Name: Hacker Snacks: Those Cookies Will Go Straight to Your SaaS
Start: 2021-11-17T18:00:00Z
End: 2021-11-17T18:00:45.000Z
Location: BrightTALK
Rating: 0

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

In today’s digitally interconnected world, patch management is no longer a routine IT task—it’s a critical business imperative.

The complexity of modern IT environments, including hybrid clouds, diverse operating systems, and a multitude of third-party apps, has made patch management increasingly challenging.

In this webinar, Automox and GigaOM will share insights from the “GigaOM Radar Report for Patch Management v3.0” and discuss how organizations like yours can tackle these challenges in 2025 and beyond.

Join us to learn:
• How AI-powered threat assessment and patch orchestration are transforming patch management
• Why strategic patch management requires more than just applying patches and key factors to consider
• The evolving patch management landscape, highlighting key vendors and emerging trends
• Tips to help you choose the right solution for your needs

You’ll leave this webinar ready to strengthen your defenses and proactively mitigate cyber risks.

How To Effectively Manage and Automate the Evolving Landscape of Patch Management

Securing applications in today's dynamic cloud environments demands a new approach. This webinar explores the critical shift towards application-centric security, moving beyond traditional network-centric models to address the unique challenges of cloud-native architectures. We'll delve into how a deep understanding of application behavior and dependencies is essential for robust security posture. Attendees will learn how to leverage threat intelligence and analysis to proactively identify and mitigate risks, including vulnerabilities and malware. We'll discuss the importance of integrating vulnerability management, network security, and zero trust principles to create a comprehensive defense. Furthermore, we'll examine how application-centric security strengthens compliance efforts and streamlines security operations. Join us to discover how to unlock a more effective and efficient approach to cloud security, focusing on the applications that drive your business.

Unlocking Application-Centric Security in the Cloud

Hybrid cloud environments offer flexibility and scalability, but managing security policies across diverse infrastructures and teams is a growing challenge.  

Join us for an engaging webinar, Mastering Cloud Security Policies: Four Best Practices for Hybrid Environments, where we’ll explore how organizations can achieve unified security policy management, improve operational efficiency, and maintain compliance across hybrid and multi-cloud environments. 

Our featured speaker, Kat Romanov, Product Manager at Tufin, brings extensive expertise in network and cloud security. Kat will share actionable insights and strategies for navigating the complexities of hybrid security management. 

What You’ll Learn: 
• The top challenges organizations face in hybrid cloud security and how to address them. 
• How unified policy visibility from ground to cloud and to the edge enhances security posture and reduces risks. 
• The role of automation and orchestration in simplifying policy management and improving efficiency. 
• Best practices for continuous compliance across regulatory frameworks. 
 
Don’t miss this opportunity to gain expert insights and practical strategies for securing tomorrow’s hybrid cloud environments today!

Mastering Cloud Security Policies: Four Best Practices for Hybrid Environments

Generative AI has introduced a new challenge for security teams: protecting against the misuse of large language model (LLM) applications.

Now businesses are striving to foster innovation while also safeguarding sensitive data, but what’s the best approach? Advancing cloud security strategies to address the gaps caused by evolving LLM applications.

Join us to learn the most common LLM security vulnerabilities and how you can protect against them with proven strategies from Varonis cloud security experts. Generative AI has introduced a new challenge for security teams: protecting against the misuse of large language model (LLM) applications.

Breaks in the Cloud: Protecting Against Top LLM Risks

Join us for an unfiltered conversation on cloud data protection with Corey Quinn, the “Chief Cloud Economist” at The Duckbill Group and a well-known AWS commentator. In this candid discussion, Corey will provide clear and insightful perspectives on the important aspects of securing your data in the cloud. Whether you are new to the cloud or an experienced practitioner, this webinar is designed to help you navigate the complexities of cloud security and strengthen your data protection strategy.

