Name: The ABCs of PMCs for Attack Detection
Start: 2020-09-23T17:00:00Z
End: 2020-09-23T17:00:47.000Z
Location: BrightTALK
Rating: 5

Capsule8 provides modern enterprises scalable Linux workload protection. The pioneer behind “ops-friendly” Linux security, Capsule8 Protect is purpose-built to deliver monitoring, detection and response with a single agent that can be deployed across heterogenous production environments. By using Capsule8, security teams have the visibility needed to detect incidents and protect against unwanted behavior, allowing them reduce downtime and avoid costly business disruption.

Join John Viega, CEO of Capsule8, Vicki Knott, Co-founder and CEO of Crux OCM, and Thomas Olofsson, CTO of BTBlock  for a timely discussion on recent cyber attacks on critical infrastructure and why enterprises running Linux shouldn’t underestimate the implications of such attacks. 

The Colonial Pipeline incident has gained more attention due to the social and economic ripple effect it had even though the company moved quickly to shut down certain critical infrastructure to control the impact. The thwarted Florida Water Treatment Plant attack earlier this year could have been potentially catastrophic. Have we been dodging the bullet? Learn from leaders in cybersecurity and energy industries about the true implications of such attacks, the need to secure your largest attack surface – production systems, how to take a holistic approach to build business resilience.

Attacks on Infrastructure & Why It’s Important to Secure Linux

No marketing buzzwords or FUD here, get the #RealTalk on resilience

Cloud Native Security Summit 2021 - #RealTalk on Resilience

Snowflake walks through how they take a cloud-native approach to threat detection.

Cloud Native Security Summit 2021 - A Cloud-Native Approach to Threat Detection

As organizations move ahead at speed on their digital transformation journey, cloud-native technologies remain, more than ever, key drivers in the pursuit of the optimization of business processes, culture, and customer experiences. 

In the face of this transformation, and the reliance on public clouds and containers, a traditional networking approach is not an effective enough approach to provide full security to cloud-native applications.  With this, comes a requirement to transform your organization’s approach to compliance.

In this session experts discuss the salient points to consider and to maintain compliance in a cloud-native world

- Best practices and principles to manage, track and control all areas of the application stack
- Is there a mandate for zero-trust security framework for your cloud-native applications?
- How can compliance professionals keep pace with new and upcoming privacy mandates and legislation? 
- What are privacy best practices for cloud-native deployments?
- As organizations move legacy apps to the cloud, what are some typical pain points or misconceptions about security and compliance that you’ve seen?
- What are you seeing as trends in 2021 when it comes to building resilient, compliant and secure cloud infrastructures and applications?

Cloud Native Security Summit 2021 - Compliance in a Cloud-Native World

In the face of an ever-transforming digital world, resilience has become an essential focus for the security industry (reinforced even more so by a global pandemic and entirely remote workforces). With external attacks now accepted as an inevitable reality, how an organization detects, responds, recovers, and learns from a crisis is key. 

An effective cyber resilience program should include a programmatic approach to withstand disruptive cyber incidents. It should ensure continuity of operation with minimum impact to business despite an incident. It  should also have a governance framework with policies, procedures, and accountability, integrated into the business strategy. This all needs to be powered by the right people and the right technology.

It is an iterative process providing the means of recovery from an attack and the first step is accepting potential failure in the first place. 

What are some of the steps that organizations have taken to build cyber resilience programs and what have they learned when faced with failure?

Cloud Native Security Summit 2021 - Hacking Failure: Resilience

With data breaches raging like environmental disasters, security teams are coming to realize that the data revolution is already here. Mark Curphey, founder of OWASP and co-founder at Open Raven explains the rise of data engineering, data warehouses and the data lake, the move to cloud computing for data engineering and emerging data clouds. In this session, you will learn how to build a data security program to discover where you have data, what type of data you have, how it’s protected and who has access to it so you can avoid being the next data breach headline.

Cloud Native Security Summit 2021 - The Rise of Data Breaches

As production environments move from on premise to cloud, in order to embrace rapid change, large scale and resilience, methods of detection must also face significant and fundamental changes. 

Our panel of experts discuss the challenges of visibility and control in the new environment and how to ensure we detect and resolve threats as quickly as they appear.

Cloud Native Security Summit 2021 - New Stack - New Detection

The "shift left" movement in security has been driven by the changing landscape as the world has adopted cloud native technology.  But, the focus on development and CI/CD has left many organizations with a tremendous gap—a lack of visibility into security for production instances.

In this session, we explore the challenges that have kept security teams in the dark when it comes to production, and talk to real industry leaders about what they've done to overcome those challenges.  Along the way, we touch on asset management, visibility, detection, forensics and compliance.

Cloud Native Security Summit 2021: Removing Security's Blinders

Recent global events have accelerated not only interest in cloud-enabled delivery and cloud-native patterns, but a broader discussion on what it means to be a resilient organization. Objectives around speed and efficiency are still critical, but today’s enterprise must also be ready to respond effectively to changes in the market, whether it’s technology, security incidents or a pandemic. As organizations contemplate this resiliency, it is useful to understand what trends are in play and what learnings may apply.

This session provides decision-makers and practitioners with insights about key topics related to cloud native security, from the perspectives of both DevOps and Security.

Cloud Native Security Summit 2021 - Research Keynote: Trends in Resilience

Serverless architecture is an appealing prospect to developers in that it reduces maintenance, cost, testing, and operational overhead. Much of the pomp and circumstance of managing the infrastructure shifts to the cloud provider so that organizations can focus on building their services rather than scaling them and keeping them running. But, as with all new or evolving technologies, there are security implications and considerations that can give security teams pause and serverless applications should be viewed differently from traditionally deployed or containerized services. 

