Hi [[ session.user.profile.firstName ]]

Modeling Against the Top Threats in Cloud

Since 2010, the CSA Top Threats report has revealed major security concerns in cloud computing from top industry professionals. John shares how the report can be used to protect against the latest attacks and high profile breaches of the past year. Leveraging the latest Deep Dive attack model, popular breaches are broken down into the threats, risks, and vulnerabilities that were exposed. Critical mitigations and controls are also shared to make sure your organization is prepared for these types of attacks.
Recorded Oct 20 2020 31 mins
Your place is confirmed,
we'll send you email reminders
Presented by
John Yeoh, Global Vice President of Research, CSA
Presentation preview: Modeling Against the Top Threats in Cloud
  • Channel
  • Channel profile
  • Public Cloud Database Security: Using Others’ Mistakes to Stop Attacks Oct 22 2020 4:00 pm UTC 60 mins
    Aaron C. Newman Founder, SecureCloudDB
    Hacks and breaches occur regularly. It can take months to find and contain an incident. According to Gartner, 99% of cloud security failures will be the cloud customer’s fault. Why is that?

    Join us as we
    - Dissect cloud database security — it’s different from on-prem
    - Get acquainted with cloud database hacking — real-world examples put the practice into perspective
    - Provide guidance on how to prevent breaches and stop attacks in their tracks — learn from what others didn’t do

    Leave with actionable takeaways regarding how to defend against dynamic threats.

    More about the presenter:
    Aaron Newman is an acclaimed international speaker and serial entrepreneur who has founded six successful startups including Cloud Storage Sec, SecureCloudDB, CloudCheckr, Techrigy, Application Security, Inc. and DbSecure. Aaron authored the books Enterprise 2.0, printed by McGraw-Hill, and the Oracle Security Handbook, published by Oracle Press. He has presented at hundreds of database conferences and user groups on technology topics and has been awarded multiple patents in cloud and database security.
  • The Current & Future of Cloud Security Strategy Oct 22 2020 5:30 am UTC 56 mins
    Ken Low, Subhajit Deb, Alex Ng, Noordin Yusuff Marican
    Join fellow CISOs for this panel discussion about Cloud Security strategy in 2020 and beyond. Where should you place your bets (and your budget)? How can you protect your organization from the new threats? And perhaps, most importantly, what do you say to the CEO who comes looking to you for cloud security answers?

    This session is moderated by Ken Low, Cybersecurity Industry Leader and Former Chairman, APAC Executive Council, CSA.

    Panelists include:
    Subhajit Deb, CISO, Dr. Reddy’s Laboratories,
    Alex Ng, Director, Insyghts Security,
    Md. Noordin Yusuff Marican, Global CISO, Circle.Life,
  • Watching the STARs Oct 22 2020 4:45 am UTC 36 mins
    Sanjeev Gupta, Director, Certification Partners Global
    We review what Certification means, in the most important
    criterion for a business, sales. How does a Certification Program
    achieve this? And what are the costs, not just direct. How should an
    Organisation begin this process, what to look out for, and what do you
    get at the end? We also review the differences of the CSA STAR with other Cloud Security programs.
  • Coronavirus, Computer Virus, Cyber Threats: A False Sense of Security Oct 22 2020 4:00 am UTC 37 mins
    Ekta Mishra, APAC Membership Director & Country Manager - India & Dr. Ngair Teow-Hin, CEO, SecureAge Technology
    With most office workers working from home due to Coronavirus pandemic, computer virus attacks on home computers are now a major issue facing the world. In this talk, we discuss the history of computer virus, cyber threat and why enterprises can be insecure due to having a false sense of cyber security. We also discuss how computer users can get infected by computer virus and what they can do about it.
  • The Rise and Importance of Digital Identity Oct 21 2020 4:00 pm UTC 60 mins
    Chris Bailey, VP of Strategy and Business Development, Entrust
    One of the factors that drives innovation is the demand for convenience and efficiency while maintaining security in our digital lives. Certification authorities (CAs) enable secure encryption and provide ownership identification in their digital certificates for websites that ask for sensitive personal data, such as passwords and credit card numbers – but only some digital certificates include confirmed website ownership information, while others do not and allow websites to operate anonymously. This has already resulted in an explosion of anonymous encrypted phishing websites imitating authentic websites and stealing user information. This analysis explores how the current security landscape was shaped, and how proposed changes will impact the brands and the security of users who interact with them moving forward.
  • There is no more enterprise perimeter. Now What? Oct 21 2020 6:30 am UTC 33 mins
    Bob Flores, Satyavathi Divadari, Sandip Kumar Panda & Keith Prabhu.
    With more and more emphasis on cloud computing, the traditional enterprise perimeter is being redefined. This means enterprises must think differently when considering cybersecurity protection. The panel will explore changes enterprises should consider for risk management.

