Name: Fix What Matters First: Bridging Code and Cloud Security
Start: 2024-05-15T09:00:00Z
End: 2024-05-15T09:00:20.000Z
Location: BrightTALK
Rating: 0

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights, a unique AI architecture, and open source Falco. Sysdig delivers live visibility by correlating signals across cloud workloads, identities, and services to uncover hidden attack paths. By knowing what is running, teams can prioritize the vulnerabilities, misconfigurations, permissions, and threats that matter most. From prevention to defense, Sysdig helps enterprises move faster and focus on what matters: innovation.

Sysdig. Secure Every Second.

With a staggering 34% of all GenAI workloads publicly exposed, the need for swift detection of active risk has never been more urgent. Security teams, especially SecOps, are under immense pressure to identify and mitigate threats to AI models and data without delay. 
Mounting compliance pressures, fueled by recent and significant regulatory actions, have put security teams on high alert. The need to detect, prioritize, and remediate risks in real time, correlating assets and leveraging runtime insights, is more pressing than ever.

Within the last six months, President Biden issued an executive order, the NTIA called for independent audits of high-risk AI systems, and the EU adopted the world's first legal regulation around AI. This all leads to security teams needing to detect, prioritize, and remediate active AI risk by:

- Detecting threats in real-time to prioritize the most critical risk to AI workloads and data
- Correlating AI assets with activity and visualizing risk with interconnected resources
- Leveraging runtime insights to identify in-use AI packages with the highest risk to prioritize the most critical vulnerabilities to fix first

Join this webinar to learn how to gain visibility into AI workloads, identify active risk and suspicious activity in real-time, and ensure compliance with emerging AI guidelines.

How to Safeguard  GenAI Workloads in Exposed Environments

Many organizations value speed and agility, which makes the cloud attractive. However, bad actors are weaponizing cloud automation and public access points to launch attacks in as little as ten minutes. In a constantly evolving arms race, generative AI is the next frontier that security teams must embrace to speed analysis and automate their cyber defenses. 

Join us as we discuss the latest in generative AI, debate its merits, and how it can be best used to save you time in risk analysis and improve your defenses. 


We dive into: 
- The impact of AI in cloud security - the good, bad, and ugly
- How to architect gen AI into your security stack
- Protecting your data and privacy when using Gen AI
- Discover how cloud security teams are using gen AI for today

Register now and don’t miss out on this opportunity to get ahead of this fast-moving technology trend. Take back key learnings on how to use gen AI to your advantage in securing your cloud environment in less time and wasted effort.

Generate This: Bringing AI to Cloud Security

Cloud has changed the way we develop, deploy, and scale apps. Traditional perimeter and end-point security does not address the distributed and ephemeral nature of cloud and has huge blind spots for adversaries to go undetected. Active cloud risk is the most imminent threat security teams need to address. Even purpose-built Cloud Security Posture Management (CSPM) tools, relying on point-in-time assessments, need to catch up in detecting and mitigating these active risks.

This SANS Spring 2024 CyberFest keynote addresses the distinction between static and active cloud risks, common tactics used in cloud attacks, and the new 5/5/5 framework that sets a new standard in detecting, prioritizing, and responding to active cloud risks and threats. Watch it for a live discussion and real-life examples from our experts from Sysdig and Amazon.

Active Cloud Risk. How to Combat the Most Critical Threats

In the cloud, two types of risk emerge static, encompassing misconfigurations and policy violations, and active, including user activity, dynamic config changes, and permissions. This tech spotlight will analyze static and active risk to prevent advanced cloud attacks, correlating events to prioritize imminent risks and mitigate real-time threats, and include a live demo showcasing strategies to combat active cloud risk.

Combat Active Cloud Risk in Your Environment

As organizations continue their digital transformation journeys, cloud security landscape is rapidly evolving. This panel discussion delves into the key changes and emerging themes in cloud security from 2023 into 2024, exploring the shifting attack and breach landscape, evolving areas of emphasis for cloud consumers, and the maturation of cloud security programs.

A central theme of the discussion is the convergence in managing cloud security posture, exemplified by the growing prominence of concepts like Cloud-Native Application Protection Platform (CNAPP), Cloud Infrastructure Entitlement Management (CIEM), and Data Security Posture Management (DSPM). Panelists will examine how this convergence is empowering DevOps, cloud engineering, and security teams to collaborate more effectively and integrate security seamlessly into the development pipeline.

Looking ahead, the discussion will explore anticipated changes in controls and services convergence, as well as the evolution of attack models and campaign strategies. Attendees will gain insights into the future direction of cloud security and strategies to navigate emerging threats, ensuring robust protection for cloud environments amidst ongoing digital transformation efforts.

Speakers: 
Anna Belak, Director, Office of Cybersecurity Strategy, Sysdig
Jamie Butler, Head of Runtime Protec. & Resp. Strategy, Sysdig
Microsoft’s Yuri Diogenes and  Preetham Naik

Moderated by Dave Shackleford, SANS Fellow

SANS CyberFest 2024 Keynote Panel: Cloud Security with Sysdig and Microsoft

Dive into our live solution demo as we unveil essential tactics for staying ahead of evolving threats. From mastering container image vigilance to preempting advanced attacks, we've got you covered. Gain practical insights into risk prioritization and event correlation, empowering you to defend against real-time threats confidently.

Ready to elevate your Google Cloud security game? Register now and arm yourself with the knowledge and tools to navigate the ever-changing threat landscape with confidence!

Fortify & Thrive: Elevating Your Google Cloud Security Game

Ten minutes. Ten minutes is all it takes for an attack to be executed in the cloud. In this new world of high speeds and higher stakes, every moment counts. Threats are evolving at a breakneck pace, made possible by the same agility and automation that drives business innovation in the cloud. It's vital that you embed security at every stage from ‘shift left’ to real-time threat detection.

The cloud demands new strategies, new technology, and new thinking. It demands security that is real-time, adapts to changing environments, and leverages cutting-edge technologies to defend against complex and never before seen threats.

Join us for one of our three sessions, where Suresh Vasudevan, CEO of Sysdig, will be joined by Arshad Aziz, Director, Platform Security, Verizon; and  Matt Stamper, Chief Information Security Officer (CISO), Executive Advisors Group for a conversation that delves into the core concepts and challenges of modern cloud security. 

Our panel will also share insights and best practices at every stage of the cloud journey including:
-  The Evolving Cloud Security Landscape: Understanding how the fast, dynamic nature of cloud threats work will equip you to develop proactive defense strategies.
-  Leveraging Emerging Security Technologies:  Discover the mission-critical role that next-generation approaches, including Generative AI, play in scaling cloud security at the unprecedented pace of business innovation.
Building Resilient Cloud Security Frameworks: Learn about integrating people, processes, and technology to create a comprehensive security posture and counteract the glaring security talent shortage.

Walk away with key insights and strategies to help you safeguard your cloud environment and turn time into your most valuable currency in the cloud.

Speakers
Suresh Vasudevan
Chief Executive Officer
Sysdig

Arshad Aziz
Director of Platform Security
Verizon

Matt Stamper
CISO and Executive Advisor
Executive Advisor Group

SECURE EVERY SECOND: A Fireside Chat

How do you mitigate a 10-minute cloud-native cyber-attack? Automation is your only chance. Did you hear about SOAR (Security Orchestration Automation and Response) in 2014? The technical innovation of public cloud infrastructure propelled it into relevance only ten years ago! Come and watch our industry experts show you how to do it so you can keep your cloud-speed business innovation secure from cloud-speed exploitation.
This event will specifically focus on:
- Industry thought leader perspectives on the ever-evolving cloud threat landscape and defense strategies.
- How to stop an actual attack within the 5/5/5 benchmark by harnessing automation with CNAPP and SOAR
- Security vision for 2024 through the lens of accurate customer data from the Cloud-Native Security and Usage Report 
CO-HOSTS:
Ron Eddings, Co-founder, Hacker Valley Media
Dave Shackleford, SANS Fellow
SPEAKERS:
Anna Belak, Director of Office of Cybersecurity Strategy
Mike Isbitski, Director, Cybersecurity Strategy
Crystal Morin, Cybersecurity Strategist

SOAR INTO 2024: Harness the Power of 5/5/5 Benchmark -Cloud Detection & Response

Join Saiyam Pathak, CNCF Ambassador, CK{A,AD,S}, and Author, on a journey to conquer the challenging CKA/CKS exams without anxiety in 2024. Gain insider tips from this seasoned expert to turn your goal of exam success into reality

Securing Success: 2024 Guide to CKA and CKS Certification

Secure Every Second

Shifting to containers accelerates application delivery, but tends to complicate security, visibility and compliance. DevOps teams are learning that they can’t solve these new business challenges with traditional approaches. Moving to cloud-native infrastructure brings about critical security issues that can be avoided with the right solutions in place.

In this session, we will discuss and demonstrate how three global companies avoided security and compliance issues using Red Hat® OpenShift® and Sysdig solutions to protect their businesses:

- A payment processing provider deployed image scanning for PCI compliance but found developers drowned in false positives. They needed a way to tune vulnerability detection inside CI/CD pipelines and see beyond OS vulnerabilities to avoid risk.

- Ford, one of the world’s largest automobile manufacturers, faced visibility issues with its rollout of stateful applications on Red Hat OpenShift. To meet security regulations, it needed to see inside containers to detect and stop threats.

- A large credit card company found compliance to be one of the hardest problems to solve in a dynamic environment. With containers living only seconds, how could the firm capture activity data for compliance audits and forensics?

Eric is Director of Product Marketing at Sysdig, focused on joint partner solutions. Prior to Sysdig, Eric led marketing for storage startup, Hedvig. He has also worked at tech companies including Riverbed and EMC. Eric holds a BA in Public Relations from Pepperdine University.

This webinar is co-hosted in partnership with Sysdig and Red Hat. As a result, both Red Hat and Sysdig  are collecting your personal data when you submit such information as part of the registration process above. 
For more information on each party’s privacy practices, please see: 
Red Hat’s Privacy Statement: www.redhat.com/en/about/privacy-policy 
Sysdig’s privacy policy: https://sysdig.com/privacy-policy

Solving Kubernetes security issues using Red Hat OpenShift & Sysdig

Multi-cloud’s time has arrived. According to recent surveys, 85% of organizations are working towards, or already working with, a multi-cloud architecture. What are the benefits multi-cloud can bring to your organization, and what do you need to know to ensure success?

Join this expert panel where cloud leaders from around the globe share insights and tips on how to overcome multi-cloud challenges so that you can reap the benefits - including increased reliability, flexibility and reduced DDoS attacks. 

Points of discussion will include: 
- Knowing which cloud provider is best for your workload
- How to navigate increased operational complexity, including standardization
- Understanding complicated cost models and billing
- Managing and implementing additional security and governance

Speakers: 
Diana Kelley, Partner, Security Curve
Chris Kranz, EMEA SE Manager, Sysdig
Mike Giacometti, Senior Product Manager, CloudHealth by VMware
Mohit Tiwari, CEO and Co-Founder of Symmetry Systems

Thriving in a Multi-Cloud World: Strategies for Success

The growth and adoption of Kubernetes for container orchestration and Prometheus for monitoring have made it easier to grow while monitoring your workloads. However, as you scale your AWS environments, your monitoring capability needs to keep pace. Ongoing maintenance, troubleshooting, and security become more difficult without having robust tools to help provide a centralized view of all the various services and applications.

Join AWS and Sysdig to learn:
- How to capture granular system information to troubleshoot outliers in your Kubernetes environments
- How to build robust and meaningful dashboards for all your AWS services
- How to reduce implementation overhead and maintenance for Prometheus exporters

AWS Observability 101: Kubernetes and Prometheus Monitoring with Sysdig

Amazon’s Managed Kubernetes Service (EKS) offers organizations flexibility as teams ramp up containerized applications in production. And yet, managing security risk for the workloads running on EKS is still the customer’s responsibility. To make your teams as productive as possible, you need to automate and merge security and compliance into the DevOps workflow.

In this webinar, we will review how the combination of AWS security controls with open-source and commercial tools from Sysdig can provide comprehensive security for your EKS workloads.

Join us as we share:
- 2019 AWS container survey highlights
- Security best practices for EKS
- How open-source tools like Falco provides runtime detection in EKS
- How customers have used Sysdig Secure to secure their AWS container environments
- Live demo!

AWS Security 101: Securing Amazon EKS with Falco & Sysdig

The evolution of technology presents innovation and challenges, in both public and private sectors. Legacy systems, workforce transformation, technical debt, security updates, infrastructure demands have all become common vernacular. Deciding what to prioritize and how to manage the changes can define the success of technology transformation and set the stage for future improvements. This webinar, featuring Emily Fox, NSA; Loris Degioanni, Sysdig; and Michael Ducy, Red Hat, seeks to identify technology best practices and DevSecOps collaboration. Join us July 7!

Emily Fox, DevOps Security Lead, National Security Agency @TheMoxieFox
Loris Degioanni, Chief Technology Officer and Founder, Sysdig @LorisDegio
Michael Ducy, Cloud Native Transformation Lead, Red Hat @MFDii

DevSecOps: What to focus on first? Harnessing Best Practices & Avoiding Pitfalls

Challenges abound when it comes to securing and monitoring containers, Kubernetes, and cloud-native applications across development and production. Most notably, scaling Prometheus monitoring beyond a few servers and applications presents issues when trying to troubleshoot problems that span multiple applications and clusters. We'll share our experience using Prometheus at scale, providing different solutions and highlighting the challenges to solve in each step.

Cloud Native Monitoring: Scaling Prometheus

With the release of Kubernetes 1.18, we saw 40 features and updates added. In a recent blog post we collated these together in one place so that you can learn what may affect your clusters and prepare for change. Now, we go one step further, inviting Alex Ellis, CNCF Ambassador and Open Source project founder to share his take on the changes.

We saw Alex’s in-depth article on the recent deprecations around “kubectl run” and asked him to pick four of his highlights to share with examples. Join this webinar as Alex covers the following areas and what you should do next:
- What’s the debug command do?
- How is Ingress changing?
- Why keep secrets as immutable?
- What’s going on with “kubectl run”?

Exploring Kubernetes 1.18 with Alex Ellis

Advancing Application Security Practices

Elevating API Security

The Blueprint to Secure API Design Through Effective Threat Modeling

Fortify Your APIs to Make Sure They're Battle Ready

The Latest in Application Security: Next-Gen Threats & GenAI’s Impact

Predictive Shenanigans: The New Wave of Application Threats

An Educational Perspective and Mitigation Strategy for Application Security

Organizations modernizing applications in the cloud find themselves drowning in vulnerabilities and security alerts. With too much noise and not enough time, teams need a better way to prioritize and address real risks to stay ahead of threats.

Join Sysdig for a discussion of how to boost your software supply chain security and address risk from development through production.

In this session we’ll cover:

-The latest cloud-native security risks and challenges

-How to better prioritize vulnerabilities and misconfigurations

-Using runtime signals to reduce AppSec noise up to 95%

-Detecting active cloud risk to protect against cyberattacks

-Improving outcomes with AppSec tools like Snyk, Checkmarx, and Docker

Fix What Matters First: Bridging Code and Cloud Security

Cloud Security

container security

cnapp

Vulnerability Management

Threat Detection

supply chain security

DevSecOps

appsec

Cyber Attacks

Vulnerabilities

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Fix What Matters First: Bridging Code and Cloud Security

Presented by

About this talk

More from this channel