Name: Best Practices for Implementing a Secure DevOps Toolchain
Start: 2020-12-01T18:00:00Z
End: 2020-12-01T18:01:02.000Z
Location: BrightTALK
Rating: 4.8

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

The Enterprise Strategy Group recently published their findings of a cloud detection & response survey (July 2023). In this Cloud Bytes episode, SentinelOne highlights several of the key findings from that research and discusses their significance to cloud security strategies, and the role of runtime security therein.

Emerging Themes in Cloud Detection & Response

As organizations reduce their attack surfaces with tooling and best practices, bad actors are looking for new attack vectors so they can reach mission-critical systems. One increasingly popular attack vector involves targeting the software delivery process itself by abusing CI/CD pipelines to execute attacks such as malicious code injection. When you build and iterate on your CI/CD security strategy, it’s important to get inside the mind of an attacker who’s looking to gain access to your systems. So how do bad actors think about CI/CD pipeline-based attack paths? Tune in to this webinar and learn from our CI/CD security expert, Omer Gil, as he walks through:

• The most common type of CI/CD-based attack — poisoned pipeline execution (PPE)
• How bad actors can bypass required pull request (PR) reviews
• Why bad actors prefer PPE attacks over traditional attack paths
• And more!

Top Ways to Abuse CI/CD and Reach Production

The AT&T Cybersecurity Insights Report is an annual thought-leadership report based on a global survey of over 1,400 IT, security, networking, development, and line of business professionals across seven industries. The research is vendor-neutral, forward-looking, and actionable.

The journey to edge is a collaborative endeavor that begins to erode organizational silos and foster closer working relationships. The right edge ecosystem partners bolster resilience and security – critical elements of edge computing solutions, especially as the attack surface expands.

The AT&T Cybersecurity InsightsTM Report: Edge Ecosystem examines how organizations are changing to support edge, why planning for the edge takes an ecosystem of partners, why investing in edge use cases drives competitive differentiation.

The discussion provides insight into:
• What the business drivers are for edge use cases
• Where edge use cases are being deployed
• How budgets are shifting to support edge

2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

Kubernetes has rapidly become the de facto standard for container orchestration in modern software development. But rapid iteration often leads to security risks, including misconfigurations and supply chain attacks. Breaches often have a large blast radius, due to overly-privileged network, execution, and identity and access management (IAM) policies.

In this webinar, you'll glean insights on how to run K8s with confidence, accelerating usage without compromising security and compliance controls. 

Attendees will learn:

• Common K8s security mistakes and threat vectors (and how to avoid them)
• Tips to balance preventive efforts with reactive ones
• Best practices to address top security concerns, container image scanning, least-privilege strategies, and runtime breach detection to achieve speed and efficiency goals

Modern Workload Security: Addressing the Challenges of K8s

As Cloud Attacks Increase, How Should AppSec Respond?

The rise of cloud-native development has ushered in an engineering paradigm shift, one in which the speed, agility and flexibility of software development is increasingly critical to business success. As a result, the engineering ecosystem has become more dynamic than ever before. 

While this shift is integral to rapid development in the cloud, it also introduces new opportunities for bad actors to leverage weaknesses to instigate attacks. Protecting your organization from these attack vectors requires a modern approach to application security.

But what does modern AppSec look like? And how must traditional AppSec evolve to respond to the changing cloud-native attack surface?

Tune in to this webinar with Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, to learn:
• Why bad actors are increasingly targeting the engineering ecosystem in cloud attacks.
• How security teams can become a guardrail or enabler, rather than a blocker.
• Why getting visibility into your engineering environment is the key to modern AppSec.
• How to evaluate your organization’s software supply chain risk posture.
• Practical tips to improve your organization’s resilience to cloud attacks.

Evolving AppSec for Cloud-Native Resilience

If this describes your organization, are you ready to transform the narrative: Siloed security and remediation teams, a lack of actionable risk insights, and fragmented remediation stemming from complex cloud and application environments? Melinda Marks, ESG Senior Analyst, and Ravid Circus, Seemplicity Chief Product Officer discuss the state of cloud risk remediation, as well as a holistic strategy that bridges the gap between security and remediation teams. Join the conversation to understand how you can transform your remediation operations strategy with streamlined collaboration and context-driven action.

Security Remediation at Cloud Scale

Mergers and Acquisitions (M&A) are increasingly encountering a reality that a significant proportion of either the merged or acquired entity is constituted by a virtual, Software-as-a-Service (SaaS) footprint. The SaaS-fication of business includes many of the core business processes and proprietary data, with large enterprises having hundreds or thousands of SaaS apps deployed. 

Until recently, observability into the SaaS estate has been limited, the equivalent to buying a house sight unseen. This is because existing cloud security solutions such as Cloud Access Security Brokers (CASBs) are unable to provide insight to the SaaS app configuration and permission settings, including SaaS-to-SaaS connections. Only by leveraging a SaaS Security Posture Management (SSPM) solution can security and risk leaders effectively perform the necessary SaaS cybersecurity due diligence to understand and manage the cyber risks associated with the M&A process. 