Key Takeaways from Watching the Webinar:
• Understanding the common misconceptions about cloud data protection
• Implementing best practices for securing data in the cloud
• Leveraging insights from an industry expert to enhance your security strategy

Heads in the Cloud, Feet on the Ground: A No-Nonsense Discussion on Cloud Data Protection

Kubernetes has revolutionized how we build, deploy, and manage applications, but it also introduces new complexities. This webinar explores Kubernetes not only from a security perspective but from the lens of developers. We’ll dive into the challenges posed by containerized environments, from managing dependencies to securing CI/CD pipelines. Additionally, we’ll discuss how Kubernetes operates as a cloud in itself and how deploying and scaling it in public cloud environments adds layers of complexity. Whether you’re a developer or a security professional, this session will equip you with key insights to navigate the intersection of development and security in the cloud-native ecosystem.

Kubernetes: Development Challenges and Security Considerations in a Cloud-Native World

In this session, we’ll delve into how an industrial company tackled the challenge of securing non-human identities (NHIs) in their Azure environment. As the organization transitioned to cloud-first operations, it quickly faced the complexity of managing a growing number of NHIs. From APIs to service accounts and automated systems, these NHIs were critical to the company's operations, but their proliferation led to serious security and compliance risks.

Using advanced technologies, the company was able to uncover and classify all NHIs across their Azure landscape, enabling a clear understanding of ownership and access control.

Key issues tackled in the session include:
• Discovering and managing NHIs in a complex Azure environment
• Automating the remediation of high-risk identities with excessive privileges
• Ensuring continuous compliance with industry regulations
• Achieving significant reductions in security incidents and operational inefficiencies

By the end of the session, attendees will gain valuable insights on how to integrate NHI security into their own cloud environments and move from reactive to proactive management of these critical assets. The discussion will feature expert commentary on overcoming common challenges and implementing best practices to ensure secure, scalable, and compliant NHI management.

How an Industrial Company Optimized NHIs in their Azure Environment

AI Copilots such as M365 Copilot bring transformative potential, empowering your company employees to access and analyze vast amounts of enterprise data within SaaS applications. While this significantly boosts employee productivity, it introduces new data security and governance risks. In the rush to adopt Copilot adoption, many organizations have overlooked essential data controls, leading to unintended exposure of sensitive information. Employees may unknowingly query confidential data, such as salary details, M&A plans, or even passwords—information they should not be able to access.In this webinar, we will discuss a framework for enforcing best practices for safely adopting AI Copilots such as Microsoft 365. By putting in place robust data security and governance measures, we will explore how to prevent unauthorized data access and ensure that sensitive data remains protected when using Microsoft 365 Copilot within the company.

Key Takeaways:
• Understand the security implications of an unplanned AI Copilot rollout
• How to evaluate your organization’s readiness for AI Copilot adoption
• Implementing a 6-step framework for automating data security and using Copilot safely

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

In this presentation we focus on the Logging and Monitoring domain, which includes thirteen control specifications that help both Cloud Service Providers (CSPs) and Cloud Service Customers (CSCs) collect, store, analyze, and report on activities and events in their cloud environments. These controls are essential for detecting and responding to security incidents, addressing operational issues, identifying system anomalies, complying with regulatory requirements, auditing security controls, and improving overall security posture and performance.

Under the Shared Security Responsibility Model (SSRM), both CSPs and CSCs share responsibilities for implementing logging and monitoring controls. CSPs are typically responsible for logging and monitoring the underlying cloud infrastructure, such as network and system operations. CSCs, on the other hand, manage logging and monitoring within their deployed applications and services to ensure their specific security needs are addressed.

This presentation will help you understand how the implementation of logging and monitoring controls ensures enhanced visibility, accountability, and transparency of cloud operations. These practices are essential for identifying and mitigating security risks, optimizing cloud usage and performance, and maintaining secure, efficient, and compliant cloud environments.

LOG - Logging and Monitoring

Service accounts are everywhere, but their overprivileged, multi-use, and often unmanaged nature makes them a security liability. Managed identities (and other “passwordless” NHIs) are considered a safer alternative, yet they come with their own set of vulnerabilities attackers can exploit.

Join this 30-minute webinar to learn from NHI security researchers:
• The types and common pitfalls of service accounts.
• How to convert service accounts into managed identities in Azure.
• The downsides of managed identities - and a live demo of how attackers exploit them.
• Best practices to avoid common misconfigurations.

*Bonus* Get a practical tool to map all managed identities in your Azure environment (IYKYK).

Service Accounts vs. Managed Identities: Real Exploits & Best Practices

Results from InformationWeek’s State of Endpoint Management Automation survey show that even with endpoint management budgets on the rise, organizations remain mired in manual tasks, legacy technologies, and a distributed technology stack that hinder effective and secure management of endpoint devices.

Register for this webinar to hear from experts discuss the findings from the recent research report and share strategies and tech to help improve the secure patching of your organization's devices in the year ahead.

How to Prep Your ITOps Team for Secure Endpoint Management in 2025

As AI-powered solutions for security become more commonplace, organizations need to understand where human expertise remains crucial. While automation can identify issues, remediation is trickier - the context and business requirements often demand more nuanced solutions that only experienced professionals can provide.

Join Michael St.Onge, Head of Technical Services at Tamnoon, as he opens up the AWS Console and walks through remediating a public S3 bucket.

Does that sound simple enough to let automation handle it? Of course, but we’ll show you why this seemingly easy-to-automate fix requires careful consideration of business needs and user access patterns to implement an effective security solution that goes beyond the standard automated recommendations.

In this session, you're going to learn:
• Real-world demonstration of when to use AI & where humans come into play to remediate a real AWS S3 security issue 
• How to evaluate security findings given a broader organizational context (and when to use AI)
• When to use automation and when to intervene to avoid missing critical business context

Hands-On Cloud Security: AI Remediations vs Human Verification

Make your ephemeral environments as secure as they are fast!

Ephemeral environments enable rapid scaling, efficient testing, and quicker go-to-market times. But they also expand your attack surface, making them prime targets for sophisticated threats.

In this webinar you'll discover:

• Why short-lived environments don't guarantee safety.
• Actionable strategies for securing containers, Kubernetes, and serverless applications.
• Real-world examples of modern ephemeral attacks and how to prevent them.

Make your ephemeral environments as secure as they are fast and don’t leave your cloud infrastructure vulnerable.

Securing Ephemeral Environments

As organizations rapidly embrace AI to drive innovation and competitive advantage, explore the critical intersection of enterprise AI adoption and data governance. Learn how leading enterprises are balancing the transformative potential of AI with the imperative to maintain robust security and compliance guardrails. 

We'll explore the unique challenges of protecting sensitive data in AI workflows, from securing training data and model outputs to ensuring responsible AI development practices. Learn how forward-thinking organizations are adapting their governance frameworks to address emerging AI-specific risks while fostering innovation. We’ll discuss practical approaches to building AI governance programs that satisfy security, privacy, and ethical requirements without stifling the agility needed for successful AI initiatives. Join us for this essential conversation about navigating the complex landscape of enterprise AI security and governance.

Enterprise AI Intro & Risk/Governance Implications

The AI supply chain is becoming increasingly intricate, with multiple components—data sources, models, APIs, and infrastructure—interconnected within dynamic cloud environments. Understanding these relationships and securing the full pipeline is critical to prevent vulnerabilities from being exploited. In this webinar, we will explore the key components of the AI pipeline, how they are linked, and where security risks are most likely to arise.

In this webinar:
• Breakdown of the AI supply chain: how data, models, APIs, and infrastructure are connected.
• Understanding the potential risks in the AI pipeline and how vulnerabilities can propagate through interconnected components.
• Best practices for securing the AI supply chain and ensuring that every component is protected from exploitation.

