Name: How to Optimize Security Controls for DevOps
Start: 2018-05-30T20:40:00Z
End: 2018-05-30T21:32:50.000Z
Location: BrightTALK
Rating: 0

CloudPassage Halo is the only workload security automation platform that offers on-demand delivery of security controls across data centers, private/public clouds, virtual machines and containers – at speed and scale. Unlike traditional security systems, Halo and its robust APIs integrate with popular CI/CD toolchains and processes, providing just-in-time feedback to fix vulnerabilities early in the development cycle. This lets DevOps teams operate efficiently while providing security teams the validation they require. Halo easily integrates with popular infrastructure automation and orchestration platforms, allowing Halo to be easily deployed to continuously monitor the security and compliance posture of workloads.

As consumption of cloud services increases, security teams struggle to maintain visibility of the cloud assets in use across multiple environments throughout the enterprise. In fact, 43% of security pros say lack of visibility into cloud environments are their biggest operational headache. Cloud defenders struggle to answer two simple, but important questions: what do I have, and is it secure? The only way to answer these critical questions is with comprehensive security visibility of your AWS public cloud environments.

Join us for this webinar to learn how to regain security visibility across all of your AWS accounts and how to:
- Automatically discover all of your AWS assets in use across accounts, services, and regions
- Reduce your attack surface by identifying and remediating security issues
- Find and respond to hidden risks by assessing both the control plane and compute plane

Eliminating Security Blind Spots in your AWS Environments

IT environments have gotten markedly faster, helped by technologies such as public and private clouds, and automation tools. As a result, maintaining compliance with regulations such as PCI, HIPAA, SOC2, etc has become much more difficult if you continue to use old-style compliance thinking and tools. 

In this webinar, you’ll learn the friction points caused by old tools and the new best practices that will allow you to maintain compliance in any environment, no matter how fast-paced.

Meeting Compliance Regulations in Cloud Environments

According to the 2017 Cloud Security Spotlight Report, the top three security headaches for IT and Security Professionals are:
- Visibility into infrastructure security
- Compliance
- Setting consistent security policies

Enterprises that are subject to regulations such as PCI, HIPAA, SOC2, SOX have traditionally used a variety of IT controls to prove compliance with these regulations. While each regulation is different, the typical requirements include strong access controls, continuous monitoring and logging, and an accurate inventory of systems where sensitive data resides.

In this webinar, you will learn how automation will be a key to scaling compliance policy assignment, providing visibility, and deploying wherever it is needed - be it in a data center, public cloud, or private cloud.

Automated Compliance. Anywhere, Anytime.

As with the introduction of any new technology, a majority of organizations fall into the “early adopter” or “intermediate” maturity categories for deploying Dockerized apps in production. In addition to development and deployment best practices, these organizations are also trying to determine how to meet the security and compliance requirements for Docker images and containers. 

In this webinar, we will explore the architectural differences with containers and some best practices to securing them. In particular, we will discuss how security needs to be integrated into your DevOps pipeline to provide a complete solution.

5 Tips to Secure Docker Containers

The rise of continuous development and deployment methods like DevOps have brought speed and quality benefits, but they have put a huge strain on security organizations. Traditional server security tools are not built for automated deployment. They typically require manual configuration before they can be put into production. This slows down the DevOps cycle and increases the risk of configuration errors. 

While some of the DevOps tool sets include basic configuration security checks, this feature by itself is just a small part of all the security controls that most enterprises need. This webinar will cover:

- How to secure DevOps and cloud deployment
- Automating and embedding security throughout the process
- Monitoring and management in production
- Metrics and audit compliance

DevSecOps and the Cloud Security Gap

Online security threats and defenses are evolving at a breakneck pace, but methods for developing business applications are evolving even faster. This rapidly-changing app environment brings new challenges for information security. Learn how your enterprise can combine emerging app development methods, cloud services capabilities, and new security practices to create a fast and more secure application environment.
 
View this webinar from Dark Reading and you will:

- Learn how application teams can build security into their development processes
- Get ways to implement new, faster methods for creating and deploying new applications
- Explore how to detect and eradicate software vulnerabilities in changing applications being deployed over a cloud infrastructure
- Discover how enterprises use the cloud to speed the implementation of secure application development

New Best Practices in Secure Application Development

Modern IT infrastructures are highly elastic, dynamic and automated. But, maintaining continuous visibility and protection over your workloads can be a real challenge. According to a recent report, cloud investment continues to grow over 20% annually as organizations are looking for faster time to deployment, scalability, reduced maintenance, and lower cost. Traditional security tools don’t work well in these environments, and that consistently worries IT and security professionals.

Learn how to overcome these limitations and:

- Provide deep cloud security visibility
- Automate security for the agile enterprise
- Reduce cloud attack surface
- Reduce costs & improve efficiency of cloud security

How to Protect Workloads in the Cloud

Containerization has been with us for more than a decade, but recently has been exploding in popularity with the introduction of Docker in 2013. Containers create old advantages to new technologies by displacing the inefficiencies of virtualization and bringing speed and scalability to cloud-centric applications. 

Join Cybersecurity expert Amit Gupta, VP Product Management at CloudPassage for this crash course in designing a security architecture for your containerized applications. He will use real world examples to highlight:

- How containerized applications are different from traditional virtual-machine based applications
- New security implications and attack vectors
- A security design pattern for your containerized applications

A Crash Course in Designing a Security Architecture for your Containerized Apps

There was a time when IT infrastructure took months to develop and deploy, and security and compliance teams had time to configure and release security controls in parallel. But if you want to keep up with the pace of business today, that won’t cut it.

Today’s high-performing teams deploy on demand or multiple times per day, and they can deploy changes to production in less than an hour. Servers themselves may exist for less than an hour. This rapid pace is leaving security teams behind. And the massive gap between code being deployed within hours and security projects taking weeks puts companies at risk.

It’s time for a new approach to securing DevOps.  Watch now and learn how the Puppet module for CloudPassage Halo can help your security teams keep pace with the demands of the modern, agile enterprise.

Puppet + CloudPassage = New Approach to Securing DevOps

As more organizations are moving their applications to be hosted with various Infrastructure as a Service providers, security teams have a whole new list of security concerns. But are those worries warranted? Should the perceived loss of control be the at the top of things to worry about?

View this webinar featuring Sami Laine, Principal Technologist for CloudPassage and James Hilliard, Editor of CSO, as they discuss:

- Real life data on what your peers are worried about 
- Top security worries that really shouldn’t be any cause for concern 
- Areas to focus resources and prioritize to minimize risk

The True Security Risks of IaaS: Don't Worry About the Wrong Things

Organizations that are transitioning from a traditional data center to an on-demand IT environment, such as Amazon AWS, are quickly finding that automating and scaling comprehensive workload security is nearly impossible. Traditional server security tools and practices fail to keep up the pace. 

Join this webinar, hosted by security experts from Amazon, CloudPassage and Xero, to learn:

 - Best practices for maintaining server security in the world of fast-paced IT deployment
- How you can align security deployment methods with IT deployment methods
- Key considerations for architecting your infrastructure to scale quickly and securely 

Hear about the real-world experience and key learnings of Xero as they transitioned to the AWS Public Cloud and looked to scale.

Best Practices for Scaling AWS Instances with Comprehensive Security

The adoption of agile IT service delivery models presents new cloud security challenges for many organizations. The trend is requiring security teams to support a far greater number of software code releases than previously, and the life cycle of how often developers push code out into production has become exponentially shorter. The speed needed to secure and react to business requirements is really putting pressure on security teams.

Attend this webinar to learn:

- Best practices for security to keep pace with innovation in mixed infrastructure environments 
- Why using existing security tools in agile infrastructure will put the brakes on critical projects 
- Key attributes you should plan for when making your security plan future-proof

Cloud Security and the Need for Speed

This webinar brings together leading IT security executives from a variety of industries and will focus on several areas, including: 

- Best practices for developing, delivering and integrating agile methods into security workflows 
- Leveraging automation to boost security in legacy environments as well as to keep up with next-generation technology initiatives 
- Achieving frictionless, ubiquitous security visibility across hybrid and multi-cloud environments 

Our very own Co-founder and CTO, Carson Sweet, discusses the security challenges and opportunities presented by agile & cloud-based application delivery. Panelists include: 

Frank DePaola, Cybersecurity Operations Leader, GE Appliances
Sean Lowder, Vice President & CISO, BlueCross BlueShield of Louisiana
Maxime Rousseau, CISO, Personal Capital

IT SECURITY EXECUTIVE PANEL: How to Fearlessly Embrace Agility in IT Security

Containerization is a rapidly growing trend in application hosting infrastructure. There are a number of guiding principles and best practices for building container images. We downloaded and analyzed thousands of the most popular images on Docker Hub - curious to know how community-built images are constructed, and if the most popular ones adhere to these best practices and what surprising security issues surfaced. 

View Part 2 of this 2 part webinar mini-series, where we do a deep dive to uncover:

- Best practices for reducing vulnerability exposure in Docker environments
- Processes that enable secure application delivery with Docker
- What to look for when selecting container security automation tools

Part 2 – Reducing Vulnerability Exposure in Docker Environments

Containerization is a rapidly growing trend in application hosting infrastructure. There are a number of guiding principles and best practices for building container images. We downloaded and analyzed thousands of the most popular images on Docker Hub - curious to know how community-built images are constructed, and if the most popular ones adhere to these best practices and what surprising security issues surfaced. 

View Part 1 of this 2 part webinar mini-series, where we do a deep dive to uncover:

- Common practices to avoid when publishing container images
- How to build better performing containers
- What to look for in community images before incorporating them into your environment

Part 1 What You Need to Know About Popular DockerHub Images

New Common Vulnerabilities and Exposures (CVEs) are released often leaving infrastructure at risk of compromise. Watch this webinar for a discussion of how to automate infrastructure security including a real world example where a critical CVE will be discovered in a build job, the base image will be patched and the fix will be confirmed.

Automated Infrastructure Security with a Practical Example

Security and DevOps have been seen as being at odds in many organizations. The business need for increased productivity and ability to respond to customer needs are accelerating the adoption of DevOps methods, but security organizations have had difficulty integrating into this flow.  

Join us for a practical look at how adopting security tooling built for automation and orchestration can enable Continuous Integration and Continuous Delivery without security compromises.

Real DevSecOps for the Security Practitioner

The widespread adoption of DevOps and agile IT delivery systems presents new security challenges. Developers need security tools that are integrated with their build processes so they can test the integrity and security of their applications within minutes. Similarly, infosec managers need security tools that automatically discover and protect new applications as they are delivered via rapid automation and elastic processes. But traditional security tools don’t do either of these things.

Watch this webinar to learn: 

- Why trying to use traditional security tools in DevOps environments will slow down both developers and security operations
- Key attributes you should be thinking about to make your security plan future-proof
- Where can security automation be applied to better align security with DevOps delivery models

How to Optimize Security Controls for DevOps

IT Security

Security as a Service

DevOps

Agile IT

Cloud

Cloud Architecture

Cloud Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How to Optimize Security Controls for DevOps

Presented by

About this talk

More from this channel