Name: The /555 Benchmark: Challenge Cloud Attackers with Faster CDR
Start: 2024-05-23T14:17:00Z
End: 2024-05-23T14:17:52.000Z
Location: BrightTALK
Rating: 0

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights, a unique AI architecture, and open source Falco. Sysdig delivers live visibility by correlating signals across cloud workloads, identities, and services to uncover hidden attack paths. By knowing what is running, teams can prioritize the vulnerabilities, misconfigurations, permissions, and threats that matter most. From prevention to defense, Sysdig helps enterprises move faster and focus on what matters: innovation.

Sysdig. Secure Every Second.

In today’s rapidly shifting cybersecurity landscape, the rise of open-source software (OSS) tools has dramatically altered cyber adversaries' tactics. Understanding how attackers leverage these tools and how you can use them to improve your organization’s security posture is crucial for building effective defense strategies.

Join Sysdig's Cybersecurity Strategist, Crystal Morin, and Alessandro Rizzo from the Sysdig Threat Research team for an insightful fireside chat. We will explore the sophisticated use of OSS tools in modern cyberattacks and gain a deeper understanding of how threat actors are reshaping their strategies and increasing the scale of their operations through OSS technologies.

Key topics include:
The Evolution of Cyber Threats: Discover how cybercriminals are shifting from traditional attack methods to more advanced, scalable tactics with OSS tools.
Inside the Attacker’s Toolkit: Explore the most popular OSS tools used by cyber adversaries today and how they exploit vulnerabilities in their targets.
Case Studies and Real-World Examples: Analyze incidents like the CRYSTALRAY and PURPLEURCHIN attacks to understand how OSS tools are critical in high-profile cyberattacks.

Defensive Strategies: Learn about cutting-edge OSS tools and techniques for detecting, preventing, and responding to threats in an environment where attackers increasingly rely on OSS tools.

This fireside chat is ideal for cybersecurity professionals seeking to understand the evolving threat landscape or those curious about the role of OSS in modern cyberattacks. Don’t miss this opportunity to stay ahead of the game and enhance your defense strategies against ever-evolving threats.

The Evolution of Cyber Threats: How Open Source Tools Are Changing the Game for Better and Worse

Within a single cluster, various apps, languages, and origins converge, often shrouded in mystery. But you don't need to fear the unknown. This session will focus on securing complex and diverse cloud environments that host many different applications from multiple sources, making them challenging to manage and secure.

Join us where Bruno da Silva, Senior Solutions Engineer Sysdig and expert in container security, will guide you through these complexities within clusters. The session will cover critical security practices, such as:
1. Combating drift: Ensuring systems and applications remain consistent with their intended configurations and don't deviate over time. 
2. Warding off malware: Protecting the system from malicious software.
3. Halting breaches: Responding swiftly to security breaches to prevent further damage.

Whether it's combating drift, warding off malware, or swiftly halting breaches, discover how to secure the Multiverse and steer towards the path of optimal remediation.

Navigating the Multiverse: Crafting Effective Remediation Strategies for Diverse Application Ecosystems

Imagine having an AI cloud security analyst capable of multi-step reasoning helping you to understand cloud threats better, make faster decisions, and stop attacks in their tracks.

Now, with Sysdig Sage™, it’s a reality.  

Until now, AI security assistants have only been capable of providing basic responses to queries. This is insufficient for understanding cloud attacks. 

Join us for a tour of Sysdig Sage™, where you will see its powerful and unique capabilities in action, including:
  -  Multi-step reasoning: In-depth conversation is needed to understand runtime events clearly.
  -  Contextual awareness: responses based on what you observe in the UI. 
  -  Guided response: proactive response actions, prevention strategies, and process improvements.

AI-Powered CDR in Action: A Technical Tour of Sysdig Sage™

As cloud-native environments evolve, robust and timely security measures become imperative. You only have a few minutes to find and address active risk to protect against exploits. Tools alone are not enough. You must also adopt new skills and mindsets about security. The 5/5/5 Benchmark sets a new standard for cloud security agility, aligned with the current pace of cloud‑native growth. Join AWS and Sysdig for a discussion of how to equip your teams with speed, agility, and automation to achieve faster cloud and container threat detection and response.

Secure Containers at Cloud Speed with Sysdig and AWS

In today's cloud security landscape, Cloud Detection and Response (CDR) plays a pivotal role in safeguarding enterprise environments against sophisticated cyber threats. Interestingly, the classic game "Guess Who?" offers a surprisingly apt metaphor for understanding the principles and processes underpinning CDR. "Guess Who?" involves players deducing their opponent's chosen character through a series of yes-or-no questions, systematically narrowing down possibilities based on observable characteristics. Similarly, CDR involves identifying and responding to security threats by continuously monitoring cloud environments, analyzing data in real-time, and employing investigative techniques to filter out benign activities from potential security incidents. Both rely on a process of elimination, pattern recognition, and strategic questioning to reach a conclusive identification. 

In this session, we walk through what a game of “Guess Who?” would look like in the cloud. We highlight how real-time detection, strategic investigation, and data-driven decision-making are critical for security operation teams to assess and respond to cloud threats at cloud speed.  

(Replay from Black Hat USA 2024)

"Guess Who?" The Cloud Detection and Response Board Game

AI has sparked imagination and innovation in the business world. AWS solutions like Amazon Q and Amazon Bedrock are helping organizations of all sizes build generative AI applications that deliver new customer and employee experiences. At the same time, AI represents a new frontier for risk as bad actors exploit the same technology to automate and accelerate cloud attacks. Enterprises must find ways to protect their AI implementations and leverage the power of AI to augment defense.

Join us to discuss how generative AI (GenAI) and Large Language Models (LLMs) are changing the cloud security landscape. We’ll explore how to secure your AI deployments to safeguard sensitive information and delve into the state-of-the-art for employing AI to boost the effectiveness of your cloud security teams in the face of evolving threats.

- Implementing AI workload protection to identify and manage active AI risk
- Keeping up with emerging AI governance and compliance regulations
- Harnessing AI to empower teams and accelerate response to cloud threats

Take advantage of this opportunity to learn how to turn the tide in the battle of AI for good versus evil in cloud security.

Good vs. Evil: Cloud Security in the Age of Generative AI

When cloud attacks happen at lightning speed, security teams have only minutes to react. Evolving threats and threat actors challenge even seasoned professionals, but the power of artificial intelligence (AI) is transforming the way we work. 

In this webinar, Sysdig founder and CTO Loris Degioanni will discuss how AI-driven technology is changing the industry and helping security teams better understand threats and stop known and unknown attacks in motion with capabilities like: 
  -  Multi-step reasoning 
  -  Contextual awareness
  -  Guided response

Experience Sysdig Sage in action as Loris gives a simu-live demo and answers your burning AI-related questions directly.

Outpacing Cloud Attackers with GenAI:  Advanced AI Strategies for Rapid Threat Detection and Response - APAC

In this session, we explore the evolving landscape of cloud security and the growing need for robust detection and response capabilities.

Traditional prevention methods are insufficient as cyber threats become more sophisticated and aggressive. Defenders must focus on real-time detection and response to intercept attacks as they happen.

Introducing Sysdig Cloud Identity Insights, a new feature to help security teams quickly identify and respond to compromised identities. This tool detects the early signs of privilege escalation and account compromise, correlating suspicious activities with user accounts to provide critical context for swift action.

During the interactive deminar, participants learned practical strategies to utilize identity behavior analytics for early detection in the attack chain, enhancing their ability to disrupt threats before they escalate.

The session will highlight  how Sysdig’s approach enables organizations to effectively counter modern cyber threats, ensuring faster, more efficient threat response.

Cloud Identity Insights: Stop Compromised Identities in Minutes

When cloud attacks happen at lightning speed, security teams have only minutes to react. Evolving threats and threat actors challenge even seasoned professionals, but the power of artificial intelligence (AI) is transforming the way we work. 

In this webinar, Sysdig founder and CTO Loris Degioanni will discuss how AI-driven technology is changing the industry and helping security teams better understand threats and stop known and unknown attacks in motion with capabilities like: 
  -  Multi-step reasoning 
  -  Contextual awareness
  -  Guided response

Experience Sysdig Sage in action as Loris gives a live demo and answers your burning AI-related questions directly.

Outpacing Cloud Attackers with GenAI:  Advanced AI Strategies for Rapid Threat Detection and Response

Mastering Compliance in the Face of Fast-Evolving Cyber Threats

In an era of fast-evolving cyber threats, the European Union has raised the bar with two groundbreaking regulations: the Digital Operational Resilience Act (DORA) and the revised Directive on Security of Network and Information Systems (NIS2). These new rules demand stricter compliance controls and prompt breach disclosures, redefining how businesses must tackle cyber risks.

Overwhelmed by These Changes? You're Not Alone

Watch our exclusive on-demand webinar to gain critical insights and see how Sysdig can empower your organization to not just comply but thrive in this new regulatory landscape.

What You'll Get:
  -  An in-depth overview of the key elements of DORA and NIS2 and what they mean for your business operations
  -  Discover why Sysdig - the first Cloud-Native Application Protection Platform (CNAPP) offers ready-made NIS2 and DORA policies that help
  -  A live demo showcasing how Sysdig's platform simplifies compliance management
  -  Practical steps to reduce compliance costs, mitigate risks, and gain a competitive edge

Don’t miss this opportunity to stay ahead of the curve. Secure your spot today and lead your organization to a compliant and secure future.

NIS2 and DORA: It’s in the Box!  Automating NIS2 and DORA Compliance with Out-of-the-Box Policies from Sysdig

For businesses innovating with containers, every second counts. These environments present new attack surfaces for cybercriminals eager to exploit known security gaps in cloud-native settings. Sysdig is partnering with Docker by integrating Sysdig runtime insights into Docker Scout to help developers prioritize vulnerability risk and move faster.

Designed for developers and security professionals, Sysdig and Docker invite you to join our upcoming live webinar to learn use-cases:

- How to identify, prioritize, and fix security issues across the software supply chain to prevent unnecessary breaches
- How to cut through the vulnerability noise using Sysdig Runtime insights
- Hear best practices for accelerating cloud-native application delivery

_______________________________________
This event is co-hosted in partnership with Docker and Sysdig. As a result, both Docker and Sysdig are collecting your personal data when you submit such information as part of the registration process above. For more information on each party’s privacy practices, please see: 
Docker: https://www.docker.com/legal/docker-privacy-policy/
Sysdig: https://sysdig.com/legal/privacy-policy/

Both may use your personal data to inform you about its products, services, and events.

Unlock Security Efficiency with Sysdig and Docker

TECHSTRONG CLOUD NATIVE NOW SUMMIT KEYNOTE:

Enterprises increasingly embrace cloud-native technologies to significantly improve speed, cost efficiency, scalability, and innovation. The rapid adoption of cloud technologies—from containers to generative AI—alongside the proliferation and sophistication of modern cyber threats introduces intricate security and compliance challenges.

While tools designed for cloud-native environments offer support, more than relying on technology is required. In this evolving landscape, there needs to be a tolerance for visibility gaps or delays in response. Cultivating new mindsets and acquiring new skills is imperative to manage these challenges effectively.

Join Sysdig and AWS for an insightful discussion on crafting a robust cloud security detection and response plan. Gain valuable insights into navigating the dynamic security environment, adhering to emerging secure operational standards such as the /555 cloud security benchmark, and empowering your organization to accelerate its cloud security initiatives.

In this session, you will learn:
- Strategies for enhancing visibility and response capabilities in cloud environments.
- Best practices for adapting to the changing security landscape.
- Key considerations for meeting evolving compliance requirements.
- How to leverage cloud-native tools alongside new skills and mindsets for effective security management.

KEYNOTE: Fast and Fearless: Secure Innovation at Cloud Speed

Almost every cloud breach in recent years has taken advantage of mismanaged permissions, secrets, and identities. This session will dissect 8 real cloud breaches where attackers exploited insecure identities, each scenario unveiling unique insights, intriguing facets, and advice to mitigate similar risks. Themes include: Ownership of identity posture b/w Dev, Ops, & Sec is often unclear, leading to mistakes that stem from going fast. Automation tech, serverless functions, & cloud-native activities require authentication. Often, this is poorly managed, e.g., leaving secrets/credentials exposed in S3 state files (Human/machine identity management). MFA abuse through social engineering still works well. SaaS apps are huge attack surfaces, with credentials left everywhere: repos, Github, AD, and Slack. We will specifically highlight something interesting in each scenario and provide a key takeaway that is more useful than “lock your stuff down.”

IAM Confused - Analyzing 8 Identity Breach Incidents

In recent months, attackers have targeted large political and sporting events, taking advantage of human error and major organizations’ cloud environments. Cyber attacks are more sophisticated than ever before, and due to the commonality of cloud-native technologies and services, detecting potential threats has become more difficult.

Cloud attacks are fast, and attackers can inflict critical damage on an organization in minutes. DevSecOps teams are progressively trying to keep pace with the many layers of increased complexity in their cloud estates. Once an organization is subject to an attack, they have approx. 5 sec to detect, 5 mins to correlate data, and 5 mins to respond before the damage is done. We are witnessing DDoS and MFA attacks on a global scale more frequently. All organizations are subject to large numbers of vulnerabilities, but not all pose an immediate risk. Using threat intelligence can improve future operations, preparation, and deterrence.

In this interactive session, Graham Cluley, podcaster and independent cybersecurity analyst, and Jonathan Care, expert cybersecurity advisor and former Gartner analyst, will discuss past and present cybersecurity concerns on global events such as the Olympics and elections, some of the more recent attacks to hit the headlines, the common challenges faced by DevSecOps teams in these cases, and strategies to overcome these hurdles effectively. Join our expert panelists addressing specific concerns and providing actionable advice.

Discussion points

Real-World Hack Stories: recent security breaches
Olympics, elections, and global events
Challenges in DevSecOps. Common obstacles faced by teams in integrating security with DevOps
Strategies for Overcoming Challenges: Best practices for fostering a security-first culture

Off-Track or On-Target: Paris Olympics, Global Elections, and Cyberattacks

In a security breach, employing well-defined DFIR techniques becomes imperative to effectively mitigate the incident's impact. However, with the spread of the adoption of containers, the employment of DFIR processes and capabilities is not just complex but is increasingly so. Join us in an insightful session covering cutting-edge DFIR practices on container environments. After a short overview of the essence of DFIR, we'll direct our focus towards various advanced DFIR techniques within a Kubernetes environment, which can prove highly beneficial in the event of a compromise. Starting from how to checkpoint compromised apps and restore them in a sandboxed environment for further analysis, we will move to conducting memory forensics on container evidence using old-style open-source DFIR tools. At the end of the presentation, the audience will be familiar with the advantages and disadvantages of the latest DFIR capabilities and have the basics to understand how to use them.

CSI Forensics: Unraveling Kubernetes Crime Scenes

Organizations embracing Cloud Native architectures require rapid and effective security measures. This keynote underscores the shift to open source in security operations and the importance of meeting the 555 Benchmark: 5 seconds to detect, 5 minutes to triage, and 5 minutes to respond to cloud threats. It highlights redefining processes and harnessing human intelligence and automation within an open-source ecosystem for cloud security

KEYNOTE: What can you do in 5-Mintues?

Have you ever woken up at night wondering why a parasitic fungal infection looks so much like cryptojacking? What about that time you were looking at hyphae under a microscope, and you couldn’t stop thinking about the implications that had on your defense-in-depth strategy? Let's not forget when you fed your pet Slimold and realized the analog it posed to your zero-trust cloud-access project. If, like me, these questions are on your mind 24/7, then this is the talk for you! We will explore the many lessons cybersecurity professionals can learn from our spore-bearing cousins from across the planet. Attendees will come away with newfound knowledge from the world of fungi and best practices in cybersecurity across the spectrum of cloud-native applications.

All I Know About Cybersecurity  I Learned from Fungus

Discover the /555 Benchmark and empower your security team to combat cloud attackers faster with insights from Sysdig and Tines. Advanced threat actors readily leverage native cloud capabilities and automation to accelerate their attacks. Attackers need just 10 minutes or less to breach an organization. Traditional EDR tooling's limited cloud visibility and context has hamstrung even the most adept security teams' cloud detection and response workflows. Security teams are ready to embrace the realities of the cloud with cloud-native approaches, and it starts with the /555 Benchmark. 

In this webinar, we discuss:
-  Sysdig threat research and how cloud attacks are different
-  What the /555 Benchmark is
-  How /555 can secure business outcomes and operations
-  Why real-time detection in ephemeral assets matters
-  How to gain better visibility and context in the cloud
-  How Sysdig and Tines can simplify DevSecOps, operations, and security workflows
-  How security teams can implement tools and processes to meet the /555 benchmark

The /555 Benchmark: Challenge Cloud Attackers with Faster CDR

Cloud Security

Cloud Strategy

Runtime Insights

Workload Automation

Threat Defence

Threat Detection

Response Time

Threat Hunting

Benchmarking

Cloud detection and Response

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

The /555 Benchmark: Challenge Cloud Attackers with Faster CDR

Presented by

About this talk

More from this channel