Hi [[ session.user.profile.firstName ]]

Cloud Native Security Summit 2021 - Compliance in a Cloud-Native World

As organizations move ahead at speed on their digital transformation journey, cloud-native technologies remain, more than ever, key drivers in the pursuit of the optimization of business processes, culture, and customer experiences.

In the face of this transformation, and the reliance on public clouds and containers, a traditional networking approach is not an effective enough approach to provide full security to cloud-native applications. With this, comes a requirement to transform your organization’s approach to compliance.

In this session experts discuss the salient points to consider and to maintain compliance in a cloud-native world

- Best practices and principles to manage, track and control all areas of the application stack
- Is there a mandate for zero-trust security framework for your cloud-native applications?
- How can compliance professionals keep pace with new and upcoming privacy mandates and legislation?
- What are privacy best practices for cloud-native deployments?
- As organizations move legacy apps to the cloud, what are some typical pain points or misconceptions about security and compliance that you’ve seen?
- What are you seeing as trends in 2021 when it comes to building resilient, compliant and secure cloud infrastructures and applications?
Recorded Apr 20 2021 36 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Cynthia Burke - Capsule8, Sloane Burwell - HackerOne, Al Faiella - Unqork, Donal Kerr - 4Securitas
Presentation preview: Cloud Native Security Summit 2021 - Compliance in a Cloud-Native World

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Attacks on Infrastructure & Why It’s Important to Secure Linux Recorded: May 20 2021 35 mins
    John Viega, CEO Capsule8; Vicki Knott, CEO and co-founder of Crux OCM; Thomas Olofsson, CTO of BTBlock
    Join John Viega, CEO of Capsule8, Vicki Knott, Co-founder and CEO of Crux OCM, and Thomas Olofsson, CTO of BTBlock for a timely discussion on recent cyber attacks on critical infrastructure and why enterprises running Linux shouldn’t underestimate the implications of such attacks.

    The Colonial Pipeline incident has gained more attention due to the social and economic ripple effect it had even though the company moved quickly to shut down certain critical infrastructure to control the impact. The thwarted Florida Water Treatment Plant attack earlier this year could have been potentially catastrophic. Have we been dodging the bullet? Learn from leaders in cybersecurity and energy industries about the true implications of such attacks, the need to secure your largest attack surface – production systems, how to take a holistic approach to build business resilience.
  • Cloud Native Security Summit 2021 - #RealTalk on Resilience Recorded: Apr 20 2021 34 mins
    Kelly Shortridge - Capsule8, Rob Duhart - Google, Bea Hughes - PagerDuty, Prima Virani - Segment
    No marketing buzzwords or FUD here, get the #RealTalk on resilience
  • Cloud Native Security Summit 2021 - A Cloud-Native Approach to Threat Detection Recorded: Apr 20 2021 32 mins
    Omer Singer - Snowflake, Jacob Salassi - Snowflake, Michele Freschi - Snowflake
    Snowflake walks through how they take a cloud-native approach to threat detection.
  • Cloud Native Security Summit 2021 - Compliance in a Cloud-Native World Recorded: Apr 20 2021 36 mins
    Cynthia Burke - Capsule8, Sloane Burwell - HackerOne, Al Faiella - Unqork, Donal Kerr - 4Securitas
    As organizations move ahead at speed on their digital transformation journey, cloud-native technologies remain, more than ever, key drivers in the pursuit of the optimization of business processes, culture, and customer experiences.

    In the face of this transformation, and the reliance on public clouds and containers, a traditional networking approach is not an effective enough approach to provide full security to cloud-native applications. With this, comes a requirement to transform your organization’s approach to compliance.

