Cloud Security with Continuous Security Validation

Logo
Presented by

Avishai Avivi, CISO, SafeBreach

About this talk

How do you manage your security portfolio? Do you use regulatory frameworks as a basis? As a target? Experience shows that these frameworks are an important starting-off point but should not be considered the targeted end-state.How confident are you that your controls will function correctly during a real attack? Time and time again, we see that having the controls does not mean they will work in a real emergency. If they don’t work as intended, is it because they’re not configured correctly? Or do you have a gap? Congratulations! You invested in getting the best of breed controls and the best talent to configure, manage, and monitor these. Now, how do you test your cloud environment? You know how to test your controls, but when should you do it? And how often? Most frameworks and best practices guidelines suggest you do so annually or when you make a major change to your environment, but how does the external threat landscape come into consideration? You now have the insights and data to show your controls will function in a real-world attack. How do you use this intel when talking to your board? Is it always doom and gloom or is celebrating successes equally important? This presentation makes a case for integrating continuous breach attack simulation as a practical approach to rationalizing your security portfolio. We examine the notion of abiding by the spirit of the compliance framework vs. the letter of that framework and discuss how you can get the most benefit out of your security controls through simulating real-world scenarios without risk to your environment. We then conclude with the positive impact that performing continuous breach attack simulation can bring to your communications up to the executive and board level.
Related topics:

More from this channel

Upcoming talks (9)
On-demand talks (929)
Subscribers (70993)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa