaling Cloud Forensics & Incident Response with OSQuery

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Why it's Time to Kill Your VPN Oct 17 2019 4:00 pm UTC 60 mins
    Chris Scheels, Director of Product Marketing, Cyxtera
    VPNs are dangerous and overly complex. So why are we still pretending that VPNs are an effective security technology?

    Join this webinar if you are responsible for implementing Zero Trust or managing complex VPN environments.

    Learn why:
    - VPNs cannot support your move to Zero Trust
    - Managing VPNs is too complex for delivering granular access to a mobile workforce
    - Eliminating VPNs can deliver Zero Trust secure access to the cloud, DevOps and third parties
  • How to Calculate, Communicate and Compare Your Cyber Exposure with Tenable Lumin Oct 17 2019 12:30 am UTC 60 mins
    Robert Healey | Senior Director Marketing, Asia Pacific, Tenable
    Tenable Lumin lets you measure and benchmark your organisation’s cyber exposure, providing comparisons across your organisation internally (business units, geographies, asset classes) and externally against your peers. Using Lumin, you will gain business insights needed to improve strategic decision-making and security posture. Lumin correlates vulnerability data with other risk indicators, such as threat intelligence and asset criticality. It then automatically scores, trends and benchmarks your organization’s cyber risk.

    By attending you’ll learn:
    - What the Cyber Exposure Score means, how it is calculated and why it matters to your organization
    - How you can compare the effectiveness of your internal operations with industry peers and across internal business units
    - How you can more effectively prioritize your efforts to reduce cyber risk
    - And, answers to your questions during live Q&A
  • Zero Trust Application Delivery Pipeline Oct 10 2019 5:00 pm UTC 60 mins
    Tony Morris, Enterprise Architect-Public Cloud, Hyland
    Zero Trust is a concept that is typically used to describe the security model for a company's infrastructure and data. Application delivery pipelines are typically managed using a perimeter-centric security model. In this session, we will discuss how to apply the core concepts of Zero Trust to the application delivery pipeline, helping to ensure your applications are delivered to production safely and securely.
  • Implementing CAIQ-Lite in a Cloud Vendor Security Assessment Workflow Oct 8 2019 5:00 pm UTC 60 mins
    Nick Sorensen-CEO, Whistic & Azure Shen-Compliance Analyst, OneLogin & Samantha Cowan-Security Compliance Manager, HackerOne
    Come learn how leading technology companies are optimizing cloud vendor security assessments by leveraging the recently-released CAIQ-Lite in their workflow. Also learn how and why the CAIQ-Lite came to be, as well as best practices from early adopters.

    Takeaways from this webinar include...
    - An introduction of the history/creation of the CAIQ-Lite
    - Best practices for using CAIQ-Lite to perform security assessments of cloud vendors
    - A "behind the scenes" look at how technology companies are using both the CAIQ and CAIQ-Lite in their assessment workflows
  • The Future of Audit and Compliance: Controls Automation Oct 3 2019 4:00 pm UTC 60 mins
    Prasant Vadlamudi, Director of Tech GRC at Adobe
    Over the past several years, we have developed and implemented Common Controls Framework (CCF) across Adobe, enabling our cloud products, services, platforms and operations to achieve compliance with various security certifications, standards, and regulations such as SOC2, ISO, PCI, HIPAA, FedRAMP and others. CCF is the foundational framework and backbone of our companywide security compliance strategy. It also provides the flexibility to quickly adapt to and tackle new compliance and certification requirements as needed for our business and solutions. We have also open-sourced CCF for other peer industries to leverage it for their compliance goals.

    As the next level of organic maturity for the CCF strategy @ Adobe, we are now developing and implementing a controls automation framework which will help enable near real time monitoring of the controls operating effectiveness. The CCF controls automation framework is intended to change the controls testing strategy from a point in time/reactive mode to near-real time monitoring, tracking and alerting. This mode of controls assessment via automation not only increases the frequency of testing, but also enable quicker remediation to reduce the risk of controls failure. This framework will also enable with scaling the CCF controls framework by making it easier for new services and product teams to onboard the controls as well as help eliminate the compliance fatigue imposed on the operations and engineering teams, and still reducing risk. During this webcast we will share the automation platform that is being built by Adobe and how it aligns with CCF and Adobe’s approach towards faster adoption of controls.
  • Don’t Let Your Security Slow Your Cloud Journey Oct 1 2019 5:00 pm UTC 60 mins
    Jason Georgi, Field Chief Technology Officer for Prisma Access and SaaS, Palo Alto Networks
    Cloud adoption for some services is no longer optional, however security is what is overwhelmingly holding organizations back from doing more. Cloud and SaaS themselves are also evolving, which is changing the approach for securing access to them. The right security capabilities will allow you to address risk while having you ready for tomorrow.
  • Quandaries and Clouds: A Discussion on Cloud Security Sep 26 2019 5:00 pm UTC 62 mins
    Dan Mellen, Accenture & Robert Scheutter, Valvoline & Lamont Orange, Netskope & Nate Smolenski, Netskope
    Are you experiencing these common challenges in your cloud security program?

    There is no question that the way we work has changed with the rise of cloud and the widespread access to mobile devices. This shift in how we work requires us to also shift how we think about security when it comes to the cloud.

    Listen in as our panel of C-Level security leaders discuss common obstacles CISOs encounter when moving to the cloud and how you can overcome them.

    Topics covered include:
    - Tackling privacy regulations
    - Protecting your company's sensitive data
    - Shifting your existing security strategies to be more cloud-focused
  • No Passwords, No Problem: Using WebAuthn to Stop Account Takeover Recorded: Sep 19 2019 31 mins
    Swaroop Sham, Senior Product Marketing Manager--Security, Okta
    Want to eliminate passwords? We all do. WebAuthn is a new web standard published by the World Wide Web Consortium (W3C) for users in the era of passwordless authentication for web applications. This new standard offers strong authenticators such as Touch ID or Face ID directly from your browser to keep attackers out while delivering first-class authentication experiences.

    Watch this webinar to learn about:
    - Use cases: Understand how the new standard enables low friction, phishing-resistant authentication
    - Technology: Peak beneath the hood and see the core technical concepts that comprise WebAuthn
    - User experience: Look at the user registration and authentication flows
    - Business impact: WebAuthn helps security and product forge mutually aligned objectives
  • Protect Your Web Applications from Component Vulnerabilities Recorded: Sep 10 2019 46 mins
    Nate Dyer, Product Marketing Director, Tenable
    Web applications are becoming increasingly complex, with most applications now built using multiple layered components, such as web servers, web frameworks, language engines and JavaScript libraries. The growing number of cyber attacks stemming from component vulnerabilities highlights a limitation of conventional scanning for securing web applications. Join Tenable experts to learn how you can go beyond traditional scanning to better protect your web application estate from component vulnerabilities.
  • 5 Identity Attacks that Exploit Your Broken Authentication Recorded: Sep 5 2019 28 mins
    Teju Shyamsundar, Okta, Sr. Product Marketing Manager
    It’s no secret that today’s hackers are smarter than ever before - a motivated hacker can use a variety of different methods to steal passwords from unsuspecting users.

    While two-factor authentication solutions have been around for a while, they're no longer comprehensive enough to defend the new perimeter. Join us to learn the anatomy of common identity attacks, and how to keep hackers out of your organization.

    We’ll discuss:
    - Identity attacks that exploit insecure methods of authentication
    - How to add a smart layer of security over your critical apps, services, and devices
    - What to look for in a multi-factor authentication solution
  • Application of Security Ratings for Emerging Regulatory Compliance Trend in APAC Recorded: Sep 4 2019 58 mins
    Matthew McKenna, VP of International Operations at SecurityScorecard
    This session will explore the emerging regulatory trends in Vendor Risk Management in APAC and demonstrate how Security Ratings can play a key role in supporting enterprises in the establishment of strong governance and compliance oversight for their vendor landscape.

    The session will use a case study based approach and share with you how security ratings work, how to apply them, and how to leverage them to meet the emerging compliance mandates.
  • Achieving Cloud Visibility With Cloud-Native Network Detection & Response Recorded: Aug 29 2019 52 mins
    Amelie Darchicourt, Cloud Product Marketing Manager & Eric Thomas, Director of Cloud Product Marketing, ExtraHop
    Without native network visibility in the cloud, enterprises have been limited to log or agent centric tools to support their cloud migration and to secure their workloads, making it challenging to detect and investigate complex threats in a timely manner. The introduction of Microsoft Azure V-Tap and Amazon VPC Traffic Mirroring finally provides access to context-rich network data for threat detection, investigation and response.

