Name: Top Ways to Abuse CI/CD and Reach Production
Start: 2023-11-07T17:00:00Z
End: 2023-11-07T17:00:33.000Z
Location: BrightTALK
Rating: 4.7

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

The rapid adoption of Generative AI (GenAI) is transforming industries, but it brings significant security challenges, especially with the rise of shadow AI. Rather than block GenAI usage, security teams need to implement robust guardrails to enable safe LLM adoption.

Join our expert-led webinar to explore:
• Shadow AI Risks: Understand and mitigate the dangers of unsanctioned GenAI usage.
• OWASP Top 10 for LLMs: Learn how to address emerging threats to data and AI security.
• Copilot Rollout Failures: Analyze examples of rollout failures and how to manage data entitlement risks.
• LLM Firewalls: Discover why these are insufficient alone and what additional measures are needed.
• Security Guardrails: Best practices for securely moving GenAI projects from lab to production.

This webinar is a must-attend for cybersecurity teams aiming to stay ahead to ensure safe GenAI adoption. Register now to learn how to transform from a reactive to proactive GenAI security approach.

From Shadow AI to Secure GenAI: Building Guardrails for Safe Adoption

In today's dynamic digital landscape, organizations face a myriad of challenges in securing their operational environments, which span diverse infrastructures, services, and applications across cloud and on-premises environments. Effective security strategies demand a comprehensive defense-in-depth approach, encompassing proactive security hygiene, posture management, preventive controls, and robust detection and response mechanisms tailored to combat evolving attack vectors.

As the threat landscape continues to evolve, attackers are increasingly adept at circumventing traditional security measures, underscoring the critical importance of detection and response capabilities. 

Join Drata and AWS on August 27th, as we dive into the latest research findings and practical insights to equip security professionals with the knowledge and strategies necessary to enhance their organization's cloud detection and response capabilities. By addressing these challenges head-on and adopting a proactive approach to cloud security, organizations can fortify their defenses against the evolving threat landscape while optimizing operational efficiency and resilience.

From Reactive to Proactive: Strengthening Cloud Security Posture

As we edge closer to 2030, compliance standards are evolving at an unprecedented pace. Join us for "Cloud Control: Scaling Compliance in Cloud Environments Like a Pro" to learn how to navigate these changes effectively. This session will cover the challenges of maintaining regulatory adherence in dynamic cloud infrastructures and how Continuous Controls Monitoring (CCM) and automation can transform your compliance approach. Gain insights into the integration of compliance as code into DevSecOps workflows, ensuring continuous compliance and security.

We’ll provide practical tips, detailed strategies, and real-world examples to help you streamline compliance processes, reduce manual efforts, and enhance efficiency. Hear from industry experts on the latest trends and technologies shaping the future of compliance. Learn how to prepare your compliance strategy for 2030 and beyond.

Cloud Control: Scaling Compliance in Cloud Environments Like a Pro

In this webinar, we’ll dive into the findings from 400+ cloud security pros and investigate why so many are struggling to optimize cloud security despite having adequate funding and multiple point-specific technologies now reaching mainstream.

The webinar will investigate insights such as:
• 85% struggle to prioritize cloud security events (and why)
• 87% have problems managing too many point-specific cloud security tools and data silos (what's the solution?)
• The most overlooked cloud security blindspot (spoiler: it's secrets scanning)
• The top 10 cloud risks and threats organizations face

While the current state of cloud security may be described as “suboptimal"—some may say “broken"—is reason for hope. Register for the webinar now!

2024 Cloud Security Report: From Insights to Action

Are you looking to develop a comprehensive cloud vulnerability management program? Register today for an insightful webinar where industry leaders will share actionable strategies, proven methodologies and practical tips for success. You’ll also gain valuable insights into identifying, prioritizing and remedying vulnerabilities in your cloud infrastructure to strengthen your overall security posture.

Key Takeaways:
• Understand the challenges of vulnerability management in the cloud.
• Learn best practices for effective vulnerability management.

Developing a Comprehensive Cloud Vulnerability Management Program

Following a comprehensive survey of 2,800 IT and security professionals across the globe, Prisma® Cloud's team unveiled intriguing findings in their 2024 State of Cloud-Native Security Report.

The report survey found that although 47% of organizations know about security risks associated with AI-generated code, 100% of respondents embraced AI-assisted application development.

Despite recognized risks, this unanimous adoption suggests a potential oversight in balancing innovation and security. Watch this webinar to learn how to:
• Secure the next generation of AI-powered applications to stay ahead of inevitable AI-powered attacks.
• Unveil critical cloud security hurdles and remain aware of obstacles in application development.
• Plan for the future of your organization with the latest expert insights on cloud native security.