Unfolding the Complexity of the AI Supply Chain: Securing the Pipeline

Security teams everywhere are feeling the squeeze, with limited resources to tackle ever-growing challenges. The good news? IT, Operations, and Infrastructure teams can be powerful allies in building a stronger security posture. In this webinar, we’ll dive into practical ways to turn these teams into key partners, giving them the tools and confidence to take on security tasks. We’ll share real-world examples of how organizations are fostering collaboration, breaking down silos, and building a shared sense of responsibility that drives better results without overburdening anyone. Let’s explore how to work smarter, not harder, in 2025.

Own, now a Salesforce company, empowers organizations of all sizes to ensure the availability, security, and compliance of mission-critical data, while unlocking new ways to gain deeper insights faster.

Breaking Down Silos: How IT, Ops, and Infrastructure Teams Can Be Force Multipliers for Security in 2025

Cloud Security for SaaS-Based Startups is a comprehensive guide designed to address the unique challenges faced by SaaS-based startups as they scale and grow. Startups operate in a dynamic environment where security is not just a technical necessity but a cornerstone of customer trust, regulatory compliance, and operational resilience. This guide offers practical, actionable strategies tailored to startups' specific needs, helping them navigate their security journey at every stage.

The document’s phased approach emphasizes the importance of aligning security practices with the startup lifecycle, enabling companies to establish strong foundations during their inception, mature their systems as they grow, and meet the advanced demands of regulated industries and global markets. It covers critical topics such as cloud platform security, data protection, compliance, governance, and incident response, making it an essential resource for any startup looking to scale securely.

In this webinar, the authors of the guide—experienced cloud security professionals—will share their insights and expertise. They will provide a behind-the-scenes look at the research, highlight key takeaways, and share lessons learned from real-world implementations. This session is an opportunity to engage with the creators of this valuable resource, ask questions, and gain practical advice tailored to the startup ecosystem.

Whether you’re just starting your journey or scaling to meet enterprise demands, this webinar will equip you with the tools and strategies needed to build a secure and resilient startup. Join us to explore how to align security with growth and ensure long-term success in today’s fast-paced digital landscape.

Building Security for SaaS Based Startups

With the NIS 2 Directive being rolled out across the continent, organisations operating within the EU must proactively address its stringent cybersecurity requirements. Recent insights from a survey of 1,000 compliance professionals reveal that over 40% of organisations worldwide anticipate being impacted. The directive’s focus on strengthening cybersecurity resilience underscores the critical need for timely preparation to avoid severe penalties for noncompliance.

Join Drata and A-LIGN for an insightful CSA Cloudbyte webinar that delves into the importance of NIS 2 compliance. Our expert panel will explore:

• Key provisions of the directive and how they affect essential and important entities.
• Practical steps to achieve compliance, including gap analysis, policy development, and personnel training.
• The alignment of NIS 2 with frameworks like ISO 27001 to streamline efforts and enhance organisational resilience.

Leveraging A-LIGN’s 15+ years of ISO audit experience and Drata’s robust compliance platform, attendees will gain actionable strategies to simplify their NIS 2 journey and demonstrate trust to regulators, partners, and customers.

Don’t miss this opportunity to future-proof your cybersecurity program. Register today!

NIS 2 Compliance: Why It Matters and How to Prepare

Watch our hacker compromise one user and gain persistent access to many SaaS apps.

We'll use a reverse HTTP tunnel to evade common detections, steal cookies and credentials, and make AWS, GitHub, and Salesforce data publicly accessible!

Learn how SaaS authentication works, watch the attack unfold, and see what you should do to spot suspicious activity.

Hacker Snacks: Those Cookies Will Go Straight to Your SaaS

Cyber Security

Cloud Attacks

Ransomware

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Hacker Snacks: Those Cookies Will Go Straight to Your SaaS

Presented by

About this talk

More from this channel