Hi [[ session.user.profile.firstName ]]

Mapping Your Way Through AppSec Challenges

It is always important to stay current and explore new technologies. John Lambert is often quoted for saying, “Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.” This was one of the concepts that had originally hooked Peleus on the idea of exploring graphs in our tooling. There have been many examples of graph databases used to solve problems in network security, spam & fraud detection, and cloud configuration issues. Graphs have even been argued as a necessary component to move machine learning to the next level. However, there are not many examples specific to cloud app security.

In this webcast, Peleus Uhley, Principal Scientist & Lead Security Strategist at Adobe will explore some possible options for using graphs and graph databases to help accelerate solutions to some cloud security problems.
Live online Apr 23 5:00 pm UTC
or after on demand 60 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Peleus Uhley, Principal Scientist & Lead Security Strategist at Adobe
Presentation preview: Mapping Your Way Through AppSec Challenges
  • Channel
  • Channel profile
  • Nefarious Uses of Cloud: A Case Study from Defending a Security Conference Jul 29 2020 6:00 am UTC 45 mins
    Wong Onn Chee, CTO, Resolvo & Co-Chair, CSA APAC Research Advisory Council
    As organisations increasingly move to the cloud, so do the attackers. Come and listen to Onn Chee on how the cloud was used to attack a security conference's websites on the cloud, the profile of the attackers from cloud and how did the conference organisers defend against them. In addition, Onn Chee will share on lessons learnt and a new pro-active approach to cloud defense by looking at IoR - Indicators of Reconnaissance - which is the first step in the Cyber Kill Chain, instead of IoC - Indicators of Compromise - to achieve faster and pre-emptive disruption to the Cyber Kill Chain.
  • Emerging Top Threats in Cloud Computing – What We Can Do About Them Jul 15 2020 6:00 am UTC 45 mins
    Moderator : Jim LIM, Panelists: Raju CHELLAM, Nigel LIM, Steve NG
    With cloud becoming the preferred IT infrastructure, understanding the emerging security threats is important. A recent CSA study showed that traditional cloud security issues (such as DDoS, shared technology vulnerabilities, CSP data loss and system vulnerabilities) that are under the responsibility of CSPs are now overshadowed by the need to address security issues that are situated higher up the technology stack which are the result of senior management decisions (such as misconfiguration, inadequate change control, and a lack of cloud security architecture and strategy). Please join our panel of industry experts to appreciate the shifts in cloud security issues.
  • Cloud Incident Response Need Not be Reactive Jun 24 2020 6:00 am UTC 45 mins
    Alex Siow, Chairman CSA Singapore Chapter
    In today’s connected era, a comprehensive incident response is an integral aspect of any organization aiming to manage and lower their risk profile. A good incident response needs to be useful not only when dealing with incidents caused by malicious threat actors, but should also be applicable in a variety of other situations such as downtime caused by an unexpected power outage or cut internet fiberfra due to roadworks. There are, however, different considerations when it comes to incident response for cloud-based infrastructure and systems, due in part to the nature of its shared responsibility.

    Additionally, with a number of incident response standards, frameworks and guidelines available, it could be confusing for cloud providers and users to make sense of them for their cloud incident response (CIR) procedure. CSA’s CIR Framework will serve as a go-to guide for cloud users to effectively prepare for and manage the aftermath of cloud incidents, along with serving as a transparent and common framework for CSPs to share cloud incident response practices with their customers.