Secure Your Applications: Learn How to Prevent AI-Generated Code Risk

In an era where cyber threats are increasingly sophisticated and frequent, traditional reactive cybersecurity measures are no longer sufficient. 

In this webinar, Certified SANS Instructor Jonathan Risto and Seemplicity’s CPO, Ravid Circus explore the Continuous Threat Exposure Management (CTEM) framework, which represents a transformative shift toward more proactive threat management. CTEM integrates threat intelligence, real-time monitoring, and predictive analytics to anticipate and neutralize cyber threats before they can exploit vulnerabilities.

This webcast will cover:
• CTEM’s core process steps. Learn about the five foundational steps of CTEM—scoping, discovery, prioritization, validation, and mobilization—and how they work together to enhance security.
• CTEM in practice. Discover how organizations can implement CTEM.
• Challenges and solutions. Explore common challenges in adopting CTEM—and the  strategies to overcome them.
• Strategic recommendations. Gain insights into best practices for a successful CTEM program.

Cybersecurity professionals and organizational leaders will learn how to shift from a reactive to a proactive cybersecurity strategy  and ensure their defenses are resilient against the ever-evolving threat landscape. 

Register now to gain valuable insights from industry experts and receive the associated white paper written by Jonathan Risto.

Advancing Cybersecurity with Continuous Threat Exposure Management

With the ever changing nature of IT and the rising number of cyber threats these days, IT teams are struggling to keep up without the help of automation. Despite that, over half of organizations (53%) cite security concerns as a significant barrier to using automation in endpoint management.* In this webinar, we’ll walk you through a 3 step guide on how to adopt safe automation that keeps your environment safe and up-to-date with a healthy balance of tech and human talent.

Join us to learn:
• A step by step guide to safe automation adoption
• Why automation is key to personal and organizational maturity
• What security certifications to look for in endpoint management tools

The IT Admin's Guide to Safe Automation

Join us as we dive into the results of the fourth annual State of Cloud-Native Security Report, commissioned by Palo Alto Networks. This study, which surveyed more than 2,800 cloud security professionals across ten countries, sheds light on the challenges organizations face and the strategies they employ to navigate the complexities of cloud security and AI risks.In this on-demand webinar, Stephen Giguere, Security Advocate at Prisma Cloud, covers the latest trends and insights shaping the future of cloud-native security:
• Although nearly half of organizations know about security risks associated with AI-generated code, 100% of respondents embraced AI-assisted application development.
• 47% of security professionals anticipate AI-driven supply chain attacks.
• 64% of organizations reported a substantial increase in data breaches.

Why you should watch:
• Gain valuable insights into the current cloud-native security landscape and industry trends.
• Explore the need for better risk prioritization in today's intricate cloud ecosystem.
• Address critical concerns surrounding AI-generated code, unmanaged APIs and the expansion of the attack surface.
• Learn actionable steps organizations take to secure data and rapidly deploy applications.
• Discover strategies for bridging the gap between security and development teams.
• Enhance readiness for AI-related security risks and integrate solutions into operational frameworks.

The State of Cloud-Native Security 2024

Understanding your cloud security posture does not necessarily mean understanding your data posture. Organizations adopting a Cloud-Native Application Protection Platform (CNAPP) to protect cloud-native applications are at risk of leaving data assets exposed. One such risk is shadow data resulting from dynamic changes to data pipelines and services across cloud service providers (CSPs) creating hidden repositories where the data is unknown, undiscovered, or unidentified. Due to the complexity of securing multicloud environments, this can pose significant security gaps leaving cloud teams in the lurch.

In this session, Terry Ray, SVP and Imperva Fellow, and Krishna Ksheerabdhi, VP of Product Marketing, Thales Data Security will discuss how organizations are overcoming these blind spots by effectively leveraging in-depth observability, meaningful analytics, and solid data protection practices to reduce data risk from information that drives business growth.

Join to learn:
• How the rapid growth of cloud-native applications is creating shadow data 
• Why CNAPP falls short for data security, posture, and sensitive data management 
• What challenges do organizations face in gaining complete visibility and control across on-premises and multicloud platforms
• How organizations are leveraging a data-centric approach to protect data at scale

Reining in Shadow Data: Move Beyond CNAPP

In today's generative AI landscape, traditional security techniques fall short in protecting modern AI applications. Cybersecurity teams need to understand the OWASP Top 10 threats specific to LLMs to effectively mitigate AI and data risks. While LLM Firewalls play a crucial role in protection, they are not sufficient on their own to address these threats. The rapid adoption of generative AI, coupled with the rise of shadow AI, use of sensitive data, unknown vulnerabilities, and emerging threats, presents significant security, privacy, and compliance risks.

Join our in-depth webinar to explore the top 5 AI security steps recommended to bolster your GenAI defenses. We will cover:
• Understanding AI and Data Security Challenges: Delve into shadow AI, OWASP Top 10 threats for LLMs, data mapping, and sensitive data exposure risks.
• Implementing LLM Firewalls: Learn to protect your prompts, data retrieval, and responses from attacks.
• Enforcing Data Entitlements: Discover how to prevent unauthorized data access in GenAI applications.
• Enforcing Inline Enterprise Controls: Find out how to safeguard sensitive data during model training, tuning, and RAG (Retrieval Augmented Generation).
• Automating Compliance: Streamline your adherence to emerging data and AI regulations.

Top 5 Steps to Mitigate OWASP Top 10 Threats

The data security dilemma needs to be addressed. Despite a ballooning cybersecurity spend of over $183 billion dollars in 2023, breaches increased by a staggering 78% in the same year. Threat actors increasingly take advantage of the misalignment between security and usability that companies are trying to balance with their data. Legacy solutions using access control and dynamic masking have not kept up with the advancements of our data and AI workloads. Finding a balance between data consumption and security risk is possible, and can deliver significant value. 

Join this webinar to hear about:
• Understand the interplay between data risk and consumption to deliver business value and improve your data security posture.
• Re-examine the role access control and dynamic masking solutions play in your data security strategy.
• Uncover new areas of opportunity to apply a risk-based consumption model into your organization.
Translate a zero-trust data segmentation model into business value and achievable dollar savings.
• Drastically reduce your data’s attack surface, risk of breach, double extortion, third party supply chain, and cloud & AI workload exposure.

A Data Security Dilemma: The Misperception of Data Protection in Cybersecurity

In ephemeral cloud environments, organizations often struggle to keep track of all their cloud resources, especially in expanding hybrid and multi-cloud environments with dozens or hundreds of users deploying applications into production.

Proper implementation and enforcement of tagging rules for cloud resources can help users keep track of their running workloads while ensuring consistent application of security policies.

However, as much as resource tagging can help organizations, the implications of an inconsistent tagging strategy are far-reaching. Risks include difficulties identifying resource owners, inflated costs due to unidentified and unused/zombie resources, and potential vulnerabilities within stale, unpatched workloads.

Join this session to understand why tagging is a critical component of cloud security and how adopting Policy-as-Code and automation can help mitigate issues caused by inconsistent tagging. Presenters will dive into the best practices for building a tagging strategy and how you can implement them using a cloud-native application protection (CNAPP) tool.

Tagging Strategies for Cloud Security Success

Enterprises are accelerating cloud migrations, building business resilience, and enabling hybrid work by adopting zero trust (ZT) architectures. According to the “Security Outcomes for Zero Trust” report by Cisco, 86% of respondents report that they have already started a ZT implementation. 

Traditional ZT implementations are focused on securing user access TO applications using zero trust network access (ZTNA). However, as businesses increasingly rely on SaaS applications for their operations, security teams find that traditional ZTNA implementation often overlook critical gaps at the application and data level. These gaps include misconfigurations in access controls, unchecked privileges, data leaks, and overlooked third-party integrations. 

Zero Trust Posture Management (ZTPM) extends the zero trust architecture beyond the network to SaaS applications and data. Join AppOmni CTO, Brian Soby on Tuesday, June 18, 2024 to learn the ZTPM principles that secure THROUGH applications to create an end-to-end ZT architecture. See how to achieve:

1. Standardized least privilege access across your SaaS applications 
2. Continuous monitoring and closed loop ZT implementation
3. Granular access decisions to prevent privilege misuse
4. Dynamic policy enforcement to reauthorize users based on context and behavior
5. Configuration assurance to prevent drift and ensure compliance

Bolstering SaaS security with Zero Trust Posture Management

Are you thinking about data and AI security in 2024?

Growing data volumes, increased regulation and the shift toward AI make it difficult for organizations to understand which sensitive data they hold, who can access it and where it's exposed. To regain visibility and control, organizations are exploring data security posture management with data detection and response.

In this webinar, you'll learn:

• Why the cloud creates a new attack surface that is inherently difficult to protect.
• The security and compliance risks that stem from unprotected data and AI infrastructure in the cloud.
• An introduction to DSPM and Dig Security, which was recently acquired by Palo Alto Networks.
• How agentless tools allow you to see a full picture of data risk in your environment within 24 hours, without impacting other business operations.
• Getting started with data discovery and classification.
• Monitoring data and responding to incidents in near-real time.

