Name: Scaling Cloud Forensics & Incident Response with OSQuery
Start: 2019-05-23T17:00:00Z
End: 2019-05-23T17:00:49.000Z
Location: BrightTALK
Rating: 4.8

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Tackling least privilege in cloud environments is complex; with over 42,000 permissions to manage, tens of accounts, and thousands of identities to create policies for, traditional least privilege is not only impractical, but feels hopeless.

Not to mention, the majority of those 42,000 permissions are mundane; so why are we asking DevOps to spend cycles securing low-risk permissions?

In this session, we’re talking all about action and securing what is most critical. Because, let’s be honest, we’re all looking to maximize risk reduction without frustrating our dev teams by limiting access. 

In this webinar, we’ll explore:
• Why you should focus on sensitive vs non-sensitive permissions
• 5 risky permissions you should look at right now
• Challenges of implementing least privilege with native tooling
• How to build least privilege that scales alongside your cloud
• Implementing global policies that support both security and DevOps efficiency

Join us to learn how your organization can navigate the complexities of cloud security, achieve operational efficiency, and secure your cloud environments with our trailblazing approach to least privilege.

Least Privilege Reality Check: Refining Cloud Access and Permissions

With an increasingly distributed workforce and cloud-hosted data, the SaaS security threat landscape is evolving faster than ever before. Attackers are identifying poorly secured devices and identities to gain access to SaaS applications and the sensitive data contained within them.

Join a panel of cybersecurity experts from Crowdstrike, Valence and Corelight as they delve into:
• The increasing number of attacks on SaaS applications
• How attackers exploit poorly-secured devices to access sensitive permissions & data
• Real-life case studies unveiling where attackers have been successful breaching SaaS-hosted sensitive data  
• Actionable steps to bolster your organization’s risk prioritization, remediation, and threat detection capabilities to stop breaches

Navigating the Security Maze of distributed SaaS Applications and Devices

The movement to the cloud has transitioned businesses and how they work, but the security and data tools used to tackle the new cloud challenges have not transitioned as well. And with all your data fueling the rapid adoption of AI applications, you now face an entirely new set of security risks. Why does it take so long for your cloud security and data tools to provide greater value? What can you do to enable the safe use of AI and associated data? Why can’t we utilize the data and AI to truly understand risk and manage the security posture of all your cloud, data, and AI? Wait… maybe we can.

Join this session to learn how you can forge a modern approach that integrates best-in-class technologies from cloud-native application protection platform (CNAPP) to data security posture management (DSPM), data security platform (DSP), AI security governance, and more. Learn how cloud security architects, vulnerability management, SOC, and GRC teams can combine the power of intelligent context, correlation, and threat intel to get into the mindset of an attacker and understand the risk patterns between modern apps, models, and data.

Key learnings:
• Outcomes achieved from using AI to protect cloud, AI models, and data
• Building intelligent risk and threat analysis model for protecting critical infrastructure and sensitive data in the cloud
• Understanding the incident blast radius and implications of sensitive data exposure
• Scaling remediation practices for addressing cloud and data security issues
• Streamline compliance with security standards, global data protection regulations, and privacy laws

A Smarter Approach to Protecting your Cloud, Data, and AI

Confidential computing can help any organization dramatically improve security without friction and complexity. Workloads can operate with privacy with hardware-level isolation, yet use fully elastic cloud computing, raising the bar on security and privacy over operations. In financial services and Fintechs, Confidential Computing can speed time to market with the highest levels of security, while avoiding spend and effort on software-only solutions that will always be vulnerable.

Join this webinar to learn the story of Portal's journey to integrate their Blockchain infrastructure with Confidential Computing, a pivotal technology currently shaping their security posture. Portal is a rapidly emerging financial technology company. Parsa Attari, co-founder at Portal, will engage in a candid fireside chat with Mark Bower, VP of Product at Anjuna, exploring the progression of Portal's venture into deploying secure enclave technology while meeting critical timelines.

Don't miss this insightful conversation illuminating the transformative power of this enabling technology in the Fintech sector.

Secure Nextgen Fintech: Portal's Fusion of Blockchain and Confidential Computing

Adopting a Zero Trust framework has become imperative for organizations seeking robust protection against cyber threats. In the upcoming webinar, "Mastering Authentication and Synergy in the Zero Trust Ecosystem," we'll delve into the critical aspects of implementing a Zero Trust strategy, emphasizing the necessity of a seamless interaction between various components of your technology stack.

