Hi [[ session.user.profile.firstName ]]

Build a Robust App Control Strategy for your Cloud Workloads

The use of application control (also known as whitelisting) is considered to be a robust and essential Cloud Workload Protection strategy largely due to the high predictability of cloud environments.

But it does not prevent all cyber attacks. Attackers can exploit vulnerabilities in trusted applications or utilize whitelisted apps for malicious intent—referred to as “Living off the Land.” App control also presents some operational headaches, requiring strict and often unrealistic policies.

This webinar explains how to build a robust application control strategy that is informed by these challenges. Learn what capabilities you should consider when evaluating a Cloud Workload Protection Platform (CWPP).
Recorded Jun 2 2020 58 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Itai Tevet, CEO at Intezer
Presentation preview: Build a Robust App Control Strategy for your Cloud Workloads
  • Channel
  • Channel profile
  • Security Meets Privacy on the Cloud - A Better Understanding Mar 31 2021 8:30 am UTC 45 mins
    Tze Meng TAN, Madhav CHABLANI, Riwzi WUN, Sarbojit M BOSE
    Panel Discussion

    Security and privacy are twins when it comes to providing tools to secure the users' data. However, they are un-identical twins; they are different. Security relates to the protection of data from threats, such as hackers, while privacy encompasses how personal data is collected, managed, stored and shared. Enterprises today are realizing the importance of both, since business impact will be immense if these issues are ignored.

    MODERATOR : Tze Meng TAN (Head of Data Cloud Department, Digital Infrastructure and Services Division, MDEC)
    - Madhav CHABLANI (Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting)
    - Riwzi WUN (Partner, RHTLaw Asia)
    - Sarbojit M BOSE (Education Director, CSA Singapore Chapter & CCSK Instructor)
  • How privacy & security professionals can cooperate to achieve compliance Mar 31 2021 7:45 am UTC 30 mins
    Francoise GILBERT (Global Privacy Strategist, CEO of DataMinding, Inc.)
    How privacy & security professionals can cooperate to achieve better compliance with laws & standards, reduce risks & costs to their organization

    The pandemic has caused drastic changes in the way in which most entities operate. In this new ecosystem, cloud services have become the primary source of computing and processing capabilities. Increased use of cloud services requires increased workforce to manage and operate these systems, and ensure that compliance requirements are met and best practices maintained. Cloud services encompass numerous privacy and security issues. At a time when privacy and security professionals are scarce, organization may help increase efficiency and do more with less if they can encourage privacy and security professionals to cooperate in their tasks.
    In this session we will discuss some of the new privacy and security issues that cloud users and providers may be facing, and how cooperation between privacy and security professionals might help increase efficiency.
  • An In-depth Look at the Obligations Arising from Data Breaches Mar 31 2021 7:00 am UTC 30 mins
    Rizwi WUN (Partner, RHTLaw Asia)
    The presentation will look at obligations and desired responses arising from data breaches.
  • The Promise and Pitfalls of Committing to Cloud Mar 31 2021 6:15 am UTC 30 mins
    Steven SIM (President, ISACA Singapore Chapter)
    Securing Authorization and Architecture Off-Premise

    With accelerated cloud adoption particularly during the COVID-19 pandemic, cloud has become a life-line to numerous organizations for sustaining their operations working from home, but yet it also raises the concern of embroiling into a cyber pandemic of malware outbreak, data breaches and disrupted operations. This presentation hopes to help the audience to navigate the realities of on-premise to cloud migration and address key security concerns relating to new vectors of attack that off-premise operations invite.
  • Blockchain is here to Stay and Being Attacked - How we fix it? Mar 31 2021 5:30 am UTC 30 mins
    Kurt SEIFRIED (Chief Blockchain Officer & Director of Special Projects, CSA)
    Blockchains are here to stay, and they’re being attacked. Why? Because that’s where the money is, literally (have you seen the price of Ethereum lately?). Combine this with Turing complete smart-contracts (often with security flaws) and it becomes obvious why attackers are so interested. The good news is that we’ve done this before, and we can not only learn from the past but we know what the gaps are this time around and we can close them faster. In this session, I’ll cover the real attacks we’re seeing today, and the attacks we can expect to see tomorrow. We’ll also talk about how to prevent them, and what the future (might) bring with respect to Blockchain security.
  • Cloud Security in the Age of Hybrid Clouds Mar 31 2021 4:15 am UTC 45 mins
    Onn Chee WONG, Narudom ROONSIRIWONG, Ian LOE, Feng ZOU
    Panel Discussion

    Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? Is a hybrid cloud one or two clouds? How does a CSC manage two different clouds under different ownership? And ensure their different security compliance? What are the challenges in using hybrid clouds?