    This session will be moderated by Bob Flores, Founder and CTO of Applicology Inc. Panelists include:
    Satyavathi Divadari, ​​ Chairman, CSA Bangalore Chapter
    Sandip Kumar Panda, Co-Founder & CEO, Instasafe
    Keith Prabhu, Chairman, CSA Mumbai Chapter.
  • Zero Trust and Identity as a Service Oct 21 2020 5:45 am UTC 28 mins
    Nya Alison Murray, CEO, Trac-Car Technology
    As the threat landscape and cybersecurity risks are an ever present threat in 2020, it is clear that measures have to be taken to be more mindful of what end users, people, applications and IOT device connections we allow through the virtual network defences into the platform and software services. As malware continues to evolve, accidental misconfigurations grow with application complexity, and new forms of operations hacking emerge, and the top three attack vectors were Phishing (31 percent), Scan and Exploit (30 percent) and Stolen Credentials (source IBM X-Force), it is clear that Identity Management and Access Control require attention to ensure they effectively protect data centre resources. It is clearly time for a new approach to identity services allowing or denying access, particularly for insecure network connections.
  • SDP & 'Black-Cloud' Protection Oct 21 2020 5:00 am UTC 28 mins
    Juanita Koipillai, Founder & CEO, Waverley Labs
    Security has become of paramount importance in recent times, especially due to the advent of cloud computing and virtualization. With so many devices in the mix, users have the choice of working from anywhere they want. The rapid increase in global IP traffic have challenged network service providers to scale and improve infrastructure to meet this new demand. We explore the merits and performance of Software Defined Perimeters to withstand DDoS attacks in multiple network implementations including hybrid cloud applications, network function virtualization and software defined networks.
  • SASE Economics: The New Frontier of Cloud Security Oct 21 2020 4:00 am UTC 30 mins
    Dr. Hing-Yan Lee EVP APAC, CSA & Jonathan Andresen, Senior Director Marketing, Asia-Pacific & Japan Bitglass
    Secure Access Service Edge (SASE) has become one of the hottest topics in the IT industry. Fueled by cloud services, the rise of BYOD and fast tracked by the new reality of remote working, direct-to-cloud platforms radically disrupt the economics of traditional IT security. By 2024, Gartner predicts that 40% of companies will adopt a SASE architecture.

    But what exactly is SASE and will it make enterprise data more secure? How will organizations secure their data in a cloud-first world when the user and information are completely outside the enterprise boundary? This presentation cuts through the hype to explain the fundamentals of SASE, and how it compares to typical network and cloud security architectures. It will cover real-world use cases for securing SASE, and the benefits of moving to a cloud-first SASE platform.
  • Collaborating for Inclusion & Equality in Cybersecurity Oct 20 2020 6:00 pm UTC 60 mins
    Larry Whiteside, Jr., Co-Founder & President ICMCP and Illena Armstrong, Industry Strategy Advisor, CSA
    Diversity, inclusion and equality strategies and practices have always been integral to organizations’ daily operations and future growth. The need for executive leaders to genuinely embrace, evolve and continually hone their strategies this front has, indeed, become an even more acute differentiator and positive, constructive attribute of leading organizations. And while the cybersecurity industry, as a whole, has made some solid inroads to drive and nurture diversity, inclusion and equality efforts, more can and must be done. To be truly impactful in the long-term committed and continuous collaboration will be required. In this spirit, the Cloud Security Alliance and the International Association of Minority Cybersecurity Professionals are teaming up to support their respective members and the wider industry to aid them in further refine and reinforcing their inclusion and equality programs and long-term strategies.
  • A Practical Guide to Securing Container, Docker Host, and Kubernetes Environment Oct 20 2020 5:00 pm UTC 60 mins
    Carson Sweet, CEO and Cofounder & Bryan Jones, Solutions Architect, CloudPassage
    As organizations implement container-based and microservice architectures in the cloud, the number of containers to secure is growing exponentially. Traditional security approaches will not work for containers due to their dynamic, distributed, and ephemeral nature. 

