Security has become of paramount importance in recent times, especially due to the advent of cloud computing and virtualization. With so many devices in the mix, users have the choice of working from anywhere they want. The rapid increase in global IP traffic have challenged network service providers to scale and improve infrastructure to meet this new demand. We explore the merits and performance of Software Defined Perimeters to withstand DDoS attacks in multiple network implementations including hybrid cloud applications, network function virtualization and software defined networks.
Dr. Hing-Yan Lee EVP APAC, CSA & Jonathan Andresen, Senior Director Marketing, Asia-Pacific & Japan Bitglass
Secure Access Service Edge (SASE) has become one of the hottest topics in the IT industry. Fueled by cloud services, the rise of BYOD and fast tracked by the new reality of remote working, direct-to-cloud platforms radically disrupt the economics of traditional IT security. By 2024, Gartner predicts that 40% of companies will adopt a SASE architecture.
But what exactly is SASE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are completely outside the enterprise boundary? This presentation cuts through the hype to explain the fundamentals of SASE, and how it compares to typical network and cloud security architectures. It will cover real-world use cases for securing SASE, and the benefits of moving to a cloud-first SASE platform.
Larry Whiteside, Jr., Co-Founder & President ICMCP and Illena Armstrong, Industry Strategy Advisor, CSA
Diversity, inclusion and equality strategies and practices have always been integral to organizations’ daily operations and future growth. The need for executive leaders to genuinely embrace, evolve and continually hone their strategies this front has, indeed, become an even more acute differentiator and positive, constructive attribute of leading organizations. And while the cybersecurity industry, as a whole, has made some solid inroads to drive and nurture diversity, inclusion and equality efforts, more can and must be done. To be truly impactful in the long-term committed and continuous collaboration will be required. In this spirit, the Cloud Security Alliance and the International Association of Minority Cybersecurity Professionals are teaming up to support their respective members and the wider industry to aid them in further refine and reinforcing their inclusion and equality programs and long-term strategies.
Since 2010, the CSA Top Threats report has revealed major security concerns in cloud computing from top industry professionals. John shares how the report can be used to protect against the latest attacks and high profile breaches of the past year. Leveraging the latest Deep Dive attack model, popular breaches are broken down into the threats, risks, and vulnerabilities that were exposed. Critical mitigations and controls are also shared to make sure your organization is prepared for these types of attacks.
For the last 3+ years ISACA has been conducting member surveys around the world on State of Cybersecurity. The latest report based on survey conducted in Q4 2019 focuses on the threat landscape, the measures security professionals employ to keep their enterprises safe, and key trends and themes in the practice of security.
This presentation will focus on Cloud security specific findings and analyse key threats and defense strategies being employed in areas of audit, risk management, security and governance of Cloud programs.
As organisations lift and shift workloads into the cloud they are required to not only protect themselves from external threats but also from internal disruptions such as multi cloud deployment sprawl, de-centralised management of these cloud services and the most damaging lack of centralised security and visibility. As we lean forward into cloud the talks of today are visionary and theoretical, Mickey will aim to give you tactical methods to disrupt your own organisation from risky cloud deployment practices and actionable advice to prevent adversaries from taking advantage of harmful cloud practices.
Jim Reavis, Co-Founder & CEO, CSA & Prof. Yu Chien Siang, Chief Innovation & Trust Officer, Amaris AI
Traditionally, cyber security systems have been adding AI capabilities to detect unknown malware, zero day attacks and to analyse logs to detect abnormalities to discover frauds, insider attacks and denial of service malfunctions. However, these sophisticated AI systems are themselves attackable via Adversarial Examples. For instance, one could bypass an email anti-phishing system, physical camera monitoring or IoT control systems to subvert and evade the enterprise security monitoring infrastructure. Thus, this presentation addresses the evolution of AI robustness cum security, what would be best practices and design principles to operate AI securely, how to measure how strong the AI model would be and what are the common knowhow in this area of Adversarial Attacks. Importantly, we would need to know how to defend future Smart Nation and strategic AI systems well and be able to manage the fast developing AI risks and vulnerabilities.
