Name: Building a Better Playbook for Incident Response
Start: 2022-04-20T01:30:00Z
End: 2022-04-20T01:30:26.000Z
Location: BrightTALK
Rating: 4.4

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Security teams are drowning in data. Alerts, findings, metrics, dashboards — all technically “useful,” yet often failing to answer the most important question: what actually matters right now, and why? As artificial intelligence becomes more accessible across security programs, many organizations are experimenting with AI-driven tooling in the hope that it will bring clarity. But used inefficiently, AI can often amplify existing problems rather than solving them.

This discussion explores how AI is reshaping data-informed security decision-making — not as a silver bullet, but as a force multiplier that depends heavily on human judgment, context, and intent. We’ll examine why most AI in use today more closely resembles advanced machine learning than true autonomous intelligence, and why outcomes are still largely driven by the quality of inputs, assumptions, and program maturity.

Through an operational and security lens, the speakers will unpack how teams can move from raw signal volume to meaningful narratives that support better prioritization and risk decisions. We’ll discuss common failure modes, including over-reliance on automation, misinterpreted insights, and resistance from skeptical stakeholders. The conversation will also address how organizations can responsibly incorporate AI into existing security workflows without compromising trust, transparency, or accountability.

To ground the discussion, we’ll walk through a practical vulnerability management example, illustrating how an AI assistant can help surface recommendations that improve efficiency and decision quality — while still keeping humans firmly in control of outcomes. Ultimately, this session aims to help security leaders separate signal from noise, hype from value, and automation from understanding as they navigate an evolving AI landscape.

From Noise to Narrative: How AI Is Reshaping Data-Informed Security Decisions

AI agents are rapidly becoming the most powerful “users” inside the enterprise. They provision infrastructure, move data, and call APIs with broader and more persistent access than human employees, yet they operate outside traditional safety nets. Unlike human access, there is currently no clear ownership, no certification process, and no accountability model for these machine identities.

In this session, we examine how agentic AI has quietly broken the assumptions identity governance (IAM/IGA) was built on. We will explore:

-The Velocity Gap: Why traditional controls fail at machine speed.
-Inherited Risk: How AI agents bypass oversight by inheriting "ghost" permissions.
-The Auditor’s Dilemma: The uncomfortable question CISOs will soon face from boards: “Who approved this access, and who is accountable for what the AI actually did?”.

Your AI Agents Have More Access Than Your Employees. No One Is Accountable

As AI adoption accelerates across organizations, traditional security approaches focused solely on license management and non-human identities are missing the bigger picture. This webinar explores a comprehensive framework for AI security that recognizes the full spectrum of AI identities in your environment, from AI users and builders to AI agents, and provides actionable strategies for discovery, protection, and defense.

We'll examine how AI security can be looked at through an identity security lens and demonstrate how runtime intelligence reveals dramatically more AI usage than static configuration approaches. Attendees will learn practical methodologies for inventorying their complete AI footprint, identifying risky access patterns, and implementing high-fidelity detection capabilities that enable faster SOC response.

Key Takeaways:
- Understand the three critical categories of AI identities: users, builders, and agents
- Learn why runtime detection reveals 5x more AI activity than static license tracking
- Discover how to identify shadow AI usage and over-privileged AI identities
- Implement a governance framework aligned with NIST AI security guidelines
- Build detection strategies that go beyond traditional NHI approaches

AI Users, Builders, and Agents: Securing the Next Generation of Identities

AI adoption in the cloud is surging, with over 70% of organizations using managed AI services—but security risks are growing just as fast. This latest report uncovers key trends, including the rapid rise of DeepSeek, widespread AI experimentation, and critical security gaps that organizations must address now.

AI Series: The State of AI in the Cloud

The cloud has redefined what is possible in technology, enabling organizations to move faster, scale effortlessly, and innovate without boundaries. Yet the cloud’s defining qualities of speed, scalability, and elasticity have outpaced traditional security models that were built for static, on-premises environments rather than dynamic digital ecosystems. The next phase of cloud security requires a mindset shift that embraces the cloud’s speed, scale, and ephemeral nature as the foundation of a more adaptive and intelligent defense strategy. 

This session explores the next stage in the evolution of cloud security, moving from fragmented visibility and static configuration checks toward real-time insight, automated investigation, and adaptive response. Attendees will learn how automation and AI can help teams embrace the ephemeral nature of the cloud, gaining clarity and control without slowing innovation. 

Participants will gain practical insight into assessing cloud security maturity, identifying visibility gaps, and understanding how intelligent automation enables security teams to analyze activity across thousands of assets, reconstruct events within minutes, and make faster, more confident decisions. We will also discuss how different layers of security, including posture management, threat detection, and incident response, work together to deliver a unified, adaptive approach to securing modern environments. 

The session will inspire participants to view the cloud’s dynamic nature as an opportunity to transform it into an ally in defense, rather than a source of endless complexity.

Redefining Cloud Security in the Era of AI and Automation

Security operations are entering a new era, where AI doesn’t just automate tasks, but understands context, collaborates, and learns. The foundation of this evolution is the Agentic System: a connected network of AI entities designed to make coordinated decisions in complex environments.

In this session, we’ll break down what an agentic system truly is—from its core components to how they operate in a dynamic security operations center. We’ll explore the architecture behind agentic personas, skills, tools, and memory, and show how their interplay leads to faster, smarter, and more predictive defense.

Through practical examples and security-specific use cases, you’ll see how agentic systems are transforming the way teams detect, analyze, and respond to threats, and how to start thinking about building agentic principles into your own environment.

Key Takeaways:
- What defines an Agentic System and why it represents a new model for SecOps
- What makes up an agentic persona and how they can collaborate for a greater outcome.
- How skills, tools, and memory operate in real-time as an agentic system and why this beats standalone automation.
- The outcomes agentic systems can deliver — speed, precision, foresight, and scalability
- Real-world examples of how agentic architectures are reshaping modern security operations

The Anatomy of an Agentic AI System: Understanding the Architecture Behind Faster, Smarter, and Predictive Security

The Cloud Security Alliance recently released the first independent benchmark study of AI agents in the SOC. With 148 analysts across two investigation scenarios, the study delivered hard evidence on how AI makes analysts faster, more accurate, and more consistent.

Hear from CSA CEO Jim Reavis, former Robinhood CISO Caleb Sima, and Dropzone AI CEO Edward Wu as they unpack the results for SOC leaders deciding how to adopt AI today.

What you’ll learn:

• What the data really shows about AI-augmented analysts’ performance in accuracy, speed, and consistency
• Where AI delivers the most value in the SOC today, from Tier 1 triage to Tier 2 investigations
• How analysts felt about AI after hands-on use—and why 94% said their opinion of AI improved
• What SOC leaders should do next to turn research insights into operational advantage

AI in the SOC: Expert Perspectives on the CSA Benchmark Study

As of May 2024, the Wiz Research team has analyzed over 200 cloud security incidents, identified 65 threat actors, and tracked 155 attack techniques alone. With cloud adoption on the rise, security teams now need to understand the threat landscape to stay ahead of evolving risks. Watch the Wiz Research team's insights in this on-demand webinar, featuring an in-depth look at today’s cloud landscape, the latest industry trends, and the most notable threats, including: 
- Who’s targeting the cloud 
- The top 5 most common cloud threats 
- What your organization should prioritize today

How to Find Your Most Critical Risks in the Cloud

MCP servers serve as the backbone that enables AI agents to access the tools, data, and context they need to operate.

By connecting these agents to everything from internal APIs and databases to third-party SaaS systems, MCP turns isolated AI models into fully capable, action-driven agents.

New research by Astrix Security analyzed more than 5,200 open-source MCP servers and surfaced systemic risks:
1. 53% rely on static API keys or PATs
2. Only 8.5% use OAuth applications
3. 79% pass keys via simple environment variables

In this webinar, we will unpack the data, methodology, and what it means for your attack surface.

To help tackle these challenges, Astrix introduces its new open-source MCP Secret Wrapper, a practical way to eliminate hardcoded credentials by fetching secrets from a vault at runtime.

In this session, you will learn how to apply the wrapper for quick wins, how to enforce least-privilege and short-lived access at scale, and how to align with compliance without slowing down your teams.

State of MCP Server Security 2025: What 5,200 Servers Reveal, and the Open-Source Fix You Can Use Today

“What do we actually own in the cloud?” It’s a question security leaders ask every day—yet answers are rarely clear. 

In today’s cloud-driven world, assets, identities, and resources change faster than manual tracking can keep up, creating critical blind spots that attackers can exploit through misconfigurations or overprivileged accounts. For security operations, this speed demands an equally fast response. However, legacy asset management and siloed security tools often fall short, leaving gaps in visibility and costing precious minutes during detection and response.

Join us to see how modern SecOps can outpace attackers by unifying on-prem and cloud telemetry, identifying exposures inside and outside their firewall, and leveraging agentic AI and automation throughout detection, investigation, and response—ensuring cloud blind spots never become entry points.