    In this session experts discuss the salient points to consider and to maintain compliance in a cloud-native world

    - Best practices and principles to manage, track and control all areas of the application stack
    - Is there a mandate for zero-trust security framework for your cloud-native applications?
    - How can compliance professionals keep pace with new and upcoming privacy mandates and legislation?
    - What are privacy best practices for cloud-native deployments?
    - As organizations move legacy apps to the cloud, what are some typical pain points or misconceptions about security and compliance that you’ve seen?
    - What are you seeing as trends in 2021 when it comes to building resilient, compliant and secure cloud infrastructures and applications?
  • Cloud Native Security Summit 2021 - Hacking Failure: Resilience Recorded: Apr 20 2021 44 mins
    David Sparks - CISO Series, Nick Espinosa - Security Fanatics, Will Gregorian - Color, Naomi Buckwalter - Confidential
    In the face of an ever-transforming digital world, resilience has become an essential focus for the security industry (reinforced even more so by a global pandemic and entirely remote workforces). With external attacks now accepted as an inevitable reality, how an organization detects, responds, recovers, and learns from a crisis is key.

    An effective cyber resilience program should include a programmatic approach to withstand disruptive cyber incidents. It should ensure continuity of operation with minimum impact to business despite an incident. It should also have a governance framework with policies, procedures, and accountability, integrated into the business strategy. This all needs to be powered by the right people and the right technology.

    It is an iterative process providing the means of recovery from an attack and the first step is accepting potential failure in the first place.

    What are some of the steps that organizations have taken to build cyber resilience programs and what have they learned when faced with failure?
  • Cloud Native Security Summit 2021 - The Rise of Data Breaches Recorded: Apr 20 2021 11 mins
    Mark Curphey, co-founder, Open Raven
    With data breaches raging like environmental disasters, security teams are coming to realize that the data revolution is already here. Mark Curphey, founder of OWASP and co-founder at Open Raven explains the rise of data engineering, data warehouses and the data lake, the move to cloud computing for data engineering and emerging data clouds. In this session, you will learn how to build a data security program to discover where you have data, what type of data you have, how it’s protected and who has access to it so you can avoid being the next data breach headline.
  • Cloud Native Security Summit 2021 - New Stack - New Detection Recorded: Apr 20 2021 39 mins
    Chenxi Wang - Rain Capital, Derek Chamorrow - Cloudflare, Swathi Joshi - Netflix, and Sounil Yu - Author
    As production environments move from on premise to cloud, in order to embrace rapid change, large scale and resilience, methods of detection must also face significant and fundamental changes.

    Our panel of experts discuss the challenges of visibility and control in the new environment and how to ensure we detect and resolve threats as quickly as they appear.
  • Cloud Native Security Summit 2021: Removing Security's Blinders Recorded: Apr 20 2021 33 mins
    John Viega - Capsule8, Chaim Mazal - ActiveCampaign, Kathy Wang - Very Good Security, and Omar - Betterment
    The "shift left" movement in security has been driven by the changing landscape as the world has adopted cloud native technology. But, the focus on development and CI/CD has left many organizations with a tremendous gap—a lack of visibility into security for production instances.

    In this session, we explore the challenges that have kept security teams in the dark when it comes to production, and talk to real industry leaders about what they've done to overcome those challenges. Along the way, we touch on asset management, visibility, detection, forensics and compliance.
  • Cloud Native Security Summit 2021 - Research Keynote: Trends in Resilience Recorded: Apr 20 2021 32 mins
    Fernando Montenegro and Jay Lyman from 451 Research
    Recent global events have accelerated not only interest in cloud-enabled delivery and cloud-native patterns, but a broader discussion on what it means to be a resilient organization. Objectives around speed and efficiency are still critical, but today’s enterprise must also be ready to respond effectively to changes in the market, whether it’s technology, security incidents or a pandemic. As organizations contemplate this resiliency, it is useful to understand what trends are in play and what learnings may apply.

    This session provides decision-makers and practitioners with insights about key topics related to cloud native security, from the perspectives of both DevOps and Security.
  • Infrastructure Security: Doing More with Serverless Recorded: Mar 24 2021 41 mins
    Ryan Petrich, CTO, Capsule8
    Serverless architecture is an appealing prospect to developers in that it reduces maintenance, cost, testing, and operational overhead. Much of the pomp and circumstance of managing the infrastructure shifts to the cloud provider so that organizations can focus on building their services rather than scaling them and keeping them running. But, as with all new or evolving technologies, there are security implications and considerations that can give security teams pause and serverless applications should be viewed differently from traditionally deployed or containerized services.

    In this interactive session, Ryan Petrich, CTO at Capsule8, will define serverless as well as explore some of the key benefits of deploying this type of infrastructure with a focus on the impact to an organization’s attack surface. Ryan will dig into some of the key security challenges, including visibility and observability of serverless applications, as well practical tools and approaches to help overcome them and a live demonstration of example attacks to watch out for when choosing such an architecture.

    Attendees of this webcast will learn:

    - What a serverless architecture is and why security teams should care
    - Key security challenges for serverless deployments
    - Attack vectors and security threats unique to serverless architectures
    - Practical solutions for overcoming serverless security challenges
  • Linux Tracing - Do You Know What Your Servers Are Actually Doing? Recorded: Feb 17 2021 48 mins
    Nick "Ghost" Gregory
    There's a whole world of system tracing, instrumentation, and profiling built into nearly every Linux system that goes untouched by most. While originally developed to help with debugging and performance tuning, the same tools can be used to provide security insights that are difficult or almost impossible to get any other way. In this interactive session we will discuss these tracing systems, suggest tips on how to use them, and provide some actionable takeaways on types of data you can extract, all in just a few lines of code.

    This webcast is designed for developers and systems administrators who run Linux systems and want more visibility into what those systems are doing, either for performance reasons, or for security (or both!).

    During this webcast you will learn:

    - Best practices on how to use the `perf` cli to gather profiling information on applications.
    - Top tips on how to use Linux kprobes and uprobes to instrument specific functions in the kernel or userland.
    - How to implement a simple script to monitor the DNS requests and TCP connections made by any program on the system.
  • Coffee and Capsule8: Tales from the Cryptomining Recorded: Dec 8 2020 48 mins
    Kelly Shortridge and Ryan Petrich
    If you're curious about cryptomining and are interested in learning what it is, how folks are doing it, and how it could be impacting your organization (like that unexpected AWS bill!), join our live webcast series: Coffee and Capsule8: Tales from the Cryptomining.

    Register now and when you attend we will send you either a Starbucks gift card to keep you caffeinated OR make a donation for City Harvest (your choice!) while Capsule8 VP of Product Management and Product Strategy, Kelly Shortridge, explores the emergence of cryptomining and what risks it brings to your organization. Capsule8 VP of Architecture Ryan Petrich will then demonstrate what a cryptomining attack may look like in your organization and how Capsule8 detects it. We'll provide practical tips on responding if you catch this type of activity and field a live Q&A to address any additional questions.

    The Curious Case of a Kibana Compromise: https://capsule8.com/blog/the-curious-case-of-a-kibana-compromise/
  • Security Considerations for Cloud Migration During a Crisis Recorded: Nov 19 2020 51 mins
    Rob Harrison, Chief Product Officer, Capsule8 and guest speaker, Andras Cser, VP & principal analyst at Forrester Research
    Accelerating Cloud Adoption - The Time is Now

    An evolving technology landscape can already make a well planned cloud migration strategy seem like a complex task, but as we’ve learned in the past few months, there are often additional challenges thrown into the works. This can lead to business needing to accelerate plans at a time when operational activities are already more difficult. How can you be sure you’re taking the necessary precautions pre-, during and post-migration?

