Name: Defending your Cloud with MITRE D3FEND
Start: 2021-08-12T18:00:00Z
End: 2021-08-12T18:00:59.000Z
Location: BrightTALK
Rating: 4.7

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Corporate Boards and Executives increasingly need to understand that security is a fundamental element of business. Listen to our panel of CISOs and Security Executives explore practical methods for integrating security seamlessly and effectively, transforming your business into a security-conscious entity. Panelists include Merritt Baer, Lacework Field CISO and former Deputy CISO to AWS, Sydney Jones, Head of Cyber Threat Intelligence, BNP Paribas, former Cyber Threat Intelligence Coordinator, CME Group, and Navpreet Jatana, Seemplicity Principal RemOps Advisor, and former Zions Bancorp SVP, Enterprise Information Security.

Turn Business Leaders into Security Champions

Research shows that a robust data security program is a strategic business advantage for companies. But building such a program requires a strong data command center for managing policies and controls that protect data across the hybrid multicloud landscape. The role of a data command center is to help the organization achieve the delicate balance between reducing risk and meeting business objectives. Meet our expert panel to learn why companies are building data command centers to modernize their data security programs.

Join us and learn about the best practices for:

• Building the business case for a modern data security program
• Managing data risk across the dynamic hybrid multi-cloud landscape
• Prioritizing risk mitigation strategies to protect most sensitive data
• Using automation to enable secure data sharing within & outside company
• Proactively manage breach response using risk quantification & automation tools
• Collaborating with governance, privacy, compliance, & business teams

Foundations of a Next-Gen Data Security Program

Incident response is typically reactive, as analysts rush to identify ongoing security incidents, triage a barrage of alerts, enrich data with available threat intel, and communicate critical information to downstream stakeholders.

The problem is that this process relies too much on manual processes and is far too slow in getting the right information to the right decision makers. While detection tools may be rapid, the end-to-end process of aggregating, prioritizing, disseminating, documenting, alerting, and finally taking action to stop attacks can take days to weeks to months to never…

Join security experts from Cyware for a discussion of practical ways to improve incident response by incorporating threat intelligence and automation into your processes from the outset – rather than as an afterthought. An intelligence-driven process can help you proactively get ahead of threats, anticipate possible attacks, prepare detection rules in advance, address vulnerabilities and help your organization respond quickly and effectively when incidents occur. Combining this with effective orchestration, automation, and collaboration tools can dramatically reduce response time and improve outcomes. This discussion will include:

• How to break through silos to connect people, technology, and data
• The need to orchestrate security tools, cloud apps, and data sources
• Ways to effectively consolidate, and prioritize threat and incident data
• Connecting the dots across threats, incidents, tools, and teams
• Automating alerts to stakeholders so they can make decisions quickly

The Need for Intelligence-Driven Incident Response

Well-orchestrated spear phishing campaigns targeted at SaaS super admins are swiftly becoming a leading cyber threat. Threat actors are finding new ways to steal credentials from highly privileged accounts to “live off the land.”

Threat actors exploited a novel attack method in the recent Okta HAR compromise, where they targeted an identity provider (IdP) with the intent to exploit its customer organizations. In addition to Okta being compromised, this compromise successfully targeted several Okta customer organizations.

Learn step-by-step how this identity-centric breach occurred, the common attacker tactics, techniques, as well as procedures, and why managing your SaaS identity security without SaaS security posture management (SSPM) places organizations at risk for compromise and data loss. 

In this webinar, presented by AppOmni, we’ll discuss:
• The common attacker tactics used in the Okta HAR breach
• Why proactively securing and continuously monitoring the SaaS attack surface and ensuring appropriate security configurations of an Okta instance is essential
• How SSPM conducts event monitoring to detect anomalous activity from a customer’s Okta instance, including being able to detect and alert on rogue IdP registrations

Okta Compromise in Focus: How to Safeguard SaaS Identities with SSPM

Silos happen. In many security organizations, threat intelligence analysts and incident responders work in different teams, use different tools, and have gaps in how they communicate and collaborate. These fragmented silos of data, technology, and people are pervasive, and increase overall risk.