A SSPM solution provides SaaS cyber risk observability from a single pane of glass, effectively shining a light onto current and potential future state SaaS cyber risks, including over-permissioned end-users and exposed sensitive data.

Boost your M&A Program with SSPM

We all know the cloud brings speed and automation to the business, but the speed of cloud attacks is staggering. New data shows how your cloud can be owned in the amount of time it takes to brew your fancy pour-over coffee. 

In this webinar we’ll unpack the latest cloud attacks and share real stories of organizations that evolved their defense to prevent, detect, and respond at the speed of cloud. Spoiler alert: your CSPM ain’t gonna cut it. 

Smash that register button if you’re curious about: 

• How you can reduce vuln noise by up to 95%
• How runtime insights make CSPM better
• How to reconcile all these acronyms into a coherent cloud security strategy (CNAPP, CSPM, CWPP oh my!)

Beyond CSPM: Mastering Cloud Defense in the Age of Rapid Attacks

In the current state of SaaS cybersecurity, there’s a disconnect between security practitioners’ perceptions of their SaaS cybersecurity maturity and the actual reality. A majority feel overconfident in their SaaS cybersecurity strategies, but our findings paint a different picture, revealing that organizations aren’t effectively managing SaaS cybersecurity risk at scale as much as they perceive.

From our survey of over 600 security practitioners for our report, we learned that 79% of organizations suffered a SaaS cybersecurity incident in the last year. We find that one of the key challenges organizations face is obtaining risk visibility into their SaaS attack surface. But we see a silver lining: Organizations are aware of risks posed by unsecured SaaS and are now prioritizing SaaS cybersecurity as a top 3 initiative.

In this webinar, presented by AppOmni, we will discuss:

The latest trends and findings from The State of SaaS Cybersecurity Posture 2023 Report
• How to gain actionable end-user-centric insights
• Actions to take to reduce your SaaS attack surface

CISOs Overestimate SaaS Cybersecurity Posture — How to Secure Your SaaS Data

Everyone’s talking about artificial intelligence (AI) and machine learning, but how will this impact cloud security? And why is AI such an indispensable tool in the security practitioner’s arsenal?

Invite your customers to tune in as Michael Vaughn, Director of Product Management at AT&T Cybersecurity, discusses the advantages to the SOC of AI-powered threat detection and response and describes how machine learning is being used to help organizations secure their data in the cloud.

How SOC Teams Use Next-Generation AI to Improve Cloud Detection and Response

We’ve all seen it before. Your team needs access to that resource or tool just to do your job or hit that deadline. But you’re stopped in your tracks because it taking too long to jump through security hoops.

Or, maybe your existing access management processes haven't been rolled out to your cloud resources because your PAM can't support it—leaving you with a lot more risk than you'd like. Your team is productive but there's always a worry about breached credentials or keys.

This is the access, productivity, and security vicious cycle.

It’s time to break the cycle—and it all starts with simplifying access. Join this session to learn how simplifying cloud access can reduce friction and improve productivity, all while continuing to ensure that security standards are met.

How Fixing Cloud Access Improves Security and Productivity

AI has powerful transformative potential for the cloud, but with great power comes great responsibility- and big implications. Join SentinelOne as we discuss generative AI at large, and how these tools are impacting the cloud security community.

This webinar will examine:
• The breadth and specialities of generative AI tools including ChatGPT, AutoGPT, and Baby AGI
• How AI automation streamlines routine tasks and enables data analysis at scale
• How these applications lead to improved user experiences and the emergence of new services and business models
• Potential risks posed by AI attacks, and how we can counter with the evolving field of AI defenses

Amidst advancements in generative AI tools, the importance of the human element in shaping AI systems remains critical. Cloud security professionals must embrace the future and learn the ins and outs of the generative AI landscape to safeguard their organizations.

Artificial Intelligence in Cloud Security: Harnessing for Good

Join us for an insightful webinar that delves into the cutting-edge concept of Cloud Native Application Protection Platform (CNAPP) and its remarkable value proposition.

In this webinar, we will explore how CNAPP differs from previous point solutions, offering unparalleled benefits such as shared visibility, reduced management costs, robust code to cloud protection, vendor consolidation, and decreased total cost of ownership. Drawing on industry research, we will discuss the increasing adoption of CNAPP among practitioners, as highlighted by Gartner studies and valuable data from the Cloud Security Alliance (CSA).

Furthermore, we will uncover the challenges associated with CNAPP, with a specific focus on visibility, prioritization, and the effective implementation of DevOps security practices. Discover how the Cloud Security Alliance has been actively championing best practices in DevOps security, aiming to overcome hurdles and ensure a secure cloud environment.