Stay one step ahead of data risk in 2024 to prevent costly breaches and compliance violations. Explore DSPM and DDR technologies and how they can help you discover, classify, protect and govern all your data across the different cloud environments.

Protecting Data and AI in 2024: What CISOs Need to Know

Security automation brings a world of efficiency, saving man hours, reducing costs, and decreasing risk of data exposure. When done right, security automation streamlines manual and time-consuming tasks into automated workflows for the security operations team, making network security processes more efficient and less prone to human error. With enhanced efficiency, faster decisions can be made, improving an organization's entire security posture. 

Exposure management provides a broad view across the entire attack surface so organizations can better understand their cyber risk and prioritize critical business decisions. But what if this could be automated. Security teams would gain visibility into what their attack surface looks like and where they have the greatest risk. IT and security teams would be better positioned to work together to address cyber risk from both a technical and business standpoint. 

In this panel, Gal Nakash, Chief Product Officer at Reco, a SaaS security solution sits down with Denisa Nine, Senior Program Manager at UiPath, a software automation provider to discuss the role of security automation in protecting against the greatest risks that could lead to a breach, how it can be used to tackle over-privileged SaaS access and what the future of automation might hold.

Tackling Over-Privileged SaaS Access with the Power of Security Automation

Living off the land (LOTL) cyber attacks have gained attention as a significant and growing threat to global security, exploiting everyday tools within your network to conduct malicious activities undetected, sometimes for years. The adoption of LOTL techniques by state-sponsored groups and independent actors is increasing, posing serious risks to critical infrastructure worldwide. Of course, LOTL won’t be the last innovation by bad actors, so by understanding and addressing these threats proactively, organizations can develop scalable strategies to bolster their defenses and maintain resilience into the future.

Register for the webinar on June 10th at 10:00 AM PT to join Ravid Circus, CPO of Seemplicity, and Dave Beabout, Global CISO at NTT Security Holdings, as they discuss LOTL attacks and delve into effective strategies that CISOs can implement to safeguard their organizations now, and going forward. In this conversation we will:

• Review the Geopolitical Landscape: Understand the role of LOTL attacks in the geopolitical landscape.
• Understand LOTL Techniques: Explore how these techniques are employed, their evolution, and future implications.
• Outline How to Build Organizational Resilience: Priority considerations for maintaining good cybersecurity hygiene when combatting LOTL and other advanced threats. 

Join us to equip yourself with the knowledge and tools to tackle one of the most insidious forms of cyber threats facing organizations today.

Navigating Modern Cyber Threats: Strategies to Overcome LOTL and More

In this era of breakneck advancements in AI, enterprises face the challenge of harnessing the power of AI, while safeguarding sensitive data and models. This webinar explores how Model Serving works with Confidential AI Clean Rooms to ensure that enterprise AI initiatives are secure, performant, and successful. 

AI and ML systems have countless components, which may be vulnerable and hard to manage. Using an AI inference platform enables enterprise AI teams to build fast, secure, and scalable AI applications. By combining an AI inference platform with Confidential AI Clean Rooms, you can add the benefits of Confidential Computing, a revolutionary technology that provides a hardware root-of-trust and protects the entire system and all of its components. 

Your models and data should reside within your cloud account with full visibility and control over the compute resources and network access. When the entire system is deployed in your own infrastructure, it ensures that data and models are never exposed to external access or third-party SaaS vendor risk. 

Join Anjuna and BentoML to see practical strategies to protect AI processing and collaboration workflows. You will learn how enterprises can embrace AI innovation with resilience and confidence, unlocking new opportunities.

Secure AI at Scale: Model Serving with Confidential AI Clean Rooms

As organizations reduce their attack surfaces with tooling and best practices, bad actors are looking for new attack vectors so they can reach mission-critical systems. One increasingly popular attack vector involves targeting the software delivery process itself by abusing CI/CD pipelines to execute attacks such as malicious code injection. When you build and iterate on your CI/CD security strategy, it’s important to get inside the mind of an attacker who’s looking to gain access to your systems. So how do bad actors think about CI/CD pipeline-based attack paths? Tune in to this webinar and learn from our CI/CD security expert, Omer Gil, as he walks through:

• The most common type of CI/CD-based attack — poisoned pipeline execution (PPE)
• How bad actors can bypass required pull request (PR) reviews
• Why bad actors prefer PPE attacks over traditional attack paths
• And more!

Top Ways to Abuse CI/CD and Reach Production

Application Security

Cloud Security

Cloud

DevOps

Cyber Security

Information Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Top Ways to Abuse CI/CD and Reach Production

Presented by

About this talk

More from this channel