    This talk will cover key contributions of the CIR Framework to the cloud community, and also make available a Quick Guide that distils the main objectives and overview of the CIR Framework.
  • The S in IoT stands for Security Jun 3 2020 6:00 am UTC 45 mins
    Moderator: Suresh AGARWAL, Panelist: Aleksandar ANDRIC, ​Jim LIM, Haojie ZHUANG
    Internet of Things (IoT) and connected devices promise tremendous benefits and a new wave of business opportunities. This hype is best balanced with caution especially with respect to security. Along with new revenue opportunities, IoT introduces points of vulnerability for data thefts and loss of device control. Such data breaches and loss create negative impact on a large scale. With devices connected to the Internet, the large attack surface offers numerous points of peril. Come and learn from our panel of experts on the risks and how to manage the perils effectively before you embark your IoT journey.
  • Cybersecurity, Data Protection Policies, and Cloud Adoption in APAC May 27 2020 6:00 am UTC 45 mins
    Lim May-Ann, Executive Director, ACCA
    Over recent months, there has been an increasing number of cyber-breaches being reported in Asia Pacific, particularly from the public sector. Yet there have also been an increasing number of cybersecurity and data protection policies being put in place. Are these sufficient to assuage the public’s concerns about cloud computing and shared services? What are the trends in cybersecurity and data protection regulations within the Asia Pacific and ASEAN region?
  • Break the Top 10 Cloud Attack Kill Chains May 7 2020 5:00 pm UTC 60 mins
    Rich Mogull, VP Product, disruptOps
    As cloud adoption matures, so do cloud attacks. This session will highlight the top 10 cloud kill chains and how to break them. The presenters will lay out each step of the chain, which are the easiest to snap, and which common security defenses work across multiple chains.
  • Managing security in the cloud today VS networks "back in my day" Apr 28 2020 5:00 pm UTC 60 mins
    Jim Reavis, CEO, CSA | Karen F. Worstell, CISO | John DiMaria, CSA | Vincent Campitelli, CSA
    In our increasingly interconnected world, the cloud is the answer. Services like Microsoft Office 365, Google Drive and AWS have embraced its ability to store data online and have created services to capitalize on its potential. Data access is never a problem if you have an internet connection. But before the dawn of the Internet, cloud computing didn’t exist. It simply couldn’t. The panel on this session was certainly around before the dawn! That’s why they don’t sweat the challenges that come with the cloud today, because they lived through the early days when solutions to IT Security problems had to be invented as you go “and they liked it”!

    Join us as this distinct panel that represents the “grumpy old people” of security today discuss the evolution of compute and how being in the trenches of the “old days” has allowed them to make significant contributions to better security solutions today.
  • Mapping Your Way Through AppSec Challenges Apr 23 2020 5:00 pm UTC 60 mins
    Peleus Uhley, Principal Scientist & Lead Security Strategist at Adobe
    It is always important to stay current and explore new technologies. John Lambert is often quoted for saying, “Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win.” This was one of the concepts that had originally hooked Peleus on the idea of exploring graphs in our tooling. There have been many examples of graph databases used to solve problems in network security, spam & fraud detection, and cloud configuration issues. Graphs have even been argued as a necessary component to move machine learning to the next level. However, there are not many examples specific to cloud app security.

    In this webcast, Peleus Uhley, Principal Scientist & Lead Security Strategist at Adobe will explore some possible options for using graphs and graph databases to help accelerate solutions to some cloud security problems.
  • Cloud Adoption Considerations for IoT and OT Apr 21 2020 6:00 am UTC 45 mins
    Shih Hsien Lim, Chief Security Officer, SP Group
    IoT in the enterprise will generate new information and business models that will strain on-prem capabilities and resources. The challenges can be resolved by judicious of the cloud. This potential upside needs to be weighted against risks around data privacy, visibility, and (in)effectiveness of traditional security tools and approaches.

    The increasing digitisation of OT (Operations Technology) will impose similar challenges, with the added key dimension of safety on top of the traditional tripartite of confidentiality, integrity and availability.

    The talk will thus dive deeper into these real-world challenges and share some practical considerations and approaches.
  • CSA's Executive Series: Using CSA Control Framework for Regulatory Alignment Apr 14 2020 5:00 pm UTC 60 mins
    Michael Mazza, Executive Director - Enterprise Technology & Risk - Morgan Stanley
    In today’s environment, we are faced with conflicting challenges. Our businesses want us to advance the use of cloud to improve costs and time-to-market. The major CSPs are coming out with new functionality literally every day, and tout the Shared Responsibility model for security and governance. Yet the regulators still hold us to managing risk. How can we show regulators that their guidance is being heeded within our internal control environment when we use CSPs? Join for a discussion on how to make sure that regulators, vendors, and your internal staff can speak the same language.
  • Stay Secure: In the Face of a Pandemic, Cyberattackers Seek to Take Advantage Apr 7 2020 5:00 pm UTC 60 mins
    Thomas Martin, Founder, NephōSec | Chris Hertz, Chief Revenue Officer, DivvyCloud
    Join Thomas Martin, former GE CIO and Founder of NephōSec, and Chris Hertz, Chief Revenue Officer of DivvyCloud, for a deep dive into the current state of cloud security and practical guidance on ways to stop cyberattackers who seek to take advantage of the disruption caused by the coronavirus pandemic. Topics covered include:

    - Discussion of the increased challenges faced by security and IT professionals during times of crisis.
    - Key findings from the 2020 State of Enterprise Cloud Adoption and Security Report as a guide to what to focus on.
    - Critical actions and steps that enterprises can take to protect their cloud environments from cyberattackers.
  • CSA's Executive Series: When AI Goes Wrong Apr 2 2020 4:00 pm UTC 60 mins
    Bob Gourley, CTO and Co-Founder of OODA
    Join Bob Gourley, CTO and Co-Founder of OODA, to learn about when AI goes wrong including...
    - 6 categories of real-world AI failures
    - notable failures in operational systems
    - compliance needs
    - a guide for securing AI for framework
  • Top 5 Latest Cloud Security Hacks and How You Can Avoid Them Recorded: Mar 17 2020 61 mins
    Roger Grimes, Data-Driven Defense Evangelist at KnowBe4
    Most people know that cloud security overall is often better than traditional on-premise security. However, that doesn’t mean that cloud products can’t be hacked or misconfigured even if you are using the best security practices. Social engineering is the number one threat to your cloud security that nobody is talking about, and your users are the last line of defense against these hacks!

    Join Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, as he breaks down the ways that bad actors can get around even the most up-to-date cloud security defenses and what you can do to keep your cloud safe. He’ll discuss:

    - Top 5 hacks the bad guys can use to get around your cloud security defenses
    - How to defend your organization against these hacks
    - The role that your users play in an effective defense strategy
    - How to spot (and stop) these types of attacks before it’s too late

    Attend this webinar to learn about various cloud hacks and how they compromise security, and what you can do to help better defend against them!
  • The Underrated Link Between Malicious Code & Cloud Security Recorded: Feb 18 2020 42 mins
    Itai Tevet, CEO at Intezer
    In order for an adversary to conduct a successful cyber attack and inflict any kind of damage, they must run malicious code or commands on a victim’s machine. This fact also holds true in the world of modern cloud infrastructure, which usually comprises numerous Linux servers, containers and other services that can potentially run unauthorized software.

    While there's a lot of publicly available information about securing the CI/CD process and pre-runtime scans, in this webinar, we will focus on best practices for securing your workloads in runtime. We will further explain how monitoring code in-memory can help to detect and quickly respond to cyber threats in public or private cloud servers.
  • Re-thinking vulnerability management in the era of Hybrid IT & DevOps Recorded: Feb 13 2020 58 mins
    Prateek Bhajankam,VP of Product Management & Badri Raghunathan, Director of Product Management at Qualys
    The digital transformation through Hybrid IT and DevOps has fundamentally changed how organizations operate – with major security implications. How do companies detect and manage vulnerabilities when the enterprise network constantly evolves, and code written this morning gets deployed this afternoon? This requires enterprises to take a proactive, continuous and automated approach to security. Join this session to learn from industry experts on how enterprises should approach vulnerability management and take a wholistic approach that goes beyond traditional metrics. The speakers will detail how enterprises can implement a fully integrated vulnerability workflow – from asset inventory/discovery to vulnerability detection to prioritization and finally to remediation and patching.
  • Zero Trust and the Flaming Sword of Justice Recorded: Feb 11 2020 55 mins
    Dave Lewis, Global Advisory CISO, Duo Security (now part of Cisco)
    Security breaches pervade the headlines. What was seen as a rare instance just 5 years ago now seems to occupy the daily news cycle. A lot of these data breaches are made possible due to missteps and misconfigurations. There are many security issues introduced into website authentication mechanisms that further compound the security issues in addition to enforcing bad behavior by the end users. Security debt is a real problem for the vast majority of organizations in the world today and the attackers will utilize this to their advantage. In addition to keeping system hygiene at front of mind, defenders need to focus on proper network zone segmentation or, as it more popular term these days, zero-trust networks. The old conceptual style of a castle wall and moat to defend a network was deprecated several years ago. As a result of the dissolution of the traditional perimeter, a stronger focus has to be placed on the strength of authentication, authorization, and trust models for the users.

    The antiquated notion of an information security practitioner running through the office brandishing their flaming sword of justice above their heads screaming “thou shall not pass” has at long last reached the denouement. Whether you are responsible for the security in a financial organization or one that makes teddy bears it is necessary to adapt and learn to trust but, verify."
  • Rethinking DLP as You Move to the Cloud Recorded: Jan 30 2020 58 mins
    Justin Collins, Senior Director of Professional Services, Proofpoint & Jim Reavis, CEO, CSA
    Whether it’s financial, bank or credit card data, customer or patient information, or intellectual property, the goal of cybersecurity is to protect sensitive data and prevent unwanted access or theft. Legacy DLP solutions often fall short of that goal when you move to the cloud. With the adoption of SaaS applications such as Office 365, G Suite, Slack or Box, the cloud has become the other major channel of data sharing next to email. Securing access to a cloud app such as Office 365 in itself presents a new and significant challenge, let alone protecting sensitive data in the cloud. It is time to rethink DLP and adopt a solution that can unify DLP for email and cloud apps, but is also risk-aware. How can you better your approach in 2020?

    Join us as Proofpoint’s Senior Director of Professional Services, Justin Collins and CSA's CEO, Jim Reavis, discusses the steps for you to consider when transforming your DLP solution. In this session you will learn:
    - How to better discover and protect your organization’s sensitive data with CASB
    - How to unify DLP incident management for cloud apps, email and more
    - How to better identify sensitive data exposures and ex-filtration when an account is compromised
  • How NDR Powers Event-Driven Security in the Cloud Recorded: Jan 28 2020 44 mins
    Ryan Davis, Senior Manager, Cloud Product Marketing & Vince Stross, Principal Security SE at ExtraHop
    For public cloud customers, event-driven security isn’t just practical—it’s expected. Although organizations still rely on perimeter-focused technologies, they’re moving away from a strictly protect-and-prevent mindset to one that includes detect-and-respond capabilities.

    In this webinar, we’ll dig into how network detection and response (NDR) can power event-driven security in the cloud. Topics will include:
    - How virtual taps enable agentless NDR in the public cloud
    - How NDR completes Gartner’s SOC Visibility Triad in the cloud
    - How NDR can be used for response automation
  • Anatomy of a Cloud Data Breach Recorded: Jan 23 2020 49 mins
    Bob Gilbert; Chief Evangelist, Netskope
    Cloud adoption is exploding with nearly 1,300 cloud apps in use in an average enterprise. From suites like Office 365 to collaboration tools like Slack, the cloud has enabled new levels of productivity resulting in enterprises gaining strategic advantages. Enterprises are not the only
    ones benefitting from cloud adoption. Bad actors are using the cloud to bypass legacy defense mechanisms and harvest credentials, deliver malicious payloads, and steal data. Join this informative session to learn about a couple of recent cloud data breaches and dissect how these breaches occurred and best practices to reduce the chance it will happen to your organization. You will learn:

    • About new attack scenarios that involve using the cloud to bypass traditional security tools
    • How the cloud-enabled kill chain forces a rethinking of how to defend against threats such as Clouphishing and data exfiltration
    • 5 steps to protect against cloud threats
  • A Strategic Approach to IoT Security Best Practices and Standards Recorded: Jan 16 2020 50 mins
    Brian Russell, Co-chair, CSA IoT Working Group & Gonda Lamberink, Global Senior Business Development Manager, UL
    The market for IoT products continues to expand, with increased quantities of devices being integrated into consumer and business networks.  These products are turning into always-on services that incorporate cloud connectivity and expose many points of interconnection.  Automation is beginning to take hold on top of this layer of pervasive connectivity and users are becoming ever more reliant on workflows enabled by these systems. Even as the reliance on IoT systems continues to increase, manufacturers are still not getting cybersecurity right.  There are still far too many instances where even basic security controls are not enforced in IoT products.  This is concerning especially given the adoption of safety-critical and health-critical devices being introduced onto the market, and growing risk of data breaches and related security compromises next to an increasing prevalence of botnets and large-scale automated, distributed attacks. 

    As the future unfolds, the ‘attack surface’ will only grow larger and the public will be put at increasing risk if strategic changes do not occur immediately.  To this extent, UL and the Cloud Security Alliance (CSA) have partnered to better understand the current state of IoT cybersecurity regulations, standards and best practices through primary research.  Our aim is to identify gaps in coverage that could lead to deployment of insecure IoT services and systems.  In this webinar, we will share the results of that research and discuss our strategic approach to fixing the current state of IoT security based on constant collaboration between industry stakeholders, government agencies and enterprise users.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa, @CSAResearchGuy

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Mapping Your Way Through AppSec Challenges
  • Live at: Apr 23 2020 5:00 pm
  • Presented by: Peleus Uhley, Principal Scientist & Lead Security Strategist at Adobe
  • From:
Your email has been sent.
or close