Key Learnings:
• Why legacy asset management and manual processes can’t keep up with the speed of cloud
• The real risks behind inaccurate cloud inventories, invisible SaaS assets, and cloud exposures
• How AI and automation enable continuous discovery, faster detection, and smarter response in cloud security operations

Cloud Asset Blind Spots: Closing Gaps Before They're Exploited

You’re juggling multiple endpoints. Your remote workforce is creating security gaps. And identity attacks jumped 442% last year alone. In this webinar, you'll hear from Jason Kikta (CISO/SVP, Product at Automox) and Dmitri Alperovitch (Automox Chairman of the Board, co-founder of Crowdstrike) discuss pressing security concerns and real solutions, like:
- What’s actually happening in the current threat landscape
- How autonomous endpoint management eliminates security gaps
- Where Automox is headed next (Spoiler alert: It’s game-changing.)

State of Cybersecurity: A Reality Check

Every day, another AI “agent” for security operations emerges: a playbook runner, a data enricher, a script executor. But stitching together a few task-specific bots doesn’t solve the complex problems facing the SOC—it exacerbates them. On the other side, there’s this promise of an “Autonomous SOC” leveraging agents, but these generic systems don’t have the best understanding or oversight about your environment.

In this webinar, we’ll explore a more effective evolution: Autonomous, role-based, agentic AI personas. Join ReliaQuest President of Field Operations Colin O’Connor, ReliaQuest CTO Joe Partlow and guest speaker Forrester Principal Analyst Allie Mellen for a forward-looking conversation that cuts through the noise to uncover how agentic teammates reframe what’s possible for AI in the SOC. 

In this webinar, you'll learn:
• What distinguishes a task-based agent from a true teammate—and why that matters 
• The architecture of a hybrid human + AI SOC (and what it’s not: autonomous) 
• How to evaluate when to use agentic teammates—and when not to 
• What a future-ready operating model looks like in live use-case walkthroughs

The Case for Agentic Teammates: Moving Beyond Task Bots

The 2025 Identity Automation Crisis: What 500+ Leaders Exposed
Enterprises have never had more identity tools—SSO, password managers, privileged access controls, and governance platforms. On paper, the identity stack looks mature. But beneath the surface, a critical problem persists: the last mile of identity still runs on manual execution.

The new 2025 Identity Automation Gap Report, based on insights from 500+ IT and security leaders, shows just how wide the gap really is:
• 58% of former employees keep access to systems after leaving
• 41% still share passwords manually (yes, spreadsheets)
• Fewer than 4% of enterprises have fully automated core identity workflows

Join Matt Chiodi, CSO at Cerby, and Aaron Turner, Faculty at IANS, as they unpack what the data reveals and share practical ways to:
• Spot and close your biggest identity blind spots
• Extend automation to disconnected apps (without ripping out your stack)
• Turn manual execution into automated protection that’s secure, scalable, and resilient

The 2025 Identity Automation Crisis: What 500+ Leaders Exposed

The transformative power of AI is undeniable, yet unlocking its full potential requires enterprises to secure their enterprise data to safely scale AI systems. Building trustworthy AI Assistants and Agents necessitates a comprehensive understanding of your organization's data landscape – especially unstructured data – coupled with fine grained access controls to protect against accidental leakage of sensitive data, clever cyber attacks and inappropriate internal access.

Join Nikhil Girdhar from Securiti and Shanmugam Kandaswamy from AWS  as they discuss how to apply Securiti DSPM to accelerate the safe deployment of enterprise AI assistants and agents with Amazon Q Business. Gain technical insights on how to establish proactive data security and governance, and mitigate emerging AI risks, such as OWASP Top 10 for LLMs.

Attendees will learn how to:

• Create comprehensive Data+AI mapping with full data lineage and provenance
• Prevent unintended data access by users of AI Assistants by enabling stronger data access controls
• Mitigate emerging AI risks such as prompt injections and sensitive data exposure
• Improve the efficacy of AI responses by minimizing redundant, obsolete, and trivial (ROT) data

From Data to Deployment: Safeguarding Enterprise AI with Security and Governance

Conquering Cloud Security Pain Points addresses the critical security challenges enterprises face in the cloud. The agenda includes a discussion of the promise versus the reality of cloud security and a deep dive into six key pain points. The session will also present strategic approaches to overcome these challenges, such as fostering unified visibility and control, implementing consistent policy enforcement, and streamlining security change workflows. The presenter, David Geffen, CMO at AlgoSec, will also cover achieving continuous compliance, bridging the cloud security expertise gap, and embracing proactive risk prevention. The presentation concludes with key takeaways and next steps for a holistic security strategy.