While Threat Intelligence promises to anticipate and prevent cyberthreats, it is often run in isolation, hindering real-time sharing of threat data, and delaying response to emerging threats. And when threat intel is shared, it typically takes too long, provides too much extraneous information, and lacks the context required by downstream decision makers.

It's time to break through silos and bring together multiple teams, security disciplines, and tools through orchestration, automation, and better human collaboration.

Join security experts from Cyware for an interactive discussion of practical strategies and real-world case studies of SOC teams connecting the dots across tools and effectively integrating threat intelligence into security operations. Topics will include:

• How to connect people, technology, and data across security silos
• The need to orchestrate security tools, cloud apps, and data sources
• Ways to effectively consolidate, and prioritize threat and incident data
• How threat intelligence can be used to build better detection rules
• Getting the right information to the right people, right away

Using Threat Intelligence to Break Down Security Silos

Organizations don't need to go it alone in their cloud security efforts, nor do they need to incur significant financial costs. In fact, they can use a familiar set of industry-recognized best practices to create secure cloud environments. Working with global adopters and cybersecurity experts, including Cloud Security Alliance (CSA), the Center for Internet Security (CIS) has created a variety of no-cost resources to help organizations of all sizes secure their cloud-based assets. 

The main challenge in applying best practices within cloud environments is tied to the fact that these systems typically operate software and hardware under different assumed security responsibilities. The Security Best Practices team at CIS continually refines our security guidance for the cloud to help solve these challenges and ensure it reflects any and all scenarios that organizations may face when securing their environments and assets. 

Looking for the most secure way to protect your cloud environments? Our webinar will break down our available resources to keep your organization safe. Tune in to learn more about:

• How the CIS Critical Security Controls and CSA Cloud Control Matrix can work together to improve your cloud security
• Applying cybersecurity best practices in your cloud environments across different service and deployment models 
• Ensuring your cloud environments and assets are securely configured based on consensus-based industry guidance, the CIS Benchmarks

First-Class Security on an Economy Budget: Protecting Your Cloud Assets with CIS

According to the Merchant Risk Council (MRC), 2023 Global Ecommerce Payments and Fraud Report, merchants are now using an average of 3.9 payment processors. It’s crucial now more than ever to optimize your payment processes, so that you can increase your authorization rates without introducing complexity. Join our hour-long webinar with TokenEx CISO, John Noltensmeyer, and Verisave CEO, Jeremy Layton, as they dive into how to manage a multi-PSP strategy and the benefits of owning your payment data to control your business growth.  

In this webinar, you’ll learn:  

1. The current state of the payment landscape.  
2. How to enable a multi-PSP strategy without introducing complexity.  
3. Tactics for reducing your interchange fees and increasing your authorization rates

The Importance of Payment Optimization and a Multi-PSP Strategy

The Enterprise Strategy Group recently published their findings of a cloud detection & response survey (July 2023). In this Cloud Bytes episode, SentinelOne highlights several of the key findings from that research and discusses their significance to cloud security strategies, and the role of runtime security therein.

Emerging Themes in Cloud Detection & Response

As organizations reduce their attack surfaces with tooling and best practices, bad actors are looking for new attack vectors so they can reach mission-critical systems. One increasingly popular attack vector involves targeting the software delivery process itself by abusing CI/CD pipelines to execute attacks such as malicious code injection. When you build and iterate on your CI/CD security strategy, it’s important to get inside the mind of an attacker who’s looking to gain access to your systems. So how do bad actors think about CI/CD pipeline-based attack paths? Tune in to this webinar and learn from our CI/CD security expert, Omer Gil, as he walks through:

• The most common type of CI/CD-based attack — poisoned pipeline execution (PPE)
• How bad actors can bypass required pull request (PR) reviews
• Why bad actors prefer PPE attacks over traditional attack paths
• And more!

Top Ways to Abuse CI/CD and Reach Production

The AT&T Cybersecurity Insights Report is an annual thought-leadership report based on a global survey of over 1,400 IT, security, networking, development, and line of business professionals across seven industries. The research is vendor-neutral, forward-looking, and actionable.

The journey to edge is a collaborative endeavor that begins to erode organizational silos and foster closer working relationships. The right edge ecosystem partners bolster resilience and security – critical elements of edge computing solutions, especially as the attack surface expands.

The AT&T Cybersecurity InsightsTM Report: Edge Ecosystem examines how organizations are changing to support edge, why planning for the edge takes an ecosystem of partners, why investing in edge use cases drives competitive differentiation.

The discussion provides insight into:
• What the business drivers are for edge use cases
• Where edge use cases are being deployed
• How budgets are shifting to support edge

2023 AT&T Cybersecurity Insights Report: Edge Ecosystem

Kubernetes has rapidly become the de facto standard for container orchestration in modern software development. But rapid iteration often leads to security risks, including misconfigurations and supply chain attacks. Breaches often have a large blast radius, due to overly-privileged network, execution, and identity and access management (IAM) policies.

In this webinar, you'll glean insights on how to run K8s with confidence, accelerating usage without compromising security and compliance controls. 

Attendees will learn:

• Common K8s security mistakes and threat vectors (and how to avoid them)
• Tips to balance preventive efforts with reactive ones
• Best practices to address top security concerns, container image scanning, least-privilege strategies, and runtime breach detection to achieve speed and efficiency goals

Modern Workload Security: Addressing the Challenges of K8s

As Cloud Attacks Increase, How Should AppSec Respond?

The rise of cloud-native development has ushered in an engineering paradigm shift, one in which the speed, agility and flexibility of software development is increasingly critical to business success. As a result, the engineering ecosystem has become more dynamic than ever before. 

While this shift is integral to rapid development in the cloud, it also introduces new opportunities for bad actors to leverage weaknesses to instigate attacks. Protecting your organization from these attack vectors requires a modern approach to application security.

But what does modern AppSec look like? And how must traditional AppSec evolve to respond to the changing cloud-native attack surface?

Tune in to this webinar with Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, to learn:
• Why bad actors are increasingly targeting the engineering ecosystem in cloud attacks.
• How security teams can become a guardrail or enabler, rather than a blocker.
• Why getting visibility into your engineering environment is the key to modern AppSec.
• How to evaluate your organization’s software supply chain risk posture.
• Practical tips to improve your organization’s resilience to cloud attacks.

Evolving AppSec for Cloud-Native Resilience

If this describes your organization, are you ready to transform the narrative: Siloed security and remediation teams, a lack of actionable risk insights, and fragmented remediation stemming from complex cloud and application environments? Melinda Marks, ESG Senior Analyst, and Ravid Circus, Seemplicity Chief Product Officer discuss the state of cloud risk remediation, as well as a holistic strategy that bridges the gap between security and remediation teams. Join the conversation to understand how you can transform your remediation operations strategy with streamlined collaboration and context-driven action.

Security Remediation at Cloud Scale

Mergers and Acquisitions (M&A) are increasingly encountering a reality that a significant proportion of either the merged or acquired entity is constituted by a virtual, Software-as-a-Service (SaaS) footprint. The SaaS-fication of business includes many of the core business processes and proprietary data, with large enterprises having hundreds or thousands of SaaS apps deployed. 

Until recently, observability into the SaaS estate has been limited, the equivalent to buying a house sight unseen. This is because existing cloud security solutions such as Cloud Access Security Brokers (CASBs) are unable to provide insight to the SaaS app configuration and permission settings, including SaaS-to-SaaS connections. Only by leveraging a SaaS Security Posture Management (SSPM) solution can security and risk leaders effectively perform the necessary SaaS cybersecurity due diligence to understand and manage the cyber risks associated with the M&A process. 