    On this live webcast, Rob Harrison, chief product officer at Capsule8, and guest speaker, Andras Cser, vice president and principal analyst at Forrester Research, will discuss how security considerations for a cloud migration have changed over the past few months and how future trends change risk when adopting accelerating strategies. Rob and Andras will discuss the challenges from both a business execution level and a cybersecurity level and how to mitigate those risks. Attendees of this live webcast will learn:

    - Pre, during and post migration strategies
    - Business level vs. cyber risk
    - How different business verticals are utilizing cloud migration strategies as an opportunity for growth
    - Geographical trends and compliance considerations
  • The ABCs of PMCs for Attack Detection Recorded: Sep 23 2020 48 mins
    Nick Gregory, Research Scientist, Capsule8 and Harini Kannan, Data Scientist, Capsule8
    A deep dive into novel hardware performance counters and how we use ML to sift through them.

    Hardware Performance Counters constitute a treasure trove of data, which surprisingly remains pretty much untouched by modern research, except for a few well known counters. In recent years, exploits like Spectre and Rowhammer and general techniques like Return Oriented Programming (ROP) were detected using hardware performance counters (HPCs). But to date, only relatively simple and well-understood counters have been used, representing just a tiny fraction of the information we can glean from the system.

    In this webinar, we’ll show how we used ML to find non-intuitive counters to build much more effective detection models against cache side channel attacks than ones previously tested in the industry. These new models are more accurate than prior cache-miss based models, and harder for attackers to bypass. We’ll also discuss the undocumented performance counters that we found as part of our Blackhat 2020 research, and the various attacks that models built with them could detect.
  • Deciphering SOC 2 Compliance in Cloud-Native Environments Recorded: Aug 27 2020 47 mins
    Cynthia Burke
    How did a fairly straightforward endeavor – an IT audit – become that monster under the bed?

    Compliance projects all too often feel a massive box checking exercise. You may be pulling staff and co-workers into a vast abyss, mapping arcane compliance controls, deciphering audit speak, all to hopefully pass an audit and maybe shore up security. So how can you, the IT experts, quickly tease out the essence of what an auditor needs to give them confidence that you have passed an audit?

    In this presentation we will use the example of a SOC 2 Type 1 audit in a cloud-native environment to demystify all of the dots, dashes and control numbers, giving you a high level roadmap of key elements required to pass your own SOC 2 audit regardless of where you are on your cloud native or compliance journey.
  • Security Considerations for Cloud Migration During a Crisis Recorded: Jul 28 2020 52 mins
    Rob Harrison, Chief Product Officer, Capsule8 and guest speaker, Andras Cser, VP & principal analyst at Forrester Research
    Accelerating Cloud Adoption - The Time is Now

    An evolving technology landscape can already make a well planned cloud migration strategy seem like a complex task, but as we’ve learned in the past few months, there are often additional challenges thrown into the works. This can lead to business needing to accelerate plans at a time when operational activities are already more difficult. How can you be sure you’re taking the necessary precautions pre-, during and post-migration?

    On this live webcast, Rob Harrison, chief product officer at Capsule8, and guest speaker, Andras Cser, vice president and principal analyst at Forrester Research, will discuss how security considerations for a cloud migration have changed over the past few months and how future trends change risk when adopting accelerating strategies. Rob and Andras will discuss the challenges from both a business execution level and a cybersecurity level and how to mitigate those risks. Attendees of this live webcast will learn:

    - Pre, during and post migration strategies
    - Business level vs. cyber risk
    - How different business verticals are utilizing cloud migration strategies as an opportunity for growth
    - Geographical trends and compliance considerations
Secure Production, Avoid Disruption
Capsule8 provides modern enterprises scalable Linux workload protection. The pioneer behind “ops-friendly” Linux security, Capsule8 Protect is purpose-built to deliver monitoring, detection and response with a single agent that can be deployed across heterogenous production environments. By using Capsule8, security teams have the visibility needed to detect incidents and protect against unwanted behavior, allowing them reduce downtime and avoid costly business disruption.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Cloud Native Security Summit 2021 - Compliance in a Cloud-Native World
  • Live at: Apr 20 2021 6:07 pm
  • Presented by: Cynthia Burke - Capsule8, Sloane Burwell - HackerOne, Al Faiella - Unqork, Donal Kerr - 4Securitas
  • From:
Your email has been sent.
or close