Name: Raising the Signal: Effective Risk Prioritization in Cloud Security
Start: 2023-04-27T16:30:00Z
End: 2023-04-27T16:30:29.000Z
Location: BrightTALK
Rating: 5

Lacework is the security company for the cloud. The Lacework Cloud Security Platform is offered as-a-Service and delivers build-time to run-time threat detection, behavioral anomaly detection, and cloud compliance across AWS, GCP, Azure, and Kubernetes services, workloads, and containers. Trusted by enterprise customers worldwide, Lacework significantly drives down costs and risk, and removes the burden of unnecessary toil, rule writing, and inaccurate alerts.

Discover how Snowplow secures their multicloud environments with Lacework.

Steve Coppin-Smith, VP of Engineering and Josh Beemster, Head of Engineering at Snowplow will explain how they:
Deployed Lacework across 15 AWS sub-accounts in 30 minutes
Applied Lacework on data pipelines to ensure deployed software is compliant
Used Lacework to perform safety checks before updates reach customers

To achieve the following results:
Gained visibility into environments to determine exposure to vulnerabilities
Used reports from Lacework to easily demonstrate compliance during audits
Secured AWS and Google Cloud environments and plan to use Lacework to help with future expansion into Azure

[PRIVATE] Security & Auditability: How Lacework helps Snowplow sleep at night

Clariness accelerates patient recruitment for clinical trials, bringing new medicines and treatments to patients faster. Their infrastructure is on AWS and they run all their platforms on open-source Kubernetes. To implement security through their organization and streamline their compliance process, Clariness turned to Lacework.

With help from the Lacework Professional Services team, Clariness conducted a cloud security assessment which helped them establish their future goals for the infrastructure they run on AWS, streamline their compliance process and implement a shift-left security mindset.

Learn from Gopi Kirishnamurthy, VP Product & Engineering, Clariness, alongside Lacework CS and PS leaders during this animated, interactive and most importantly insightful (on-camera) discussion on the Clariness journey to finding the perfect future proofing cloud security solution.

How Lacework’s security assessment established the cloud future for Clariness

Understanding your complex cloud environment is tricky. Workloads, containers, and serverless functions are added and removed constantly. Vulnerabilities are endless. Security staff is in short supply.

But here’s the reality: cloud security is built in incremental steps. And process improvement involves multiple stakeholders — not just security teams.

Do you need to up-level your existing cloud security strategy? Wherever you find yourself, start your journey with confidence, knowing you can add more security layers as your needs evolve.

Watch our on-demand webinar with IDC Group Vice President, Security & Trust, Frank Dickson, and Lacework Distinguished Cloud Strategist Mark Nunnikhoven for a discussion on the most effective way to build a cloud security strategy using data, analysis, and actionable insights to reduce risk and deliver maximum coverage.

Moving Beyond Blindspots: How to Reduce Security Risks in the Cloud

Security & Auditability: How Lacework helps Snowplow sleep at night

There's a lot of uncertainty about how the current geopolitical conflict will affect ransomware. Evidence and compelling arguments point in both directions right now -- we could end up with more ransomware, or less.

While it may be too soon to say, one thing is for sure. Preparing for the worst is more prudent than simply hoping for the best. And trendlines over the last few years in terms of ransomware volume and severity have all been pointing up and to the right.

During this Ecocast, you’ll learn about the latest solutions to help arrest the scourge of ransomware, whether it's a human-centric or technology-driven approaches. And you’ll find out how to rapidly recovery from ransomware as the last line of defense.

Original post reference: https://events.actualtechmedia.com/on-demand/914/preventing-and-recovering-from-ransomware-before-its-too-late/

Preventing and Recovering from Ransomware Before It's Too Late

The Lacework Labs team continues to investigate, research, and respond to threats of all kinds affecting Cloud environments. Their goal is to learn from a wide array of adversarial tradecraft in an effort to help improve your cloud security defenses and implement proactive security measures.

In this on-demand webinar, get highlights from the Cloud Threat Report, 2022 Volume 3, to gain a deeper understanding of crimeware trends, threat actor evolution, supply chain attacks, and proactive defense techniques.