    Join this webinar to learn how to gain visibility in your cloud workloads by leveraging the new network tap features released by the leading public cloud providers. During this session, Amelie Darchicourt, Cloud Product Marketing Manager at ExtraHop, will present the benefits of adopting a cloud-first approach to Network Detection and Response (NDR) and will share insights about how SecOps teams can hold up their side of the shared responsibility model and deliver unified security across the hybrid attack surface.
  • Gaining Decrypted Visibility in Public Cloud with Amazon VPC Traffic Mirroring Recorded: Aug 22 2019 61 mins
    Steve Perkins and Erik Freeland of Nubeva & Anoop Dawani of AWS
    Encryption of all traffic in the cloud is a widely adopted best practice. The new TLS 1.3 standard with Elliptic-Curve Diffie Helman (ECDH), perfect forward secrecy and ephemeral keys renders most traditional decryption methods ineffective and out-of-band decryption essentially impossible. Combined with the distributed and elastic nature of cloud computer architectures and the use of third party services, enterprises have been forced to choose between security and visibility or between security and modern architectures.


    Join us for a “How To” webinar covering the newest possibilities for decryption in the public cloud. During the session, Steve Perkins, Chief Product Officer and Erik Freeland, Director of Customer Success at Nubeva, will discuss the complications and opportunities surrounding the new TLS 1.3 protocols. They will walk through how organizations can implement encryption best practices and also gain full decrypted traffic visibility for intrusion detection, threat hunting, incident response and beyond with the newly announced Amazon VPC traffic mirroring and industry-leading open source monitoring tools.
  • How Machine Learning is Taking Cyber Security Teams to the Next Level Recorded: Aug 20 2019 43 mins
    Tom Cignarella, Director, Security Coordination Center (SCC) at Adobe
    Ten years ago, security leaders couldn’t wait to tell you about their cutting edge use of Linux – nowadays, that’s considered table stakes. Today, the big buzzwords are AI and machine learning – and for good reason. With the computational power we have today, we can apply straightforward math tricks to data and surface insights that are not only interesting and valuable but also may not have been possible five or ten years ago – helping us become faster, more effective and increasingly innovative in our approach to defending systems from the evolving threat landscape we face today.

    While the excitement around machine learning is deserved, Tom believes that much like Linux, it will eventually be something everyone in security is doing. In this webcast, Tom will outline how machine learning fits into the broader cyber security toolbox as a tool to augment – not replace – security teams, surfacing data-based insights and automating mundane, time-consuming tasks to free up precious security analysts time. He’ll also include key learnings from Adobe that security organizations should keep in mind as they explore machine learning, including the type of talent needed to succeed and the importance of good data.
  • Best Practices for Securely Moving Workloads Into the Cloud Recorded: Aug 8 2019 50 mins
    Torsten George, Senior Director, Product Marketing, Centrify
    Organizations are increasingly moving their workloads to the cloud to achieve greater agility, flexibility, and cost savings. In fact, spending on cloud infrastructure services will grow from $39.5 billion in 2019 to $63 billion through 2021 [according to Gartner].

    However, when transitioning to the cloud, it’s critical to understand that cloud security is a shared responsibility between the cloud service provider and the customer. The cloud service provider typically secures the core infrastructure and services while securing operating systems, platforms, and data remains the responsibility of the customer.

    As your organization formulates a cloud security strategy, it is important to remember that the #1 cause of today’s breaches is privileged access abuse. And it takes just one single compromised privileged credential to impact millions of data records and result in millions of dollars in fines.

    To limit their exposure to these attacks, organizations need to move to an identity-centric approach based on a Zero Trust model: “never trust, always verify, enforce least privilege”. This concept should be extended to the organization’s workforce, as well as partners, privileged IT admins, and outsourced IT.

    Our webinar, Best Practices for Securely Moving Workloads to the Cloud:
    - Reviews the state of cloud computing;
    - Details the key threats for cloud environments;
    - Identifies 6 best practices for boosting cloud security confidence in a world of Zero Trust;
    - Showcases how to apply these best practices to critical privileged cloud access use cases;
    - Shares a customer success story; and
    - Outlines the benefits of Zero Trust Privilege.
  • 2019 Cloud Security Threat Report: Understand the Latest Cloud Security Trends Recorded: Jul 25 2019 59 mins
    Jim Reavis, Co-Founder and CEO, Cloud Security Alliance | Kevin Haley, Director, Security Technology and Response, Symantec
    Is your perception of cloud security matching the reality?

    We surveyed security decision makers worldwide to understand their perceptions of the cloud security landscape and compared this to empirical data sources monitored by Symantec.

    Join Cloud security experts, Jim Reavis, Co-Founder & CEO at Cloud Security Alliance, and Kevin Haley, Director Security Technology and Response at Symantec as they discuss:

    • Key findings from the 2019 Cloud Security Threat Report

    • Real world examples of security threats and whether the perception of cloud security matched up to the evolving cloud threat.

    • Emerging trends in cloud security that can help you respond to the evolving attack surface.

    Register Today
  • IT & OT Security Best Practices-Survey Results of Over 700 Global Practitioners Recorded: Jul 24 2019 63 mins
    Robert Healey | Senior Director Marketing, Asia Pacific, Tenable
    Security teams are frequently blind to the IT and Operational Technology (OT) assets, internal and external connections, and vulnerabilities on their industrial control system networks. This visibility gap is one of the key challenges highlighted in a new survey report from the Ponemon Institute.

    To learn more about the report and how its findings compare with your organization’s experience, please join Robert Healey, APAC Marketing Director, Tenable, for the webinar: “Cybersecurity in Operational Technology: 7 Insights You Need to Know.”

    All infosec professionals responsible for and interested in effectively securing converged IT/OT environments are encouraged to join this webinar.
  • Hacker-Powered Data: Security Weaknesses and Embracing Risk with HackerOne Recorded: Jul 23 2019 27 mins
    Miju Han, Director of Product Management, HackerOne
    Vulnerabilities are a fact of life; risk comes with it. Today, companies, enterprises, & governments are embracing collaboration with hackers to find vulnerabilities before criminals have a chance to exploit them. Using 6 years of data from 1,300+ bug bounty programs & 100,000+ valid vulnerabilities, this talk offers new analysis of the most common vulnerabilities not found on the OWASP top 10.
  • Automating Container Security Recorded: Jul 18 2019 41 mins
    Thomas Robinson, Solution Architect, AWS & Dan Hubbard, CEO, Lacework
    Using containers in AWS enables agile orchestration of application capabilities and require less coordination and oversight than on-premises or virtualization infrastructure. While containers allow you to build and release fast, security teams need to assess how they maintain security for these new capabilities.

    In this session, experts from AWS and Lacework will explain how to use Amazon Container Services to easily deliver applications, and how to automate container security so you can enable your DevOps team to build fast while remaining secure.
  • Using User Behavior Analytics to Detect Authentication Anomalies Recorded: Jul 16 2019 55 mins
    Aron Anderson, Senior Security Engineer & Ashwini Cheerla, Security Engineer at Adobe
    In modern cyber battlefield, we face new threats daily where signatures are not necessarily known. Identifying these anomalies in regular behavior is the core of User Behavior Analysis (UBA). Common UBA applications include detection of malicious insider threats, privilege misuse, and compromised accounts. Analytics tools help make sense of varied information provided by security systems to identify potential risks. At Adobe, we generate vast amounts of security data in form of application, system and other logs. In addition, we have environment context data like employee role details and configuration management database (CMDB) data. This security data is an immense source of security intelligence. If collected diligently, the answers are already present, but the trick is to ask the right questions. This information can be compared against a security standard to find security gaps that need to be remediated, which is reactive security. However, if we use machine learning techniques and other analytics tools to ask the right questions, we can proactively identify anomalous activities.

    All of this is part of our broader strategy around Project ZEN – our zero-trust enterprise network initiative first introduced to the ISACA audience at CSX 2018. This talk will dive into more specifics about how ZEN works – specifically around UBA. We leverage UBA to help meet the most recent NIST guidelines around user passwords and remove the need for password changes at regular intervals. We will provide summit attendees with a blueprint they can use for a significant part of their own zero-trust network efforts. We hope that you can learn best practices from our approach that you can leverage in implementing more effective UBA at your organization.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Scaling Cloud Forensics & Incident Response with OSQuery
  • Live at: May 23 2019 5:00 pm
  • Presented by: Sohini Mukherjee, Security Analyst & Andres Martinson, Sr. Security Engineer, Adobe
  • From:
Your email has been sent.
or close