For individuals managing third-party risk, there is one primary question that needs answering: Are your vendors safe to do business with? Answering that question is not so straightforward. Third-party risk comes loaded with complexities and compromises. However, there are “red flags” you can look for when evaluating the security, privacy, and compliance programs of your vendors.
In this webinar, you’ll learn:
- How to spot “red flags” from risky vendors
- What leading third-party risk professionals look for when evaluating vendors
- How to evaluate vendors using assessment communities and shared due diligence data
Sundaram Lakshmanan, CTO, CipherCloud & Matt Hines, VP and Evangelist, CipherCloud
If the overnight expansion of the remote workforce has taught us one lesson, it is that improving data protection for cloud apps has become the primary challenge facing today’s security practitioners.
In fact, one might easily conclude that - based on the massive strategic benefits appreciated by increased cloud adoption and remote access - in the very near future many organizations may seek to offload responsibility for just about every manner of security, save user and data-centric protection. So what does this mean for security architects, management and operational staff as we move quickly toward that “cloud everything” future?
Clearly, organizations will require stronger methods for protecting cloud data, along with user and device access when traditional network, hardware and app stack defenses have become largely outmoded. Further, as more users log into the cloud to collaborate via both managed and unmanaged devices, extended cloud security capabilities will need to account for key considerations including:
- How to protect against inappropriate data access and handling while enabling open shares across the huge range of sensitive company data?
- How to account for user and device security posture to thwart emerging threats that seek to exploit compromised accounts and endpoints?
- How to ensure proper enforcement and remediation when issues do arise, including the ability to encrypt or wipe information as it moves off the cloud?
In this best practices webinar, join us to discuss the hugely important challenge of addressing the confluence of cloud, user, data, and device security in the name of enabling the real-time collaboration required by today’s remote workforce. Along with the involved challenges and use cases, we’ll outline dedicated CASB solutions use cases and best practices that address this specific set of real-world challenges.
Andrew Akers, Solutions Product Marketing Manager, Auth0
As a central authentication service that processes billions of logins a month, credential stuffing attacks are the most common threats we observe. These attacks can lead to fraud, loss of reputation, and ultimately, loss of revenue.
In credential stuffing attacks, threat actors use stolen credentials from one breach to takeover users’ other accounts. This is effective because 65% of people reuse passwords across multiple accounts, according to Google. On some days, these attacks originate from more than 50,000 IP addresses and may account for as much as half of all login attempts using our platform. Even the most mature companies are vulnerable if they don’t have the right preventative measures in place.
Join Auth0 for a live webinar to learn:
- How credential stuffing attacks work
- What effect they can have on your company
- How a multifaceted response can help detect and rapidly resolve these attacks
Matt Chiodi, Chief Security Officer of Public Cloud, Palo Alto Networks
Historically, defense in depth was mostly performed through network-layer controls. While network security controls remain an important component of cloud security, an additional layer of identity and access management (IAM) governance is now needed as organizations continue to scale their cloud presence. Similar to scanning applications for vulnerabilities, IAM policies across all cloud accounts must be constantly monitored and evaluated to determine the risk impact to the business.
From the latest Cloud Threat Report, Matt Chiodi Chief Security Officer of Public Cloud at Palo Alto Networks will present breaking research from the Unit 42 Threat Intelligence team. And how one simple IAM misconfiguration allowed researchers to compromise an entire massively-scaled cloud environment and bypass just about every security control.
Matt will also deep dive into the complex topic of identity security, exploring the methods attackers use to silently perform reconnaissance, common threat actors and tangible steps organizations can take to build a cloud security program based upon IAM best practices.
Jim Wachhaus, Director of Technical Product Marketing, CyCognito
According to Gartner, spending on shadow IT can exceed 40% of the formal IT spend. That’s probably not too surprising for those of us leveraging the cloud to move quickly. But it means that enterprise IT and security teams often don't know where all of their organization’s digital infrastructure and assets are, or whether they’re fully protected.