You will learn:

- How the threat landscape of crimeware marketplaces, initial access brokerages, and trends observed impacts your Cloud Security Posture Management
- What effect recent supply chain vulnerabilities have had on Cloud Infrastructure
- How the evolution of attacker tradecraft affects cloud management
- What new proactive security tooling and defensive techniques are available

Lacework Cloud Threat Report Volume 3

The global gaming market is expected to reach $200 billion in revenue by 2024,* making it a high-value target of cyber criminals. Cyber attacks can delay game development, and distribution, resulting in poor player experience. As you continue to expand your cloud footprint, security and compliance measures must be enforced at speed.

Join Lacework and Amazon Web Services (AWS) as we discuss how to secure your gaming software development pipeline end-to-end on AWS cloud.

Learn how to:
- Detect anomalous behavior using behavioral analysis in your AWS cloud and gaming environment.
- Deploy and secure matchmaking and gaming servers on Kubernetes using Amazon Elastic Kubernetes Service (Amazon EKS)
- Protect your gaming software development pipeline from build to runtime

Secure Your Gaming Development Pipeline with Lacework and AWS

The Forrester Total Economic Impact™ (TEI), a commissioned study conducted by Forrester Consulting, shines a light on quantified benefits, cost savings, and ROI of the Lacework data-driven cloud security platform.

To conclude our webinar series, guest speakers, Forrester VP, Research Director, Amy DeMartine, and Forrester Consultant Roger Nauth, will break down the findings from the study and provide a framework to help you evaluate the potential financial impact of switching to Lacework. Learn how you can achieve, over three years:

- 342% ROI
- $1.8M increase in productivity
- $2.3M in total benefits
- $1.79M net present value (NPV)

Maximize Your Cloud Security ROI in 2022 Featuring Forrester's TEI™ of Lacework

Most security tools battle cyber threats using the tried-and-true method of rules-based detection. But this industry standard has its limitations and misses new attacks never before seen in the wild.

What if, instead of endlessly writing and maintaining rules to identify bad actors and irregularities, you could base security on the normal, healthy operations of an environment?

In this on-demand webinar, we will explore how anomaly-based threat detection can help you surface unexpected changes in your cloud environment that require attention, reduce alert volume, and drive better security outcomes.

Anomaly Based Cloud Threat Detection

How is the evolving nature of increased security threats impacting our daily lives? How are governments and businesses responding to these issues?
 
Axios Tech and Policy Reporter Ashley Gold, Managing Editor for Politics Margaret Talev, and Contributor Chris Frates hosted one-on-one conversations with industry experts to explore these topics and get their perspectives on the outlook for cybersecurity in 2022.
 
Watch the on-demand virtual event to hear:
 
- Rep. Jim Langevin (D-R.I.) highlights priorities for creating intel sharing standards for companies, the presence of bipartisan support for cybersecurity legislation, and current vulnerabilities for the U.S. regarding Russian cyberattacks.
- Center for Strategic and International Studies (CSIS) senior adviser Suzanne Spaulding discusses her take on the Biden administration’s cybersecurity priorities, the cybersecurity concerns that exist around the upcoming Olympics in China, and the evolving nature of threats over the course of her career.
- Lacework Co-Chief Executive Officer David Hatfield emphasizes the cybersecurity challenges associated with a rapid transition to the cloud.

Charting The Course for Cybersecurity

Lack of visibility into cloud-native applications and workloads is driving a new platform approach to security. Learn how a Cloud-Native Application Protection Platform (CNAPP) can secure both your cloud and workload infrastructure and get tips for employing a systematic approach to simplify your cloud security journey.

Join our Field CTO and Sr. Director of Product in this interactive webcast and learn:
- What the differences are between CSPM, CWPP, CASB, and CNAPP
- What your first steps should be to understand your risks in the cloud
- Why you should stop thinking about point solutions like CSPM and CWPP and think bigger and better with CNAPP

Hello CNAPP: Merging CSPM and CWPP

The Log4j vulnerability continues to keep security teams up at night. As with any vulnerability, it is critical to quickly determine how exposed your operations may be and if you’ve been compromised.

In this On-Demand Webinar we cover:

- How attackers are currently leveraging this vulnerability
- How to address if your organization has a Log4j vulnerability
- How to future-proof your cloud environment for whatever comes next

Dissecting the Log4j Vulnerability

Infrastructure as a Service (IaaS) empowers [or propels] engineering teams to move faster by abstracting low-level details into high-level APIs. To maximize efficiency, teams often go all in on IaaS for computing, databases, and storage. But those efficiency gains may help attackers storm your cloud environments post-compromise.

Join Lacework Chief Architect Ulfar Erlingsson and Michael Bentley, Sr. Product Manager as they cover:

* Detecting compromise entry points
* Defeating attacker strategies, mapped to Mitre ATT&CK
* Differentiating automation, misconfigurations, and compromises

Behaviors of Compromised Cloud Environments

As we close out the year, we want to share some of our latest research and cloud security predictions to arm you with the insights you need to get a head start on 2022.

We're also excited to announce that Lacework raised the largest funding round ever for a security company with $1.3 billion. This enables us to deliver transformative security to help you protect your entire cloud environment in 2022 and beyond:

-The top 5 predictions for cloud threats in 2022 based on recent trends
-How to let your data do the security work
-Ways to interlace security throughout the development process
-How to empower security and developer teams with automation to securely build at scale in the cloud

The Future of Cloud Security

Infrastructure as Code (IaC) is quickly becoming the primary mechanism to manage cloud infrastructure at massive scale. While this significantly increases innovation speed, it also introduces additional risk.

Shift Left Faster: Infrastructure as Code (IaC) Security For the Win

As organizations continue to evolve their DevOps practices, modern software innovation has continued to accelerate, with apps being delivered faster and with better stability. At the same time, development teams continue to move workloads into the public cloud and build new applications and services directly in the cloud.  This elevated pace of software delivery and cloud adoption, however, has brought along with it a significant increase in malicious cybersecurity attacks.

Evolution of Cloud Security From DevOps to DevSecOps

View this On-Demand webinar with Andrew Bearsley, Senior Solutions Engineer at Lacework. He'll discuss the best practices on using the essentials to smarten and scale your SIEM for optimal cloud security and cost efficiency.

Essentials To Scaling Your SIEM

While zero trust has been touted as a north star for enterprise security, some experts argue that it may not be effective in all scenarios. With this reservation in mind, how can organizations, like yours, ensure that their Zero Trust strategies are effective, aligned with their security goals, and thwart today’s persistent phishing threats? 

Find out by tuning into this Fireside Chat between ESG Principal Analyst Jon Oltsik and Deepen Desai—Global CISO and Head of Security Research & Operations at Zscaler—as they survey how Zero Trust fares against the current threat landscape. 

Agenda items include:
• Zero Trust challenges & strategies for effective adoption
• A review of the 2023 ThreatLabz Phishing Report with the latest trends & techniques
• Tactics to pivot for supply chain, IoT, and MFA attacks 
• The rise of AI chatbots and their impact on cybersecurity defenders
• And much more

How Zero Trust Fares Against Current Cyber Threats

With the ever-increasing number of cyber breaches, a significant question remains: have we accepted or turned a blind eye to the problem? The recent breach reporting mandates and global regulatory requirements make it clear that we need to do more to protect our assets. 

Although challenged by the cost of cyber insurance, talent gap, increased complexity, more audits, and deeper analysis by investors, it is still essential to find ways to reduce costs, retain skilled talent, demonstrate risk management, and improve cybersecurity. 

Join ESG Principal Analyst Jon Oltsik and Ross Brewer, Chief Revenue Officer at SimSpace, for an exciting Fireside Chat that delves into the world of modern cybersecurity strategies to help you stay ahead of the attack curve. This event will cover:

• Tactics for satisfying investors
• Ways to fill the talent gap while moving from cyber assumptions to cyber certainty
• And how you can put your cybersecurity strategies to the test, balance the checkboxes, and create predictability in a cyber range

Cybersecurity in 2023: The Good, The Bad, and The Strategy

Context is critical as IT professionals are tasked with making sense of vulnerabilities in a cloud-native world. For example, vulnerabilities can happen at any point in the app development cycle (CNAPP), and security pros are staring down the tunnel of information overload with unceasing alerts.

With so much on their plates, how can these pros dial into the security vulnerabilities that are a must-tackle and protect their cloud-native environments?

ESG Senior Analyst Melinda Marks sits down with Papi Menon, VP of Product Management, Emerging Technologies & Incubation at Cisco Panoptica, to discuss this topic and explain:

•        Context is critical: why does vulnerability matter?
•        How Cisco’s Panoptica helps secure your cloud journey
•        Why a trusted partner like Cisco matters in your cloud security

Context is Critical: Making Sense of Vulnerabilities in a Cloud-Native World

In this RSA roundtable discussion led by top Enterprise Strategy Group analyst Jack Poller, hear from leading CISOs regarding the biggest challenges, best practices, and attack trends impacting the cybersecurity space today—all assessed by ESG’s independent voice. 

Normally, access to Enterprise Strategy Group analyst research and consulting services would be a costly investment, but today you can listen in for free.   

Topics covered include:
• The key concerns for modern CISOs
• How enterprises are shifting their security strategies
• ESG’s top 3 best practices for protecting sensitive cloud data
• And more

CISO top challenges vs. priorities (from ESG’s experts)

Enterprise Strategy Group (ESG) is a global leader in unbiased market analysis, research, and strategy – and ESG’s recent research into Zero Trust has uncovered some uncomfortable facts. 

In this panel discussion, ESG Senior Analyst Mark Bowker sits down with leaders from VMware and Entrust to answer key questions around Zero Trust this year – including:

• Why are we seeing a surge in Zero Trust projects now?
• Which vendor Zero Trust claims are true vs. false? 
• How is the role of PKI changing in light of the move toward Zero Trust networks?
• What level of urgency should IT and infosec leaders put on being quantum-ready?
• And much more

Zero Trust in 2023: Roundtable with ESG’s Analyst Mark Bowker

Enterprise Strategy Group (ESG) helps advise on critical business decisions using their world-class research on Zero Trust network security. Their recent studies indicate that all too often, businesses don’t have an effective Zero Trust strategy.

In this exclusive Fireside Chat, ESG Senior Analyst and industry vet Jack Poller examines what Zero Trust optimization looks like in practice and what you need to know to get started. Topics covered include:

• The ZTNA maturity model
• Essential action items for CIOs and CISOs
• The role of crypto agility in enterprise Zero Trust projects
• And more of ESG’s independent research

Enterprise Strategy Group’s Zero Trust optimization roadmap

What we are hearing from CISOs, Nick Lantuh, Co-founder & CEO of Interpres Security explains, is that cybersecurity has become too costly, complicated, siloed, and requires significant manual engineering to succeed using current methods. These issues dovetail with the competing objectives to secure your organization from large-scale attacks, while simultaneously optimizing costs in today’s budget constrained environment.

A threat-centric cybersecurity approach holds the key to resolving many of these issues, in which defense surface management is key. Tune in as Lantuh and an ESG analyst deconstruct this topic in the following Fireside Chat.

Additional agenda topics include:
•     Why defense surface management is needed in today’s security environments
•     Defense Surface Management concept and origins
•     Steps organizations can take to validate their security strategies
•     How continuous monitoring improves the security posture

101 from Enterprise Strategy Group: What is defense surface management?

@ RSA Conference 2023 USA

Because cloud environments are noisy, nobody has enough resources to pay attention to every single alert. The only way to effectively prioritize risks and detect threats, therefore, is to gain complete visibility and context from code to cloud. 

To achieve this feat requires consolidating all previously siloed capabilities—e.g. scanning of cloud accounts for misconfigurations, CSPM, CIEM, KSPM, CWPP, and more—to a single view. Given these myriad components, the path to success is often, well, cloudy. 

In this Fireside Chat, ESG Senior Analyst Melinda Marks sits down with Tim Chase, Global Field CISO at Lacework, to examine actionable strategies with which you can cut through the noise to prioritize cloud security risks with precision. Tune in to discover how:

• To strengthen cloud security risk prioritization 
• Developers and security pros should collaborate to identify vulnerabilities
• Lacework helps their customers reduce cloud attack surfaces 
• And much more

Raising the Signal: Effective Risk Prioritization in Cloud Security

Cloud Data

Cloud Native

Cloud Risk

Cloud Security

Cloud Visibility

Risk Management

Risk Mitigation

Cloud

Security Risk

Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Raising the Signal: Effective Risk Prioritization in Cloud Security

Presented by

About this talk

Lacework