    MODERATOR : Onn Chee WONG (CTO, Resolvo Systems Pte Ltd)
    - Ian LOE (CTO, NE Digital)
    - Narudom ROONSIRIWONG (SVP & Head of IT Security ​Kiatnakin Phatra Bank & Co-chair, Hybrid Cloud Security WG, CSA)
    - Feng ZOU (Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG, CSA)
  • Embracing ICS with Cloud Computing Necessitate Clarity of Vision Mar 31 2021 3:30 am UTC 30 mins
    ​William HO (Co-chair, ICS Security WG, CSA)
    Understanding the trends, security concerns and state of Industrial Control Systems (ICS) cloud helps pave the way. ICS with access to the cloud via web-enabled services are where IT and OT (Operational Technology) converge resulting in an integrated process and information flow that brings with it a more complex architecture. As ICS advances from communicating with networks within the enterprise to interacting externally via IoT platforms and the cloud, the efficiency, effectiveness and scalability, improve. These advances create additional complexity and a larger attack surface which in turn has increased the opportunity for cyberattacks.
  • Mitigation Measures for Risks,Threats & Vulnerabilities in Hybrid Cloud Mar 31 2021 2:45 am UTC 30 mins
    Feng ZOU (Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, Hybrid Cloud Security WG)
    Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper. However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This presentation will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices.
  • Hybrid Cloud and Its Associated Risks Mar 31 2021 2:00 am UTC 30 mins
    Narudom ROONSIRIWONG (SVP, IT Security, Kiatnakin Phatra Bank, Thailand & Co-chair, Hybrid Cloud Security WG, CSA)
    As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.This presentation will provide the overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases.
  • How to Achieve Effective Cloud Security Mar 30 2021 5:00 pm UTC 60 mins
    Jorn Lutters, Sr Security Architect Lead - Public Cloud, Sophos
    Cloud security is on everyone’s mind, from CEOs and CISOs to admins and endusers. As a result, cloud security spend has increased exponentially in recent years, yet companies still struggle to effectively and efficiently secure their cloud environments. To solve this problem, companies must radically rethink the concept of cloud security by pivoting from the traditional security paradigm to embracing the cloud. They must leverage and practice good architecture to build environments where security is part of the very fabric of the solution.

    Join Jorn Lutters, Sophos Sr. Security Architect Lead, Public Cloud, for a deep dive into cloud security architecture best practices and how automation and integration can help you optimize the effectiveness of your cloud security spend.
  • Leveraging Compliance Automation for Our Cloud-First World Mar 25 2021 4:00 pm UTC 60 mins
    Scott Schwan, Co-founder and CEO of Shujinko
    Attendees of this presentation will gain insight into:
    - What is driving change and how will it play out?
    - What are the implications for security, compliance, and audits?
    - What is the right level of automation to increase efficiency but not incur additional risk?
    - Why will automation augment and not replace IS audit, control, and security professionals?
    - How are compliance automation tools being adopted today?
  • Utilizing Inherent Risk for More Efficient Vendor Management​ Mar 16 2021 5:00 pm UTC 60 mins
    Tanner Boswell, Solutions Engineer, Onetrust
    The risks and importance of your third parties vary drastically. To build an efficient third-party risk management (TPRM) program, its critical to prioritize which vendors and suppliers present the most risk, as well as which ones are essential to your operations.​ Insight into your third parties’ inherent risks can change the way you run your TPRM program, helping to increase security and performance. By understanding where to prioritize your time, you can onboard key vendors faster, spend the right amount time performing due diligence, and invest the most resources assessing and monitoring the third parties that matter most.​