A SSPM solution provides SaaS cyber risk observability from a single pane of glass, effectively shining a light onto current and potential future state SaaS cyber risks, including over-permissioned end-users and exposed sensitive data.

Boost your M&A Program with SSPM

We all know the cloud brings speed and automation to the business, but the speed of cloud attacks is staggering. New data shows how your cloud can be owned in the amount of time it takes to brew your fancy pour-over coffee. 

In this webinar we’ll unpack the latest cloud attacks and share real stories of organizations that evolved their defense to prevent, detect, and respond at the speed of cloud. Spoiler alert: your CSPM ain’t gonna cut it. 

Smash that register button if you’re curious about: 

• How you can reduce vuln noise by up to 95%
• How runtime insights make CSPM better
• How to reconcile all these acronyms into a coherent cloud security strategy (CNAPP, CSPM, CWPP oh my!)

Beyond CSPM: Mastering Cloud Defense in the Age of Rapid Attacks

In the current state of SaaS cybersecurity, there’s a disconnect between security practitioners’ perceptions of their SaaS cybersecurity maturity and the actual reality. A majority feel overconfident in their SaaS cybersecurity strategies, but our findings paint a different picture, revealing that organizations aren’t effectively managing SaaS cybersecurity risk at scale as much as they perceive.

From our survey of over 600 security practitioners for our report, we learned that 79% of organizations suffered a SaaS cybersecurity incident in the last year. We find that one of the key challenges organizations face is obtaining risk visibility into their SaaS attack surface. But we see a silver lining: Organizations are aware of risks posed by unsecured SaaS and are now prioritizing SaaS cybersecurity as a top 3 initiative.

In this webinar, presented by AppOmni, we will discuss:

The latest trends and findings from The State of SaaS Cybersecurity Posture 2023 Report
• How to gain actionable end-user-centric insights
• Actions to take to reduce your SaaS attack surface

CISOs Overestimate SaaS Cybersecurity Posture — How to Secure Your SaaS Data

Everyone’s talking about artificial intelligence (AI) and machine learning, but how will this impact cloud security? And why is AI such an indispensable tool in the security practitioner’s arsenal?

Invite your customers to tune in as Michael Vaughn, Director of Product Management at AT&T Cybersecurity, discusses the advantages to the SOC of AI-powered threat detection and response and describes how machine learning is being used to help organizations secure their data in the cloud.

How SOC Teams Use Next-Generation AI to Improve Cloud Detection and Response

Modern cloud threats with complex, multi-stage kill chains cannot be mitigated simply by compliance and configuration checks. The MITRE ATT&CK framework for Cloud provides a structure for security teams to reason about attacker tactics in their cloud. The newly announced MITRE D3FEND framework provides a standard vocabulary for countermeasures against attackers. 

In this live session, we will provide an overview of D3FEND and how it maps to cloud security. We discuss the countermeasures security teams should consider that are specific to cloud attack tactics. We also discuss how ATT&CK maps to the technical root causes of breach that have impacted over 9,000 reported breaches to date.

Security experts and cloud DevOps/DevSecOps attendees will learn about:
- MITRE ATT&CK and differences between Cloud and On-premises
- How MITRE ATT&CK maps to the technical root causes of breaches
- MITRE D3FEND and how to apply and extend it for your cloud
- How to prioritize and deploy countermeasures based on D3FEND

Hear from Dr. Neil Daswani (former CISO of LifeLock and co-author of Big Breaches and Foundations of Security) and Dr. Saumitra Das (founder and inventor in AI security) about these frameworks and countermeasures and reason about where to direct your efforts to minimize risk.

Defending your Cloud with MITRE D3FEND

Risk Mitigation

Cloud Security

Security Breach

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Defending your Cloud with MITRE D3FEND

Presented by

About this talk

More from this channel