Central to our discussion is the concept of authentication, identified as the cornerstone of the Zero Trust model. We will explore innovative methods for verifying user identities, ensuring that only authorized individuals gain access to sensitive data and systems. The session will also highlight the importance of device verification, a crucial step in authenticating not just the user but the tools they employ in accessing the network.

Furthermore, we underscore the need for continuous authentication – a dynamic process that goes beyond one-time verifications. This approach adapts to real-time changes in user behavior and device integrity, offering an agile response to potential security threats.

Join us for this enlightening session where we will provide actionable insights and practical guidance on integrating a Zero Trust approach into your cybersecurity strategy. Whether you are just beginning to explore Zero Trust or looking to enhance your existing framework, this webinar is designed to equip you with the knowledge and tools necessary for a more secure digital environment.

Authentication in a Zero Trust Security Ecosystem

Almost all of the petabytes of enterprise data land up in new cloud data platforms. This includes sprawling Data Lake, Warehouse, VectorDBs, data movement infrastructure such as Databricks, S3, Snowflake, Redshift, Kafka, Tableau, and so on. This is the new center where all the exciting action is. Emerging AI/ML initiatives, model building, LLMs as well as the traditional analytical and BI applications are growing exponentially. 

But have we invested adequately to secure this modern data stack? Spoiler alert: your CNAPP is completely blind to this! 

The single biggest debate between Data Platform and Security teams is how to provision access to data quickly, while keeping the process secure and compliant. Sounds like an unbreakable impasse? How can the twain meet? 

Join this group of seasoned data platform and security practitioners to unpack emerging challenges around data access governance and privilege management:

• Why data security observability is key to to enable faster risk-informed decisions for data access
• New attack vectors that are opening up on these data platforms
• How Zero Standing Privileges specifically to your Data can drastically reduce the risk of damaging data breaches

Overcoming Barriers to Democratizing Data Access in Your Data Platforms

The rapid rise of AI has introduced new and transformative ways to streamline manual security and compliance processes. IT and business leaders globally recognize the potential. According to the State of Trust Report, 77% already or plan to use AI and machine learning to detect high-risk actions, unsecured cloud storage, unassigned compliance responsibilities, or unrevoked access privileges. 

In this session, Chase Lee, Enterprise GM at Vanta, will cover the current landscape of enterprise cloud security and compliance and the role AI can play in enhancing cloud security. He’ll dive into how AI can streamline compliance processes as well as the potential challenges and ethical considerations in the deployment of AI solutions.

Join to learn:
• Common security challenges that enterprises face in the cloud
• How AI technologies like machine learning and pattern recognition can enhance security measures
• Ways to use AI to streamline compliance processes, such as data classification and access control.
• How AI will continue to shape cloud security and compliance in the future of trust

Accelerating Compliance and Security in Enterprise Cloud Environments with AI

The commitment to developing responsible AI is a shared goal across the industry, recognizing the importance of collaboration among partners. With the cybersecurity field facing a shortfall of 3.5 million unfilled jobs, it's clear that not every organization can afford to build specialized teams for conducting red team exercises on AI and Large Language Model (LLM) products.
 
To address this, Microsoft’s industry-leading AI Red Team has taken the initiative to disseminate its learnings and best practices within the cybersecurity community and is now launching PyRIT (Python Risk Identification Toolkit for Generative AI), an industry-first automation framework. This toolkit, created by the Microsoft AI Red Team, is designed to bolster the safety and security of LLM endpoints.
 
PyRIT is an open-source resource created to enable security professionals and machine learning engineers to proactively identify risks in their generative AI systems. Having been rigorously tested in over 60 red teaming exercises of generative AI systems, PyRIT serves as a powerful supplement to manual testing efforts. It assists in identifying system vulnerabilities more swiftly by adapting its tactics based on the generative AI system's responses, thereby efficiently achieving the security professional's objectives.
 
During the upcoming webinar, participants will be guided on how to effectively utilize PyRIT for red teaming generative AI systems. This includes setting up targets, leveraging datasets, exploring various attack strategies, and utilizing the memory functionality. This session offers an opportunity to learn from the industry's best practices on empowering Red Teams and enhancing organizational security.

Learn from Microsoft’s AI Red Team on how to make your organization safer

Given its value, the data stored in SaaS platforms like Salesforce and ServiceNow is increasingly vulnerable to unauthorized access and data loss. This webinar explores problems impacting SaaS data, such as compromised credentials, deleted encryption keys, security model weaknesses (e.g., sharing, data access, permissions), integration or coding errors, insider threats, and more. It also discusses ways to mitigate the risks associated with SaaS-aware ransomware attacks, to proactively detect problems, and to maintain operational continuity. Hear real-world examples of security incidents and data loss in Salesforce and ServiceNow to illustrate specific risks and learn practical fixes to safeguard your SaaS data from these risks.