    Join this educational session with a demonstration that will cover:
    - Popular container deployment architectures 
    - Security requirements of container-related components including IaaS accounts, images, image registries, container runtimes-as-a-service, and container hosts
    - A best-practice demonstration of shifting security left by automating container security in the CI/CD pipeline
  • International Data Transfer Oct 20 2020 3:00 pm UTC 60 mins
    Neil Thacker, Netskope; Nathaly Rey, Google; Marc Lueck, Zscaler; Giuseppe Brizio, Qualys; Nick Gross, OneTrust; Linda Strick
    Join this panel discussion with experts from the CSA GDPR Center of Excellence.
    What does the ruling of the European Court of Justice on the Privacy Shield mean in practice? What are the realistic possibilities for companies to have customer data processed outside the EU?
  • Modeling Against the Top Threats in Cloud Recorded: Oct 20 2020 31 mins
    John Yeoh, Global Vice President of Research, CSA
    Since 2010, the CSA Top Threats report has revealed major security concerns in cloud computing from top industry professionals. John shares how the report can be used to protect against the latest attacks and high profile breaches of the past year. Leveraging the latest Deep Dive attack model, popular breaches are broken down into the threats, risks, and vulnerabilities that were exposed. Critical mitigations and controls are also shared to make sure your organization is prepared for these types of attacks.
  • State of Cybersecurity 2020: Cloud Security Threats and Security Practices Recorded: Oct 20 2020 33 mins
    Phoram Mehta, President, ISACA Singapore Chapter.
    For the last 3+ years ISACA has been conducting member surveys around the world on State of Cybersecurity. The latest report based on survey conducted in Q4 2019 focuses on the threat landscape, the measures security professionals employ to keep their enterprises safe, and key trends and themes in the practice of security.

    This presentation will focus on Cloud security specific findings and analyse key threats and defense strategies being employed in areas of audit, risk management, security and governance of Cloud programs.
  • Disrupting yourself and your Adversaries in the cloud Recorded: Oct 20 2020 32 mins
    Mickey Perre, Security Specialist, Elastic
    As organisations lift and shift workloads into the cloud they are required to not only protect themselves from external threats but also from internal disruptions such as multi cloud deployment sprawl, de-centralised management of these cloud services and the most damaging lack of centralised security and visibility. As we lean forward into cloud the talks of today are visionary and theoretical, Mickey will aim to give you tactical methods to disrupt your own organisation from risky cloud deployment practices and actionable advice to prevent adversaries from taking advantage of harmful cloud practices.
  • Why AI Needs Cyber Security Urgently? Recorded: Oct 20 2020 36 mins
    Jim Reavis, Co-Founder & CEO, CSA & Prof. Yu Chien Siang, Chief Innovation & Trust Officer, Amaris AI
    Traditionally, cyber security systems have been adding AI capabilities to detect unknown malware, zero day attacks and to analyse logs to detect abnormalities to discover frauds, insider attacks and denial of service malfunctions. However, these sophisticated AI systems are themselves attackable via Adversarial Examples. For instance, one could bypass an email anti-phishing system, physical camera monitoring or IoT control systems to subvert and evade the enterprise security monitoring infrastructure. Thus, this presentation addresses the evolution of AI robustness cum security, what would be best practices and design principles to operate AI securely, how to measure how strong the AI model would be and what are the common knowhow in this area of Adversarial Attacks. Importantly, we would need to know how to defend future Smart Nation and strategic AI systems well and be able to manage the fast developing AI risks and vulnerabilities.
  • Identifying Risky Vendors: 7 Warning Signs You Shouldn't Ignore Recorded: Oct 15 2020 49 mins
    Walton Stephens, Third-Party Risk Consultant, OneTrust
    For individuals managing third-party risk, there is one primary question that needs answering: Are your vendors safe to do business with? Answering that question is not so straightforward. Third-party risk comes loaded with complexities and compromises. However, there are “red flags” you can look for when evaluating the security, privacy, and compliance programs of your vendors.