    In this webinar, you’ll learn how inherent risks can help you: ​
    – Determine the type, depth, and level of validation for vendor assessments​
    – Tier your third parties by criticality​
    – Build workflows across teams and involve the right stakeholders at the right time​
    – Streamline and scale your TPRM program
  • Taking a Disciplined and Rigorous Approach to Managing IT Risks Mar 11 2021 5:00 pm UTC 60 mins
    Aidan Collins, Head of Enterprise Business, Hyperproof & Jacques Nack, CEO, JNN Group
    Organizations today are operating in a “risk-volatile” business landscape. Technology adoption is accelerating and so is reliance on third parties. COVID-19 disrupted operating models of organizations like no other; the shift to mass remote work exacerbated security, data privacy and compliance risks. Risk failures can be quite expensive, ranging from compliance penalties to operational disruption to the loss of key stakeholder support.

    Organizations that don’t take a rigorous approach to IT risk management will struggle to maintain their desired risk profile and miss critical issues -- even as they spend more money and time on cybersecurity and security assurance. In this webinar, we’ll discuss why a shift to a more disciplined risk management approach is necessary, and how to make that shift from a practical standpoint.

    Key topics covered include:
    - Characteristics of today’s IT risk landscape and why taking a risk-first approach is more important than ever before
    - Compliance Operations methodology -- a new methodology to manage IT risks in a consistent, disciplined approach
    - How to take an incremental approach to standardize and automate key security assurance tasks
  • SolarWinds is the Tip of an Iceberg: Securing Office 365 Connected Clouds Mar 9 2021 6:00 pm UTC 60 mins
    Mahesh Rachakonda - VP Product & Solution Engineering, CipherCloud and Matt Hines, VP Marketing, CipherCloud
    The biggest takeaway from the SolarWinds attacks shouldn’t be that it may have employed over
    1000 hackers, or that its full implications won’t be known for many months - it is that this
    targeted compromise of Microsoft Office 365 is relevant to so many organizations.

    What the SolarWinds campaign proved is that any organization exposed to an Office 365
    account compromise could experience the same lateral escalation that resulted in this
    devastating incident - driven by trust relationships existing across connected clouds.

    How do security leaders and operational practitioners respond to this troubling event?

    Join us for an informational “how-to” best practices webinar to discuss tactics for securing Office
    365 and connected cloud applications from attacks. We’ll outline key topics including:
    -Adapting Office 365 access controls based on user, data and device context
    -Logging cross-cloud incidents to investigate problematic events
    -Using analytics to Identify lateral threats across Office 365 and other clouds
    -Amplifying native Office 365 data controls with DLP, E-DRM and encryption
    We’ll also touch on elements of the MITRE ATT@CK Cloud Matrix that can be used to help
    frame defenses in depth.

    Register today!
  • The Great Cloud Dispersion Recorded: Mar 4 2021 54 mins
    Chris Hodson, CISO, Tanium & Ryan Andorfer, VP of Cloud Engineering, Tanium
    The breakneck adoption of cloud and edge computing – be it public, private, or hybrid – continues at a rapid pace, and the COVID-19 pandemic has only accelerated this existing trend. However, securing the dispersion of your infrastructure and data to the cloud is critical to your organizations success. In a recent report by Cloud Security Alliance, data breaches and mismanagement are high on the list of concerns for organizations.

    But with the rapid growth of cloud infrastructure -- SaaS, PaaS, IaaS and more -- how are businesses and organizations managing this growth, adapting to new processes, environments, and distribution models while maintaining a security posture that keeps data, endpoints and users safe from threats?

    In this webinar, we will cover the benefits, the myths, and challenges of taking years of on-premises footprint and rapidly evolving that infrastructure to meet a cloud-first model - all while keeping security top-of-mind. Tanium’s CISO, Chris Hodson, and VP of Cloud Engineering, Ryan Andorfer, will highlight a real-life example to discuss the challenges, learnings, and best practices to ensure even greater security in a cloud infrastructure.
  • AI is Coming to Every Data Center Recorded: Mar 2 2021 37 mins
    Jason Dudash, Chief Architect, Red Hat & Kevin Jones, Principal Product Manager for Nvidia EGX
    AI can enable organizations to improve, innovate, and accelerate their business. AI/ML and data science solutions are being implemented across all industries, including Government. From supply chain to customer experience, there is enormous potential for digital innovation gained from adopting AI/ML in your technology stack.