In this interactive session, Ryan Petrich, CTO at Capsule8, will define serverless as well as explore some of the key benefits of deploying this type of infrastructure with a focus on the impact to an organization’s attack surface. Ryan will dig into some of the key security challenges, including visibility and observability of serverless applications, as well practical tools and approaches to help overcome them and a live demonstration of example attacks to watch out for when choosing such an architecture.

Attendees of this webcast will learn: 

- What a serverless architecture is and why security teams should care
- Key security challenges for serverless deployments
- Attack vectors and security threats unique to serverless architectures
- Practical solutions for overcoming serverless security challenges

Infrastructure Security: Doing More with Serverless

There's a whole world of system tracing, instrumentation, and profiling built into nearly every Linux system that goes untouched by most. While originally developed to help with debugging and performance tuning, the same tools can be used to provide security insights that are difficult or almost impossible to get any other way. In this interactive session we will discuss these tracing systems, suggest tips on how to use them, and provide some actionable takeaways on types of data you can extract, all in just a few lines of code.

This webcast is designed for developers and systems administrators who run Linux systems and want more visibility into what those systems are doing, either for performance reasons, or for security (or both!).

During this webcast you will learn: 

- Best practices on how to use the `perf` cli to gather profiling information on applications.
- Top tips on how to use Linux kprobes and uprobes to instrument specific functions in the kernel or userland.
- How to implement a simple script to monitor the DNS requests and TCP connections made by any program on the system.

Linux Tracing - Do You Know What Your Servers Are Actually Doing?

If you're curious about cryptomining and are interested in learning what it is, how folks are doing it, and how it could be impacting your organization (like that unexpected AWS bill!), join our live webcast series: Coffee and Capsule8: Tales from the Cryptomining.

Register now and when you attend we will send you either a Starbucks gift card to keep you caffeinated OR make a donation for City Harvest (your choice!) while Capsule8 VP of Product Management and Product Strategy, Kelly Shortridge, explores the emergence of cryptomining and what risks it brings to your organization. Capsule8 VP of Architecture Ryan Petrich will then demonstrate what a cryptomining attack may look like in your organization and how Capsule8 detects it. We'll provide practical tips on responding if you catch this type of activity and field a live Q&A to address any additional questions.

The Curious Case of a Kibana Compromise: https://capsule8.com/blog/the-curious-case-of-a-kibana-compromise/

Coffee and Capsule8: Tales from the Cryptomining

Accelerating Cloud Adoption - The Time is Now

An evolving technology landscape can already make a well planned cloud migration strategy seem like a complex task, but as we’ve learned in the past few months, there are often additional challenges thrown into the works. This can lead to business needing to accelerate plans at a time when operational activities are already more difficult. How can you be sure you’re taking the necessary precautions pre-, during and post-migration? 
 
On this live webcast, Rob Harrison, chief product officer at Capsule8, and guest speaker, Andras Cser, vice president and principal analyst at Forrester Research, will discuss how security considerations for a cloud migration have changed over the past few months and how future trends change risk when adopting accelerating strategies. Rob and Andras will discuss the challenges from both a business execution level and a cybersecurity level and how to mitigate those risks. Attendees of this live webcast will learn:  

- Pre, during and post migration strategies
- Business level vs. cyber risk
- How different business verticals are utilizing cloud migration strategies as an opportunity for growth
- Geographical trends and compliance considerations

Security Considerations for Cloud Migration During a Crisis

How did a fairly straightforward endeavor – an IT audit – become that monster under the bed? 

Compliance projects all too often feel a massive box checking exercise. You may be pulling staff and co-workers into a vast abyss, mapping arcane compliance controls, deciphering audit speak, all to hopefully pass an audit and maybe shore up security. So how can you, the IT experts, quickly tease out the essence of what an auditor needs to give them confidence that you have passed an audit? 

In this presentation we will use the example of a SOC 2 Type 1 audit in a cloud-native environment to demystify all of the dots, dashes and control numbers, giving you a high level roadmap of key elements required to pass your own SOC 2 audit regardless of where you are on your cloud native or compliance journey.

Deciphering SOC 2 Compliance in Cloud-Native Environments

A deep dive into novel hardware performance counters and how we use ML to sift through them.

Hardware Performance Counters constitute a treasure trove of data, which surprisingly remains pretty much untouched by modern research, except for a few well known counters. In recent years, exploits like Spectre and Rowhammer and general techniques like Return Oriented Programming (ROP) were detected using hardware performance counters (HPCs). But to date, only relatively simple and well-understood counters have been used, representing just a tiny fraction of the information we can glean from the system.

In this webinar, we’ll show how we used ML to find non-intuitive counters to build much more effective detection models against cache side channel attacks than ones previously tested in the industry. These new models are more accurate than prior cache-miss based models, and harder for attackers to bypass. We’ll also discuss the undocumented performance counters that we found as part of our Blackhat 2020 research, and the various attacks that models built with them could detect.

The ABCs of PMCs for Attack Detection

Machine Learning

Hardware

Attack Vectors

Threat Detection

Threat Analysis

Endpoint Security

Zero Day Threats

Data Analysis

Information Security

Exploit

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful emerging technology insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on technologies like 3D printing, pervasive robotics, natural interfaces, connected everything and cognitive systems.

Emerging Technologies

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

The ABCs of PMCs for Attack Detection

Presented by

About this talk

More from this channel