Name: Managing Open-Source Security for Modern-Day DevOps
Start: 2020-10-27T17:00:00Z
End: 2020-10-27T17:00:46.000Z
Location: BrightTALK
Rating: 0

Static scans and firewalls leave AppSec blindspots. Contrast delivers real-time and always-on security INSIDE your apps and APIs. Prevent, detect and respond to application and API attacks with the Contrast Runtime Security Platform.



Financial services organizations such as banks have been and will continue to be major targets of cyber attacks. 

But attackers aren’t just going after financial assets and data anymore. Now, they are targeting infrastructure to go after an institution’s customers and partners. This phenomenon, also known as island hopping, is about more than extracting ransomware payments and hacktivism, as a brand’s reputation is on the line.

And as the research shows, the application layer is increasingly being exploited.
There was a 50% increase in zero-days being exploited year-over-year, according to Google Threat Analysis and Mandiant
The number of data breaches caused by an exploited vulnerability rose 180% year-over-year, according to the latest Verizon Data Breach Investigations Report (DBIR)
55 days after a patch release, half of vulnerabilities remain unaddressed, according to the DBIR

Tom Kellermann, Senior VP of Cyber Strategy, recently chatted with Eric Baran, Principal Segment Leader – DevOps – Global Financial Services at AWS, all about the current threat landscape facing financial services organizations today and what they can do to more effectively safeguard against modern application-layer attacks.

What to expect from the 30-minute conversation:
What the current threat landscape looks like in the financial services industry.
What financial services businesses currently are doing to safeguard their applications and cloud environments, and the issues with these approaches.
The benefits of Runtime Security for financial institutions.
What financial services organizations can do today to improve their application and cloud security.

The value of Runtime Security for the financial sector: Why current Application Security approaches too often fall flat

Simply pushing traditional security practices “left” without adaptation to the way developers want to work won’t cut it. Finding vulnerabilities is not the problem; resolving vulnerabilities is the real bottleneck.

Luckily, a better way exists: Runtime Security. 

As Larry Maccherone, Dev(Sec)Ops Transformation Architect at Contrast Security, has noted before, he believes that the biggest transformation in Application Security (AppSec) and application programming interface (API) security over the next few years will be that more and more of it will occur in production as opposed to pre-production. 

During RSA earlier this year, Larry sat down with Alan Shimel from TechStrong to talk about how DevSecOps is evolving and why app and API security testing in production will eventually become the norm. Check out the 13-minute interview.

Strategic evolution of DevSecOps: Interview with Larry Maccherone at RSA Conference 2024

In the future, application and API security testing will be done in production as opposed to in pre-prod. We are on the cusp of a revolution in app and API security testing like the one that occurred for load and performance testing, where it shifts to production.

The way we do AppSec is fundamentally broken today. There's an assumption that there is a time that security gets with the product before it gets to production, which is an old way of thinking.

In this on-demand TechStrong webinar, Larry Maccherone, Dev(Sec)Ops Transformation Architect at Contrast Security, discussed why current approaches to application security fall flat and how to apply the principles of DevOps to improve application security practices.

Key Takeaways:

Why is it cheaper, more effective, and even safer to do application and API security testing in production?
What are the technology, practices, and mindsets necessary to pull this off?
What are the risks to this approach and how do you address them?

The radical future of application and API security testing

Presenters:
Joe Coletta, Product Marketing Manager at Contrast Security
Pauline Logan, Product Manager of Contrast OSS at Contrast Security

Tackle open-source risks without grinding DevOps to a halt.

Is managing open-source software (OSS) with legacy tools causing more harm than good? This is often the case when it comes to outdated software composition analysis (SCA) tools that bury teams with false positives and require a series of tedious manual processes that waste valuable time.

Tune in for a webinar that will explain how these SCA tools fall short when it comes to managing OSS risk, as well as how to untangle the confusion and find a security strategy that doesn’t stop DevOps in its tracks. You’ll come away understanding:

- The rising rate of OSS vulnerabilities
- Different layers of risk that come with OSS
- Specific steps DevOps can take to managing an OSS security strategy
- How instrumentation can help streamline OSS security

Join us to discover a new way to protect OSS that doesn’t burden security or DevOps teams, but actually integrates into DevOps workflows for seamless, proactive protection.

Managing Open-Source Security for Modern-Day DevOps

Application Development

Developers

Development

Application Security

Software Development

Security

Vulnerabilities

Vulnerability Management

CISO

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

The unexpected nature of natural disasters and other disruptive events means that preparation is key to managing disaster recovery and business continuity planning. Join the business continuity and disaster recovery community for live and recorded presentations discussing best practices for business continuity planning, disaster recovery programs and business continuity management. Learn from BCDR experts to develop your critical infrastructure and gain insight into tactical solutions to your BCDR issues.

Business Continuity / Disaster Recovery

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Get powerful end user computing insights from influential EUC experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on effective approaches to get non-programmers to create working applications.

End User Computing

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Managing Open-Source Security for Modern-Day DevOps

Presented by

About this talk

More from this channel