Build a Robust App Control Strategy for your Cloud Workloads

New technologies like containers present new ways for cloud environments to be hacked.

Each container is responsible for a specific service that is part of the entire application, resulting in increased data traffic and complex access control rules. This can also lead to misconfigurations, providing a door for attackers to penetrate our environments.

In this webinar, Nicole Fishbein and Ell Marquez will explain the most common vectors attackers are using to target containers, with easy-to-implement strategies to defend against these emerging threats.

Join the webinar and learn:
- What are the common attack vectors for containers
- Examples of container attacks
- What you can do to prevent and secure your environment

Every day, wars are being waged on invisible battlefields. The enemy is hiding and stealthily leveling its attacks from within. This formidable foe isn’t an opposing army. It may very well be a single malicious actor, or a state-sponsored group of hackers. Without a trace of their tools left on the disk, attackers are storing the code in memory–resulting in infamous Fileless Malware. If successful, the best case scenario outcome is a tarnished reputation; the worst, significant (and potentially irreparable) damage to a brand and its business. Join Intezer Labs and (ISC)2 on May 25, 2021 at 1:00 pm BST for a discussion on how attacks like these can cripple an organization without its security team ever knowing it.

84% of companies surveyed by the Cloud Native Computing Foundation are running containers in production. Safe to say, securing containers has become an important part of cloud security planning.

Concerns around container security are not unfounded. In 2019, Docker reported their repositories had been breached affecting 190,000 users. Though this might not seem like a lot, consider that many of these users had access to their employers' production environments, allowing the compromise to expand and result in more data being infiltrated.

Researchers at Intezer recently discovered a previously undetected malware which they named Doki. Doki is a non-malicious container image which includes the commonly used Linux command curl. This command allows attackers to bypass traditional scanning and run malicious code after the container has been created. With companies creating new containers every few hours, minutes, and even seconds, it is nearly impossible to monitor what is running on these containers without the proper tools.

Join Ell Marquez and Adir Shemesh to learn about the latest container attack trends and how Intezer Protect can secure your entire cloud-native stack.

Doki is the latest high profile attack actively infecting misconfigured Docker servers in AWS, Azure, and other cloud platforms. Anyone with publicly open Docker API access is at high risk to be hacked due to the attackers’ continuous internet-wide scanning for vulnerable victims.

The malware used in this attack is a fully undetected backdoor. It has managed to stay undetected for over six months despite being uploaded to VirusTotal several months ago.
In this webinar, understand how this attack is being conducted and ways to prevent Doki from infecting your containerized environments in the cloud.


You will learn:

1. How this attack is using a previously undocumented technique
2. Immediate action items required of container server owners
3. Understand why the industry is adopting Zero Trust Execution to secure cloud workloads

We all know the dangers death eaters (adversaries) pose to the wizarding world (cloud environments.) The methods in which an attack is planned and executed remains cloaked in darkness making it difficult for us to protect ourselves.

Striping away the cloak of invisibility and shining light into their malicious spells (code) can ensure that even when attackers breach our perimeter we can still defend our castles (cloud environments).

Join Christophe Limpalair, founder of Cybr, and Ell Marquez, security and Linux advocate at Intezer, as they explore the final chapter of our Harry Potter-themed security in the cloud series. Demystify the spells of death eaters as we prepare for the battle of Hogwarts and mount our last line of defense.

A Horcrux is a powerful object in which a Dark wizard or witch [attacker] has hidden a fragment of his or her soul [code] for the purpose of attaining immortality [persistence].

Creating a Horcrux gives one the ability to anchor their own soul [code] to earth[environment], if the body [process] is destroyed.

In this session, we will come to understand how attackers are able to not only compromise our cloud environments but also maintain persistence—while our security teams are distracted by a mountain of false alerts. If we focus on the root cause of all cyber attacks: unauthorized spells, wait, I mean unauthorized code.

In the security and technology world, we rely so heavily on buzz words to explain our work that others feel like we are magicians working spells that they will never be able to do.

Saying, "Due to issues with our security posture, the APT manipulated a well-known CVE to breach our cloud-native-applications." Might as well be: "The Death Eaters were able to use a port key to enter our environment and effectively cast the Avada Kedavra spell."

Instead, we could say, "An attacker used a known flaw to gain access to our environment and brought down our servers."

In this session, we will come to understand that security for our cloud environments can be simple to understand, yes even for muggles. That is, if we focus on the root cause of all cyber attacks: unauthorized spells, wait, I mean unauthorized code.

The Linux operating system is secure by default because Windows is the most used operating system globally. Thus attackers create viruses and malware to target Windows systems. While cringe-worthy to read, these are all real statements being touted in the technology sector. This is a false narrative that is still frequently touted in the technological world.
This webinar will highlight the common myths proliferated around the Linux operating system. As well as how they are endangering companies' production environments, and steps companies can take to mitigate the new techniques attackers are using to benefit from these myths.

Topics covered:
How recent attacks have shifted to focusing on the Linux ecosystem.
How Linux malware is being crafted and detected.
What you can do to protect yourself from the change in attacker's techniques.

Protecting cloud compute resources is one of the most complex projects a security team can take on today. Runtime protection should be an important first step to ensure their workloads are secure. In this webinar, we will cover examples of recent attacks against cloud workloads, what they have in common, and discuss quick wins to gain maximum coverage quickly.

There are nearly 100 ways an attacker can launch a cyber attack on your Linux cloud servers. This makes securing the infrastructure a formidable task even for the most adept security team. The question becomes: What risks can be prioritized?

Intezer’s new TTPs matrix for Linux cloud servers is helping security personnel identify current gaps in their defenses’ coverage against the different threats that target this infrastructure. Among the TTPs listed, unauthorized code and commands at runtime are universal. Protecting the runtime environment is both an important last line of defense and one of the first steps you can take to reduce risk.

This webinar will highlight key takeaways from the matrix and explain what steps you can take immediately to reduce risk and protect your organization from being the next victim of a high-profile breach.

Topics covered:
• Covering the basics of the TTPs matrix for Linux cloud servers.
• How recent cloud attacks have emphasized the need for adopting a Zero Trust Execution approach to secure workloads against unauthorized code and commands.
• What you can do tomorrow, with a focus on single controls, to mitigate many of the TTPs on the matrix.

The use of Application Control – commonly referred to as whitelisting or Zero Trust Execution – is considered to be a robust and essential Cloud Workload Protection strategy, But it does not prevent all cyber attacks. Attackers can exploit vulnerabilities in trusted applications or utilize whitelisted apps for malicious intent. App Control also presents some operational headaches for cloud security teams. We will discuss how to build a robust Application Control strategy for your workloads that is informed by these challenges.

Doki is the latest high profile attack actively infecting misconfigured Docker servers in AWS, Azure, and other cloud platforms. Anyone with publicly open Docker API access is at high risk to be hacked due to the attackers’ continuous internet-wide scanning for vulnerable victims.

The malware used in this attack is a fully undetected backdoor. It has managed to stay undetected for over six months despite being uploaded to VirusTotal several months ago.
In this webinar, understand how this attack is being conducted and ways to prevent Doki from infecting your containerized environments in the cloud.


You will learn:

1. How this attack is using a previously undocumented technique
2. Immediate action items required of container server owners
3. Understand why the industry is adopting Zero Trust Execution to secure cloud workloads

The industry is quickly shifting to a Zero Trust Execution strategy. What does this term mean and how can you apply it to your Cloud Workload Protection strategy? Attend this session to learn more

Kaiji is our researchers’ latest discovery, written from scratch using Go programming language to target IoT devices and Linux-based servers. Instead of relying on exploiting unpatched flaws, this botnet spreads exclusively through brute-force attacks against publicly accessible SSH servers.

Kaiji has been in the news recently infecting unsecured Docker servers to then carry out DDoS attacks. Docker servers, which are a type of containerized workload, are relatively convenient to deploy in the cloud, making them an increasingly popular choice for enterprises but also an attractive target for attackers.

In this webinar, we will present an analysis of the Kaiji malware and explain how to protect your containerized workloads against this botnet and other emerging Linux threats.

You will learn:
1. Why monitoring the runtime environment is the key to preventing most cyber attacks on your cloud infrastructure
2. How to protect your cloud workloads against Kaiji and other emerging threats

The “Shift Left” movement has redefined the roles and responsibilities of security teams, software development teams and infrastructure teams.

Has this enormous change positively or negatively impacted security teams? Is it possible that we have shifted too far left?

Join experts Matt Hollcraft, CISO of Hellman & Friedman, Hussein Syed CISO of RWJBarnabas Health, and Itai Tevet, CEO of Intezer in this webinar which will explore the DevOps/security relationship, discuss the need for creating independence and review potential solutions for security teams.

The Linux operating system accounts for nearly 90 percent of all cloud servers. With companies increasingly storing their most sensitive information on the cloud, we expect that Linux threats will pose a significant risk to enterprise security in the near future. Attend this webinar to see how we apply code reuse analysis to the world of runtime Cloud Workload Protection and incident response

The use of application control (also known as whitelisting) is considered to be a robust and essential Cloud Workload Protection strategy largely due to the high predictability of cloud environments.

But it does not prevent all cyber attacks. Attackers can exploit vulnerabilities in trusted applications or utilize whitelisted apps for malicious intent—referred to as “Living off the Land.” App control also presents some operational headaches, requiring strict and often unrealistic policies.

This webinar explains how to build a robust application control strategy that is informed by these challenges. Learn what capabilities you should consider when evaluating a Cloud Workload Protection Platform (CWPP).

Malware analyst Paul Litvak discusses APTs targeting the Linux ecosystem and offers mitigation recommendations

The Linux threat ecosystem is crowded with IoT DDoS botnets and crypto-mining malware. With low detection rates in nearly all leading antivirus solutions, Linux threats pose new challenges to the information security community that have not been observed in other operating systems.