Meanwhile, attackers are constantly looking for the path of least resistance into your organization. They probe your attack surface hoping to find any oversight they can leverage to break into your high-value digital assets, steal your critical data, or freeze your digital business operations in exchange for a bitcoin ransom payment.
To stay ahead, organizations need ongoing, comprehensive visibility across the attack surface of their entire IT ecosystem, whether assets are on premises, in the cloud, at subsidiaries or in partner networks.
Join Jim Wachhaus as he discusses why attack surface visibility is a “must have” to manage and reduce digital risk in the cloud, and in general.
In this session, Jim will take a look back at the critical topics covered throughout this month-long SECtember Experience and highlight key takeaways that can help guide you on your race to the cloud. How do you move forward and leverage the information and tools you collected during this past month? Jim will provide his insights and a roadmap ahead as you look to navigate the challenges of the current cloud climate.
Jim Reavis, Pete Chronis, Tima Soni, Patti Titus, Vinay Patel
In this panel, our group of CISOs will be discussing the central cloud security issues currently being faced. Is the pandemic accelerating the push to the cloud? What are the governance, technical and cultural lessons learned? The CISO panelists represent organizations with diverse cloud maturity, from dipping the toes to all in, and the panel will have something of value to all audience members
Isaac Painter, Security Training, Awareness, and Culture Manager, Adobe
Addressing technology risk is a no-brainer, but when it comes to addressing human-security risk, it’s not always top of mind for companies – but it should be! Studies show that over 50% of cyber security breaches are due to human-security risk. In this session, Adobe’s security training, awareness, and culture team will be sharing how they address the human-security risk through their security training, awareness, and culture program.
Amazon S3 is one of the most successful services provided by AWS. AWS has unlimited emphasis, ensuring your data is safe. Customers and AWS leverage many native features and security frameworks, including redundancy, bucket permissions, encryption and duplication across regions and availability zones. However, the hidden threat to your customers and corporate applications dependent on Amazon S3 is the ability for intentional malware to be uploaded by an attacker, or an unintentional upload of potentially malicious files or objects by a legitimate user to your object storage.
Thank you to our sponsors of the SECtember Experience: Adobe, ExtraHop, Qualys, OneTrust, Trendmicro, and Whistic.
Join us for a candid discussion on why we continue to see a shortage of skilled Cyber professional and how it is fast becoming one of the least understood problems faced by businesses and the profession today. Based on the latest research paper The Life and Times of Cybersecurity Professionals 2019. A Cooperative Research Project by Enterprise Strategic Group and the International Systems Security Association (ISSA), Jim Reavis and Candy Alexander, two of our prominent leaders in the community, discuss why it was so important to forge the alliance between ISSA and CSA and how to best tackle the problem at hand.
When a paradigm shifts, you cannot ignore change and count on past success. New technology can revolutionize a market, creating a tectonic shift in accepted practice. The advent of the Cloud to date has been such an advancement in technology and optimization of its capability the need for flexible access have led to an increase in business demand for cloud computing along with increased security and privacy concerns. How organizations evaluate Cloud Service Providers (CSPs) has become key to providing increased levels of assurance transparency.
John DiMaria; CSAs Assurance Investigatory Fellow and one of the key innovators in the evolution of CSA STAR, will discuss the history behind the vison and take you on journey down the road through the three levels of the Open Certification Framework (OCF), but more importantly how it helps organizations optimize processes, reduce costs, decrease risk while meeting the continuing rigorous international demands on cloud services.
Ekta MISHRA, APAC Membership Director & Country Manager - India | Keith PRABHU, Chairman, CSA Mumbai Chapter
Software is eating the world and information security is no different. The network perimeter no longer exists. Traditional IP based security can be blind-sided to evolving attacks. Software based perimeter enhances authentication capabilities. Benefits of SDP approach to Zero Trust. Components required for implementation.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.
Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa