Name: Hacks, Attacks, and Comebacks: Staying Secure in 2025
Start: 2025-02-18T10:00:00Z
End: 2025-02-18T10:00:59.000Z
Location: BrightTALK
Rating: 5

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights, a unique AI architecture, and open source Falco. Sysdig delivers live visibility by correlating signals across cloud workloads, identities, and services to uncover hidden attack paths. By knowing what is running, teams can prioritize the vulnerabilities, misconfigurations, permissions, and threats that matter most. From prevention to defense, Sysdig helps enterprises move faster and focus on what matters: innovation.

Sysdig. Secure Every Second.

From Zero to CK(A)(S) Hero: Insider Tips & K8s Certification Exam Strategies - Live Q&A - CNCF Ambassador Saiyam Pathak

With the rapid rise of LLMs (Large Language Models) since mid 2024, attacks have rapidly become more frequent and sophisticated targeting vulnerabilities within these models. Cloud-based LLM usage costs can be staggering, surpassing several hundreds of thousands of dollars monthly, making them an attractive target for attackers. The Sysdig TRT since originally discovering LLMjacking in May 2024, has found over a dozen proxy servers using stolen credentials across many different services, including OpenAI, AWS, and Azure. Now, DeepSeek, since it was officially released, has also caught attackers’ attention, with many attackers flocking to the platform to further push the boundaries of LLMjacking.

In this webinar, Sysdig's Threat Research Teams experts Alessandro Brucato and Stefano Chierici discuss the evolution of LLMjacking attacks, including the targeting of DeepSeek. They detail the methods used by attackers, such as the use of OpenAI Reverse Proxies (ORPs), and will also discuss the costs associated with LLMjacking and provide best practices for detecting and combating LLMjacking.

Attackers will Attack: DeepSeek and LLMjacking target

Cloud has changed the way we develop, deploy, and scale apps. Traditional perimeter and end-point security does not address the distributed and ephemeral nature of cloud and has huge blind spots for adversaries to go undetected. Active cloud risk is the most imminent threat security teams need to address. Even purpose-built Cloud Security Posture Management (CSPM) tools, relying on point-in-time assessments, need to catch up in detecting and mitigating these active risks.

This SANS Spring 2024 CyberFest keynote addresses the distinction between static and active cloud risks, common tactics used in cloud attacks, and the new 5/5/5 framework that sets a new standard in detecting, prioritizing, and responding to active cloud risks and threats. Watch it for a live discussion and real-life examples from our experts from Sysdig and Amazon.

Active Cloud Risk. How to Combat the Most Critical Threats

When deploying and operating Kubernetes, practitioners often question whether they follow security best practices and maintain effective security posture to mitigate all possible threats. For this reason, OWASP (Open Web Application Security Project) created the OWASP Kubernetes Top 10, identifying the most likely risks. The Top 10 projects are useful awareness and guidance resources for security practitioners and engineers. 

In this webinar, we’ll cover:
  -  How the OWASP Kubernetes Top 10 describes risks specific to Kubernetes platforms in order of commonality or probability. 
  -  Applying additional grouping to the risks adds value to security program work.
  -  Additional techniques, including extra technical detail and strategic guidance, are included to audit and harden your Kubernetes environments and maintain an effective security posture.

OWASP Kubernetes Top 10 Projects: What Risks You Need to Prioritize

Cyber threats are evolving, and 2025 brings new challenges for security leaders. Join Ron Eddings (Hacker Valley Media) and Caitlin Sarian (Cybersecurity Girl and privacy advocate) for an engaging discussion on the most pressing cybersecurity threats and strategies to stay ahead.

We’ll cover:
  -  AI and Cloud Complexity: Securing workloads and navigating multi-cloud environments while leveraging automation.
  Privacy Risks and Identity Attacks: Caitlin Sarian offers insights on tackling privacy challenges and defending against identity-based breaches.
  -  Threat Detection and Response: Practical techniques to detect attackers faster and respond with precision.
  -  Emerging Trends: The evolving tactics of adversaries and how to prepare for what’s next.

Our expert panel shares real-world insights, actionable strategies, and best practices to help you outpace attackers and protect your systems in 2025. Don’t miss this opportunity to learn from top cybersecurity influencers and industry leaders as they reveal what it takes to stay secure in the year ahead!

Hacks, Attacks, and Comebacks: Staying Secure in 2025

As cloud security controls mature, a transformative shift is underway where a diverse range of security controls and configuration capabilities are converging into unified platforms and service fabrics, in addition to the core infrastructure provided by cloud providers. Solutions like CNAPP (Cloud-Native Application Protection Platform), CSPM (Cloud Security Posture Management), and CWPP (Cloud Workload Protection Platform) are now integrated to cover essential areas such as pipeline security, workload protection, cloud environment configuration, Infrastructure as Code (IaC) templates, and runtime security.

Attending this event will provide you with critical insights into how these advancements are reshaping cloud security strategies for 2024/2025 and beyond. You'll learn from industry experts about the latest features and best practices, allowing your security and cloud engineering teams to stay ahead in a rapidly evolving landscape.

Don't miss this opportunity to gain valuable knowledge, connect with thought leaders, and enhance your organization's security posture in an increasingly complex cloud environment.

SANS - Cloud Security Convergence How Controls Models for A Robust Cloud Security Stack Are Changing

Beneath the surface of the digital landscape, a growing threat is hiding in plain sight. In this revealing session, the Sysdig Threat Research Team will unmask the insidious world of ELF malware and its role in powering DDoS-as-a-Service botnets. Sysdig Threat Detection Engineer Alessandra Rizzo will take you through the inner workings of the "Rebirth" botnet, a Mirai variant exploiting vulnerabilities in cloud environments and beyond. Discover how these threats evolve, the tactics attackers use to avoid detection, and the steps you can take to protect your systems. Join us as we unveil the hidden dangers and provide actionable insights to strengthen your defenses.

Under the Mask: Unveiling ELF Malware and DDoS-as-a-Service

Organizations modernizing applications in the cloud find themselves drowning in vulnerabilities and security alerts. With too much noise and not enough time, teams need a better way to prioritize and address real risks to stay ahead of threats.

Join Sysdig for a discussion of how to boost your software supply chain security and address risk from development through production.

In this session we’ll cover:

-The latest cloud-native security risks and challenges

-How to better prioritize vulnerabilities and misconfigurations

-Using runtime signals to reduce AppSec noise up to 95%

-Detecting active cloud risk to protect against cyberattacks

-Improving outcomes with AppSec tools like Snyk, Checkmarx, and Docker

Fix What Matters First: Bridging Code and Cloud Security

Kubernetes certifications, including CKA, CKAD, and CKS, are among the most challenging exams to pass.  Becoming a CK(A)(S) certified hero demonstrates a deep understanding of Kubernetes' best practices, from deployment to security, ensuring your organization can build and maintain secure, scalable K8s and container applications.

In this session, CNCF Fellow Saiyam Pathak shares insider strategies, tips, and preparation techniques to help you ace these certification exams.  Learn what it takes to crack these exams, from exam preparation and study resources to tackling the most challenging questions. Discover the essential tools and techniques to secure your Kubernetes journey and gain the confidence to ace these certifications.

What You Will Learn:
An Overview of the CK(A)(S) Exams, including the newly updated question areas
Real-World Exam Experiences
Effective Exam Preparation Strategies
Essential Study Resources
Approaches to Tackling Challenging Questions

KEYNOTE FROM SANS FALL 2024 CYBERFEST:

It's just after after Halloween. However, cybersecurity has spooky threats every day or all year. 

Join us for a spooktacular journey into the haunted world of cloud security! Cybersecurity Influencer Graham Cluley and Sysdig Cybersecurity Strategist Crystal Morin will help you shine a light on the eerie shadows where cyber threats hide, revealing the secrets to detecting and banishing them from your cloud environment.

Prepare yourself for a thrilling session filled with chilling tales and crucial insights as we explore:
   ** Importance of Threat Hunting: Discover why hunting down these digital ghouls is essential to prevent them from causing nightmares.
  ** Threat Intelligence: Learn how to use threat intelligence as your ghost-hunting guide, uncovering their tactics before they strike your environment.
  ** Top Threats: Hear about the most menacing threats of 2024 and how to spot their spooky behavior and things that go bump in the night. 

Join us for a fun, engaging, and slightly spine-tingling session as we unmask the ghosts in your machines and show you how to keep your environment safe from these lurking spirits. With expert guidance from Graham Cluley and Crystal Morin, you'll be well-prepared with strategies to banish the ghosts keeping you up at night.

Ghosts in the Machine: Detecting Threats in Your Cloud

As cloud technology adoption continues to grow, organizations are faced with both exciting opportunities and complex security challenges. The agility of cloud-native environments has opened the door to advanced threats that are increasingly difficult to detect. But how can AI be leveraged to stay ahead of these evolving risks?

In this interactive session, Graham Cluley, podcaster, and independent cybersecurity analyst and Emanuela Zaccone , Staff Product Manager, Sysdig, will dive into the intersection of AI and cybersecurity. While AI has the potential to significantly enhance security efforts, it also introduces new risks and considerations. AI alone is not a magic solution — it requires human oversight, thoughtful implementation, and collaboration between security and development teams to succeed.

Discussion points
- How are bad actors leveraging AI?
- AI deepfakes and AI-enhanced ransomware attacks
- How to leverage AI to help in combating cloud security threats

Ai Hijacked This Webinar

In an era where containerized applications are becoming the norm, ensuring the security of Kubernetes environments is more critical than ever. This hands-on webinar, “OWASP Top 10 Training for Kubernetes,” offers an in-depth exploration of how to effectively implement the OWASP Top 10 security controls within Kubernetes.

Participants will gain a comprehensive understanding of the most pressing security risks identified by OWASP and how these apply specifically to Kubernetes ecosystems. Through a mix of theoretical insights and practical demonstrations, attendees will learn to identify vulnerabilities, enforce best practices, and utilize security tools tailored for Kubernetes environments.

Key topics will include risk assessment, configuration management, access control, and network security measures, all contextualized within the framework of the OWASP Top 10. This interactive session encourages participant engagement, with live demonstrations and case studies illustrating the application of these controls in real-world scenarios.

Whether you are a developer, DevOps engineer, or security professional, this session will enhance your skill set and equip you with actionable strategies to safeguard your applications against the most critical threats. Join us to strengthen your Kubernetes security posture and ensure your deployments are resilient against evolving security challenges!

OWASP Top 10: Control Measures for Kubernetes Security

Kubernetes certifications, including CKA, CKAD, and CKS, are among the most challenging exams to pass.  Becoming a CK(A)(S) certified hero demonstrates a deep understanding of Kubernetes' best practices, from deployment to security, ensuring your organization can build and maintain secure, scalable K8s and container applications.

In this session, CNCF Fellow Saiyam Pathak shares insider strategies, tips, and preparation techniques to help you ace these certification exams.  Learn what it takes to crack these exams, from exam preparation and study resources to tackling the most challenging questions. Discover the essential tools and techniques to secure your Kubernetes journey and gain the confidence to ace these certifications.

What You Will Learn:
**An Overview of the CK(A)(S) Exams, including the newly updated question areas
**Real-World Exam Experiences
**Effective Exam Preparation Strategies
**Essential Study Resources
**Approaches to Tackling Challenging Questions

From Zero to CK(A)(S) Hero: Insider Tips and K8s Certification Exam Strategies with CNCF Ambassador Saiyam Pathak

On October 17th, NIS2 will officially reshape compliance and reporting for the cybersecurity landscape. Watch this interactive discussion about NIS2’s profound impact on companies operating in and out of the EU. 

Whether you're a CISO, CFO, CLO, or security professional, this event will equip you with the knowledge and strategies necessary to ensure your organization thrives in the rapidly evolving regulatory environment.

What you'll learn from our Second Session in our Sysdig LIVE series:
* Company preparedness and what you need to know
* The nuances across member states and the intersection of NIS2 with other key regulations like GDPR, SEC, and DORA
* Real-world risks for non-compliance
* Practical steps as you navigate the best path forward

NIS2 Countdown: What Security Leaders Need to Know

In today’s rapidly shifting cybersecurity landscape, the rise of open-source software (OSS) tools has dramatically altered cyber adversaries' tactics. Understanding how attackers leverage these tools and how you can use them to improve your organization’s security posture is crucial for building effective defense strategies.

Join Sysdig's Cybersecurity Strategist, Crystal Morin, and Alessandro Rizzo from the Sysdig Threat Research team for an insightful fireside chat. We will explore the sophisticated use of OSS tools in modern cyberattacks and gain a deeper understanding of how threat actors are reshaping their strategies and increasing the scale of their operations through OSS technologies.

Key topics include:
The Evolution of Cyber Threats: Discover how cybercriminals are shifting from traditional attack methods to more advanced, scalable tactics with OSS tools.
Inside the Attacker’s Toolkit: Explore the most popular OSS tools used by cyber adversaries today and how they exploit vulnerabilities in their targets.
Case Studies and Real-World Examples: Analyze incidents like the CRYSTALRAY and PURPLEURCHIN attacks to understand how OSS tools are critical in high-profile cyberattacks.

Defensive Strategies: Learn about cutting-edge OSS tools and techniques for detecting, preventing, and responding to threats in an environment where attackers increasingly rely on OSS tools.

This fireside chat is ideal for cybersecurity professionals seeking to understand the evolving threat landscape or those curious about the role of OSS in modern cyberattacks. Don’t miss this opportunity to stay ahead of the game and enhance your defense strategies against ever-evolving threats.

The Evolution of Cyber Threats: How Open Source Tools Are Changing the Game for Better and Worse

Privacy

Cloud Security

Artificial Intelligence

AIOps

Threat Defence

Threat Detection

Threat Hunting

Kubernetes

Attack Surface Management

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Hacks, Attacks, and Comebacks: Staying Secure in 2025

Presented by

About this talk

More from this channel