    However, integrating effective AI capability in the past was challenging. The footprint of these solutions is often hybrid - across data centers, public clouds, and edge locations. Figuring out and building a platform necessary for these distributed workloads is complex and difficult to maintain. This challenge becomes even more difficult when layering on data science. The right architecture is essential to enable leveraging existing applications and in creating new modern data driven applications. A good architecture starts with hardware and continues up through software layers that allow rapid development, delivery, and operation.

    Join Red Hat and NVIDIA for a session where you will learn about the future of smart systems where AI/ML capabilities are fully integrated into every data center.
  • How Shutterstock Implemented DevSecOps from the Ground Up Recorded: Feb 25 2021 47 mins
    Christian Bobadilla, Director of Product and App Security, Shutterstock & Simon Maple, VP Developer Relations, Snyk
    Modern security tools are easy to buy; it’s people’s mindsets and culture that are hard to change. Shutterstock’s AppSec team knew this when implementing a DevSecOps strategy throughout their organization. Its global digital media platform is built heavily on cloud native applications; including containers, microservices, and Kubernetes. Securing it all, at scale, has been no small task. A big focus area of this transition has been the people. How engineers and security teams work together and how they deal with security issues in their software delivery pipelines

    Join this session to learn how Shutterstock’s Director of Product and Application Security, Christian Bobadilla, built security into the development culture of Shutterstock from the ground up. Christian will share his experience working with developers on embedding security throughout the SDLC, reducing vulnerabilities in their cloud native applications, and ultimately embracing a new security culture.
  • The Emerging Threat of Digital Risk and Brand Exploitation Recorded: Feb 23 2021 17 mins
    Danielle Papadakis, Product Manager, Mimecast & Orly Bar Lev, Global Marketing Manager, Mimecast
    Digital transformation and the reimagining of business processes, employees' working virtually, and online customer engagement all have two things in common, the Web and the dependence on trust. Cybercriminals have noticed this dependency and have increasingly focused their attacks to exploit it. As digital interactions rise so do the potential impact and likelihood of online brand exploitation. In this session, we will focus on the growing trend of cybercriminals using online brands, both widely known and not so widely known, as part of attacks, provide some specific examples across multiple use cases and types of attacks and will discuss best practices for “moving left” on the cyberattack chain, via more pro-active brand use monitoring, , blocking, and removal of attacks which are fraudulently leveraging legitimate brands.

    In this webinar you will:
    - Understand the scope of brand exploitation currently and going forward
    - Learn how you can fight back and gain control over your brands online use
    - Become significantly more effective and efficient in addressing the brand exploiting attacks
    - Discuss and ask questions in a roundtable-style conversation
  • Cloud Security: Are You Doing It Wrong? Recorded: Feb 18 2021 53 mins
    Dan Frey, Senior Cloud Product Marketing Manager, ExtraHop & Guy Raz, Sales Engineer at ExtraHop
    Your attack surface is expanding from the on-prem data center to the cloud to remote deployments and the device edge. But your tools only secure the perimeter or rely on logs and agents, you’re leaving visibility gaps that adversaries can use to attack critical workloads and data.

    In this webinar, you’ll learn how network detection and response (NDR) eliminates visibility gaps across your attack surface by unlocking data from network traffic packets, the ultimate source of truth in cloud and hybrid security. There’s no need to deploy agents, so you can secure your cloud workloads without slowing down or impeding your dev teams. We’ll also walk through a live demo of how to stop advanced threats like supply chain attacks, zero-day exploits, and more.
  • CSA's Research Roadmap Recorded: Feb 17 2021 53 mins
    John Yeoh, Global VP of Research, CSA
    In the first half of 2021, CSA Research continues to provide insight and guidance into an organization's journey with the cloud through a three-pronged approach of Enhance, Innovate, or Transition. Projects from the CSA Research suite includes; DevSecOps continuing their Six Pillars, IoT updating their Security Framework, and Quantum-Safe Security examining Blockchain and Cryptanalysis. Learn more about CSA Research and the current state of cloud security.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Build a Robust App Control Strategy for your Cloud Workloads
  • Live at: Jun 2 2020 2:00 pm
  • Presented by: Itai Tevet, CEO at Intezer
  • From:
Your email has been sent.
or close