Conquering Cloud Security Pain Points

Securing your organization is no longer just an IT issue; it's a financial necessity. This webinar explores how identity security can help companies reduce global cyber losses by billions. We'll discuss how these findings are reshaping corporate budgets and influencing how insurers assess risk.

Key Takeaways
• Financial Impact: Learn how strong identity security directly reduces your financial exposure to cyber threats.
• Evolving Threats: Discover how the changing the threat landscape and the security strategies needed to combat it.
• Actionable Advice: Get practical guidance on where to start with identity security and how executives can use this data to justify critical investments.

Join us to learn how to turn identity security from a cost into a competitive advantage.

From Risk to ROI: The business case for identity security

Generative AI tools like ChatGPT are rapidly being adopted across enterprises to drive efficiency, but they come with real and immediate security implications.

Recent studies show that 15% of employees are pasting data into GenAI tools, and 1 in 3 are unknowingly sharing sensitive information. These behaviors create a new layer of risk: inadvertent data leaks, compliance violations, and exposure of confidential assets.

As a result, most organizations face a blunt choice: block GenAI entirely or allow it unchecked. Neither option is valid in today’s world. But GenAI security and productivity shouldn’t be an “either-or” choice.

In this webinar, LayerX security leaders will break down how to secure GenAI usage without sacrificing its value. You’ll get a clear understanding of how these tools are being used, what risks they create, and what practical steps you can take to mitigate them.

Register for this webinar to learn:
• Industry Insights: See how and where GenAI is being used across the enterprise—by whom, for what, and how often.
• Risk Breakdown: Learn what kinds of sensitive data are being exposed, and what that means for your security and compliance posture.
• Protective Actions: Walk away with specific policies, controls, and tools to reduce risk while enabling safe GenAI adoption.
• Real World Lessons: Hear how leading security teams are addressing these challenges in real-world environments.

Whether you’re a CISO, a security architect, or part of the compliance team, this session will give you clear, actionable guidance to secure your organization’s GenAI usage—before it becomes a problem.

Register now and take control of GenAI security before it takes control of you.

Preventing GenAI Data Leakage: Enabling Innovation Without Compromising Security

This webinar offers cloud network security experts an in-depth look at the paradigm shift from traditional perimeter-based security to a modern application-centric approach. Discover why conventional data center security models, relying on static policies and firewalls, are ill-suited for the dynamic nature of cloud environments, which are characterized by the explosive growth of IaaS, PaaS, and SaaS. We will explore the critical challenges posed by vanishing perimeters, lack of visibility into cloud environments, and the complexities of securing highly dynamic resources like VMs, containers, and microservices. The session will detail the core principles of application-centric security, including achieving granular visibility into application dependencies, implementing Zero Trust frameworks with verification and validation checkpoints, and leveraging microsegmentation for enhanced isolation. Furthermore, learn how automation and orchestration are essential for consistent policy enforcement, faster response times, and increased efficiency in managing cloud security at scale across diverse multi-cloud and hybrid infrastructures.

The Evolution of Cloud Network Security: From Silos to Service-Centricity

Keynote

Recent industry-wide security issues, in open-source software in particular, have energized companies to revisit their playbooks and processes for handling these types of issues. This is especially true now that vulnerabilities are now affecting software libraries that are used broadly to perform very common, basic service functions. Compound this with the fact that the situations around these vulnerabilities can change by the day or even the hour – resulting in a unique level of both visibility and complexity for any in our industry affected. For the industry in general, such broadly applicable incidents are relatively new – and we are all adapting to how we deal with and help mitigate them moving forward.
 
Standard security practices need to be revisited regularly to adapt to these broader potential issues. These types of vulnerabilities can impact many applications and services – and are also often too new to be flagged by widely used commercial scanning tools. You need to mobilize the entire company to effectively deal with these issues and properly manage customer expectations. Mike Mellor will share best practices Adobe has learned to help enhance our own playbooks to better deal with the evolving complexity and scope of industry-wide vulnerabilities.  He will provide guidance and best practices that can be valuable as we work together as an industry to get better at managing and mitigating similar incidents in the future.

Building a Better Playbook for Incident Response

Cloud Security

Cyber Security

Vulnerabilities

Incident Response

mitigating risks

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Building a Better Playbook for Incident Response

Presented by

About this talk

Cloud Security Alliance: CloudBytes