    In this webinar, you’ll learn:
    - How to spot “red flags” from risky vendors
    - What leading third-party risk professionals look for when evaluating vendors
    - How to evaluate vendors using assessment communities and shared due diligence data
  • Passwordless and cloud-based identity for the new era of work Recorded: Oct 14 2020 40 mins
    Jenn Markey - Product Marketing Director, Entrust
    Where and how we work are forever changed. In a recent Entrust customer survey, 84% of respondents expect the recent shift to a sizeable remote workforce to be permanent. As perimeter-based security models give way to digital workforce identities, now is the time to make sure your authentication implementation is up to the challenge. In this webinar, session participants will learn best practices for a secure remote workforce including:

    - High assurance credential-based authentication
    - Passwordless authentication with enhanced SSO
    - Cloud-based identity for flexible and scalable workforce security
  • Reinventing Data Security for the Remote Workforce in A “Cloud First” World Recorded: Oct 13 2020 61 mins
    Sundaram Lakshmanan, CTO, CipherCloud & Matt Hines, VP and Evangelist, CipherCloud
    If the overnight expansion of the remote workforce has taught us one lesson, it is that improving data protection for cloud apps has become the primary challenge facing today’s security practitioners. 

    In fact, one might easily conclude that - based on the massive strategic benefits appreciated by increased cloud adoption and remote access - in the very near future many organizations may seek to offload responsibility for just about every manner of security, save user and data-centric protection. So what does this mean for security architects, management and operational staff as we move quickly toward that “cloud everything” future? 

    Clearly, organizations will require stronger methods for protecting cloud data, along with user and device access when traditional network, hardware and app stack defenses have become largely outmoded. Further, as more users log into the cloud to collaborate via both managed and unmanaged devices, extended cloud security capabilities will need to account for key considerations including:

    - How to protect against inappropriate data access and handling while enabling open shares across the huge range of sensitive company data?

    - How to account for user and device security posture to thwart emerging threats that seek to exploit compromised accounts and endpoints?

    - How to ensure proper enforcement and remediation when issues do arise, including the ability to encrypt or wipe information as it moves off the cloud?

    In this best practices webinar, join us to discuss the hugely important challenge of addressing the confluence of cloud, user, data, and device security in the name of enabling the real-time collaboration required by today’s remote workforce. Along with the involved challenges and use cases, we’ll outline dedicated CASB solutions use cases and best practices that address this specific set of real-world challenges.
  • What You Need to Know About Credential Stuffing Attacks Recorded: Oct 8 2020 62 mins
    Andrew Akers, Solutions Product Marketing Manager, Auth0
    As a central authentication service that processes billions of logins a month, credential stuffing attacks are the most common threats we observe. These attacks can lead to fraud, loss of reputation, and ultimately, loss of revenue.

    In credential stuffing attacks, threat actors use stolen credentials from one breach to takeover users’ other accounts. This is effective because 65% of people reuse passwords across multiple accounts, according to Google. On some days, these attacks originate from more than 50,000 IP addresses and may account for as much as half of all login attempts using our platform. Even the most mature companies are vulnerable if they don’t have the right preventative measures in place.

    Join Auth0 for a live webinar to learn:
    - How credential stuffing attacks work
    - What effect they can have on your company
    - How a multifaceted response can help detect and rapidly resolve these attacks
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. It also allows audience members the opportunity to earn (ISC)2 CPE Credits.

Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Modeling Against the Top Threats in Cloud
  • Live at: Oct 20 2020 6:30 am
  • Presented by: John Yeoh, Global Vice President of Research, CSA
  • From:
Your email has been sent.
or close