Ensuring SaaS Data Security & Resilience in Salesforce and ServiceNow

Does this chaos sound familiar: You have disparate vulnerability remediation processes across development, cloud and infrastructure teams. You are running your VM process using spreadsheets, productivity apps or your own custom software. There must be a more efficient way, right? Listen to two pros discuss why and how to implement scalable remediation operations that take you from chaos to control using fewer resources.

Shrink Your Attack Surface with Unified Vulnerability Management

In recent years, SaaS applications have become the go-to collaboration tools for businesses of all sizes. The agility, scalability, and cost-effectiveness they offer are undeniable advantages. However, this rapid shift to the cloud has also exposed organizations to a host of new SaaS security challenges. As more data and applications migrate to cloud environments, traditional security models are no longer sufficient. In the future, SaaS security will need Zero Trust. 

Zero Trust is a security framework that assumes that no one, whether inside or outside the organization, should be trusted by default. Instead, it requires continuous verification of identities and strict access control. In SaaS, this approach is essential, but to make it truly effective, it demands a comprehensive understanding of the connections and access points in your environment – in other words – total context across all infrastructure. This is why it’s impossible to achieve Zero Trust without context from SaaS. 

In this webinar, Ofer Klein, CEO and Co-founder of Reco, and Dr. Chase Cunningham, VP of Security Market Research at G2 and Zero Trust expert will provide guidance on how to secure SaaS applications within a Zero Trust strategy. They’ll discuss the challenges associated with securing SaaS apps and their access, the context provided by SaaS Security, how to implement SaaS security within Zero Trust, and measuring success.

Zero Trust and SaaS Security: Why Total Context Matters

Get ready to level up your cloud security game! We're rolling out a no-nonsense, straight-talking webinar where we tackle the gap between the theory of least privilege and the messy real-world implementations that could leave your cloud defenses looking more Swiss cheese than Fort Knox.

This session will zero in on why the classic approach to Principle of Least Privilege is often more idealistic than practical. Let's face it: your "least privilege" setups may be handing out keys to your castle like free loot drops. Might be time to respawn your strategies. 

Why You Should Join:
• Identify where your least privilege strategy might be giving away too many permissions and how it’s like over-leveling your noobs – risky and unnecessary.
• Get straight to the practical stuff – actionable ways to go from static, long-term access rights (think: permanent power-ups) to a dynamic, just-in-time access system that actually matches the pace of your cloud environment.
• Swap notes on real-world scenarios, sharing the wins and face-palms that come with managing access in complex cloud setups.
• You'll learn best practices that can be put into play immediately, reducing risk without getting bogged down in bureaucracy or slowing your devs down.

Join us to learn some new trade secrets and defenses that can adapt as quickly as your next sprint. We'll break down those static policies that might be overshooting the mark and arm you with slick, automated strategies fit for a dynamically scaling cloud world.

Rethinking Least Privilege: Dynamic Strategies for an Over-Privileged Cloud

The global supply chain is vulnerable to cyberattacks due to its diverse and multifaceted aspects. Cybersecurity supply chain risk management guidance is essential for businesses to protect themselves, their partners, and their consumers. They must assess cybersecurity risks at all levels of their organization and consider the vulnerabilities of all players involved in creating a product or service, particularly in light of increasing incidences of cyberattacks carried on on supply chains. Threat Actors have shifted their tactics to compromise firms via their supply chains in an attempt to identify and exploit the weakest links, requiring organizations to reevaluate their cybersecurity approach accordingly.

Supply Chain Risk

What’s the definition of being Pwned? It’s a Slang. It’s derived from “owned,” which means to defeat or dominate, especially in a video or computer game.

The proliferation of cloud-based infrastructures has revolutionized the way organizations operate, offering unparalleled scalability, accessibility, and flexibility. However, alongside these benefits, the ever-evolving threat landscape presents a pressing challenge: the identification and prevention of anomalous lateral movement within cloud environments.

Attackers nowadays are looking for ways to own a cloud infrastructure so they can conduct various malicious activities ranging from hosting malware sites, crypto mining, data exfiltration, etc. They want to fly below the radar and continue the parasitic relationship with the business owners operating in public clouds.

The attackers know that if they create any suspicious activity, they may be caught and stopped, but imagine a situation where there are “No Red Flags” and everything seems to be normal and they continue their malicious intent. Most of the time, businesses don’t realize that. their public cloud infrastructure is compromised by using shadow access to their and they continue to pay for it. This is where every business needs to monitor if they have been continuously pwned or can be pwned to take corrective actions to fix it.

Is my Cloud Pwned?

Explore the transformative impact of Generative AI (GenAI) on data security in the webinar "GenAI and Data Security: Insights from the Forefront," led by Natia Golan, CPO at Flow Security. Esteemed security experts Christy Peel (Director of Security Engineering & Attack Surface Management at Staples) and Moran Ashkenazi (VP Security Engineering and CSO at JFrog) will dissect GenAI's implications on data generation, processing, and protection.

The discussion will tackle challenges and opportunities, emphasizing data integrity, privacy, and potential breaches. Discover how organizations integrate GenAI into their security strategies, examining current usage, management preparedness, and the development of policies to counter unique risks.

The panel will also explore future implications of GenAI on data security, offering insights into evolving threats and strategic adaptations for robust protection. Tailored for data security professionals, business leaders, and tech enthusiasts, this webinar promises a thought-provoking session blending theoretical knowledge with practical insights from top experts. Don't miss this opportunity to gain a deep understanding of the evolving landscape of data security in the GenAI era.

GenAI and Data Security: Insights from the Forefront

The major breaches of 2023 were primarily associated with SaaS applications. Despite the critical role SaaS apps play in numerous businesses, many security teams do not have the expertise and tools to safeguard against these breaches. This is where SaaS Security Posture Management (SSPM) can help.

Join us for a review of the SaaS breaches of 2023 as we:

• Highlight methods and mitigations used in 2023 SaaS breaches
• Assess tactics for breaches in 2024
• Discuss the significance of a posture-centric approach to SaaS Security

I Just Can't Wait to be Secure: 2023's SaaS Breaches

Speed and agility are what make cloud attractive to many organizations. But at the same time, bad actors are weaponizing cloud automation and public access points to launch attacks in as little as ten minutes. In a constantly evolving arms race, generative AI is the next frontier that security teams must embrace to speed analysis and automate their cyber defenses to keep up. 

Join us as we discuss the latest in generative AI, debate its merits and how to use it to save you time in risk analysis and improve your defenses. We’ll dive into:

• The impact of AI in cloud security - the good, bad, and ugly
• How to architect gen AI into your security stack
• Protecting your data and privacy when using Gen AI
• Discover how cloud security teams are using gen AI for today

Register now and don’t miss out on this opportunity to get ahead of this fast-moving technology trend. Take back critical learnings on using gen AI to your advantage in securing your cloud environment in less time and wasted effort.

Generate This: Bringing AI to Cloud Security

Join Lacework for a fireside chat with Phil Bues, Cloud Security Research Manager at IDC and Andy Schneider, Field CISO at Lacework, as they dive into the challenges and best practices for managing cloud identities and entitlements. 

In this session, we’ll cover:
• Security posture management for cloud-native apps
• The identities and entitlement challenges that come with cloud migration
• How organizations can reduce identity risk
• Future trends and technologies, like continuous monitoring, remediation automation, AI/ML, and more

CIEM Chat: How to Reduce Cloud Identity Risk

An enterprise has a diverse environment (cloud instances, servers, workstations) in which to try and detect potential security incidents. The ability of an incident response team to work quickly and at necessary scale is imperative when incidents do unfortunately occur. After an initial compromise, attackers often move laterally in an environment, trying to establish a foothold and escalate privileges. While they try to remain stealthy, they almost always leave behind footprints. Detecting and analyzing these footprints quickly and accurately to scope the issue is critical. 

This webcast will explore a scalable approach developed by the Adobe security team that relies on open source tools like OSQuery. The goal was to develop techniques that can be leveraged to more quickly and easily investigate large groups infrastructure components for initial triage, basic forensic analysis, and to also help proactively detect threats. Attendees will learn about the techniques we developed that they can then go apply to their own environments to help with their incident response efforts in the cloud.

Scaling Cloud Forensics & Incident Response with OSQuery

Cloud Forensics

Incident Response

OSQuery

Open Source

Cloud Security

Incident Detection

Cyber Security

Threat Detection

Adobe

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Scaling Cloud Forensics & Incident Response with OSQuery

Presented by

About this talk

More from this channel