An essential aspect of modern cloud security is leveraging artificial intelligence (AI) innovations. We will explore how AI-driven solutions, including Microsoft's revolutionary copilot, contribute to bolstering threat detection and response capabilities, empowering organizations with proactive and efficient security measures.

Join us as we shed light on the critical role of zero-trust technologies in Cloud Identity and Access Management (CIEM) and network security. Gain valuable insights into Microsoft's perspective on CNAPP and its seamless alignment with customer needs, backed by real-life customer stories that resonate with the challenges identified through surveys.

Catch Up on Cloud Native Application Protection Platforms (CNAPPs)

The rapid pace of the cloud introduces a growing attack surface spanning multiple clouds, multiple architectures (containers, serverless, and VMs), and thousands of cloud technologies. Join us as we look deeper into common cloud attack paths from initial access to internal exposure and isolation breakout. This session will cover strategies for how organizations can approach prevention, including a playbook for how security and development teams can control risks together across the pipeline.

From CSPM to CNAPP: Defining a New Operating Model for Cloud Security

Industry analysts estimate that 99% of cloud data breaches will be traced back to preventable misconfigurations made by end-users. Yet companies are disproportionately allocating resources to secure the public cloud infrastructure instead of SaaS, which is the number one way organizations consume cloud.

Modern enterprises today leverage 50 or more SaaS apps. With countless configuration changes and fast release cycles, manual security management is a near-impossible task. The lack of visibility over apps makes them appear secure on the surface, but the underlying data schema may be leaking sensitive data.

SaaS Security Posture Management solutions (or SSPM) enables visibility into configuration and data exposure risk across an entire SaaS estate by providing a universal control plane. It’s only after accurately observing and quantifying cyber risks in SaaS can organizations take the necessary steps to address them at scale. 

In this webinar with AppOmni and Accenture, you’ll learn:
• What makes SaaS clouds different
• Why approaches and tooling that work for “traditional” cloud (IaaS and PaaS) security are inapplicable and insufficient to address SaaS security requirements at scale
• What to look for in SaaS that demands additional security measures
• Best practices in SaaS security configuration and monitoring
• Key approaches to build and operationalize a SaaS security program

Securing SaaS: The Missing Component of Cloud Security

While cloud technology is not new, and many organizations have been on their cloud journey for years, cloud service providers continue evolving with new features and services. 

The fast change and growth make it difficult for many organizations to catch up and inadvertently introduce security weaknesses. 

Join our webinar as we talk through this year’s results of the Unit 42™ Cloud Threat Report!

Our experts offer insights into the most common drivers of cloud incidents and breaches today, giving security leaders and practitioners a comprehensive view of cloud security threats. These findings should enable leaders to understand the greatest risks to their cloud environment and how to manage them most effectively.

The topics we surveyed:
• Cloud breach incidents of fortune medium and large-size companies.
• Cloud threat actors.
• Complications in the cloud.
• Impacts and risks of open-source software in the cloud.

Unit 42™ Cloud Threat Report

While Zero Trust has become an industry slogan among security advocates, it also has been diluted by being associated to specific solutions and technologies.

Let’s move beyond the buzz word and beyond the diatribe of repeated messages that fall short in providing a clear and concise message. For security practitioners who strongly advocate for ZT, we are going to provide practical and actionable steps on your journey to implementing ZT within your environment and realize value for your organization

During this session we’ll cover: 
• Why Identity is the control plane
• First step to establish ZTNA - verify Identity
• Central for Zero Standing Privilege and Least Privilege
• Identity carries across the Zero Trust pillars — network, data, app, device

Deliver Value and Security through Zero Trust

Shifting security left empowers DevOps teams to create secure software and infrastructure by giving them the tools and indicators to detect and mitigate potential security problems prior to release. Learn how your DevOps teams can take ownership of your security posture by implementing gating functions that prevent insecure software from being promoted to production.

Join this webinar, as Terazo covers the governance and technical aspects of implementing DevSecOps. They will discuss the stages and actions they take to improve the resiliency of software development and delivery, including:

Continuous Integration
     ● Developer Training
     ● Static/Dynamic Application Security Testing
     ● Software Composition Analysis

Continuous Deployment
     ● Infrastructure Provisioning
     ● Secrets Management

Continuous Configuration Automation
     ● Automated Release Automation
     ● Configuration State Reporting

Continuous Monitoring
     ● Penetration testing
     ● Runtime Application Protection

This webinar will include a demonstration of integrating a cloud security platform into a CI/CD pipeline.

Best Practices for Implementing a Secure DevOps Toolchain

DevOps

Best Practice

Shifting Left

Toolchain

Software Development

Cloud Security

Cyber Security

DevSecOps

Application Security

CICD

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Best Practices for Implementing a Secure DevOps Toolchain

Presented by

About this talk

More from this channel