Hi [[ session.user.profile.firstName ]]

Friction Free DevOps - How to Secure and Govern Silently

Software developers are tasked with developing and releasing software at breakneck speed while security teams must have visibility into every workload that debuts to measure risk. Cloud security teams can't be autonomous as they depend on developers to install security agents to give them that very workload visibility. What's more is that security teams are drowning in non-prioritized alerts with little to no context which results in fatigue and distrust. How do we expect developers to be able to interpret such information? It's a relationship fraught with friction right from the start. Join me for an exploration of the challenge and some strategies we can leverage to reduce and even remove that friction entirely.
Recorded Jul 29 2021 62 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Patrick Pushor, Technical Evangelist, Orca Security
Presentation preview: Friction Free DevOps - How to Secure and Govern Silently

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • 6 Cloud Security Risks Hiding Inside Your Cloud Estate Nov 3 2021 6:00 pm UTC 27 mins
    Patrick Pushor, Technical Evangelist at Orca Security
    Public cloud providers like AWS, Azure, and GCP enable you to deliver new products and capabilities at breakneck speeds, but how do you balance speed to market against compliance mandates and risk – do you have to choose?

    Join Patrick Pushor, Technical Evangelist at Orca Security, for a fast-paced session as he takes you through best practices, and pitfalls to avoid in securing public cloud infrastructure.

    6 risks hiding inside every public cloud estate
    - How to get instant-on, workload-level visibility across 100% of your AWS, Azure, and GCP assets
    - The power of addressing both the control plane and data plane at once
    - Pros and cons of different cloud security tools: traditional agent-based tools and scanners, CWPP (cloud workload protection platforms), and CSPM (cloud security posture management)
  • Crafting Comprehensive Cloud Compliance Nov 3 2021 1:00 pm UTC 30 mins
    Patrick Pushor
    Whether you are formally regulated or are simply looking to demonstrate your commitment to security and governance with best practice guidance, infrastructure and platform-as-a-service offerings provide unique governance challenges. These platforms offer a wide array of services each with their own security controls that must be continuously tested against a trusted standard. At the same time, public cloud platforms also host more traditional services like virtual machines, containers, and storage buckets. Here risks like old unpatched software (and hence vulnerabilities), sloppy credentials embedded in a test script, misplaced PII, or keys that facilitate lateral movement are hiding within your workloads.

    Dive in as we discuss how to build fully functional compliance guardrails at both the deep workload and broad cloud services levels with a single, simple approach.
  • How I got ‘X-ray and thermal vision’ across our public cloud infrastructure Oct 28 2021 6:00 pm UTC 57 mins
    Michael Meyer, Chief Risk and Innovation Officer of MRS BPO, Patrick Pushor, Technical Evangelist, Orca Security
    In this presentation learn about:

    - 5 risks hiding inside every public cloud estate
    - How to get instant-on, workload-level visibility across 100% of your AWS, Azure, and GCP assets
    - The power of addressing both the control plane and data plane at once
    - Pros and cons of different cloud security tools: traditional agent-based tools and scanners, CWPP (cloud workload protection platforms), and CSPM (cloud security posture management)
  • How to Eliminate Security Blind Spots Across AWS, Azure, and GCP Oct 20 2021 9:00 am UTC 47 mins
    Patrick Pushor, Technical Evangelist, Orca Security
    Are you using agents, network scanners, or CSPM tools to detect risks across your public cloud estate? If so, there’s a better way. Delivered as SaaS, Orca’s SideScanning technology reads your cloud configuration and workloads’ runtime block storage out-of-band, giving you cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents.

    Attend this cast to see:

    - Orca’s 5-minute onboarding process;
    - The power of addressing the control plane and data plane at once;
    - The scanning process for vulnerabilities, misconfigurations, malware, lateral movement risk, exploitable keys, weak passwords, and unsecured sensitive data;
    -How to prioritize risk based on the underlying security issue, its accessibility, and blast radius.
  • Not All Risks are Equal - Why Context Matters in Cloud Security Oct 14 2021 6:00 pm UTC 32 mins
    Patrick Pushor, Sr. Technical Evangelist, Orca Security
    About this webinar:
    The promise of adding new security tools and capabilities to your security operations efforts is more intelligence to make better, more well informed decisions with, but do they deliver on that promise? If your Security Operations Center (SOC) team receives hundreds of “high priority” alerts every day should they even trust the risk score that is being used? An overwhelming number of alerts desensitizes the very people tasked with responding to them, leading to missed or ignored alerts or delayed responses. In this session we discuss our best strategies in the fight against alert fatigue and how to rebuild trust in security intelligence.

    What you’ll learn:
    In this session we discuss our best strategies in the fight against alert fatigue and how to rebuild trust in security intelligence.
  • Cloud Security Complexity and Agentless SideScanning Technology Sep 29 2021 6:00 pm UTC 60 mins
    Patrick Pushor, Jonathan Jaffe, Andras Cser
    Please join Orca Security for a dynamic discussion with Jonathan Jaffe, the CISO of Lemonade, one of the most successful and fastest-growing global insurance companies, and guest speaker Andras Cser, Vice President and Principal Analyst at Forrester, as we reveal the secrets to achieving high-speed growth while improving your security posture in the cloud.

    We will explore the keys to building a high-growth cloud insurance business while ensuring security and compliance without compromise.

    Participants will learn:
    How to leverage emerging cloud security technologies
    Prioritizing risk using context-aware security
    The keys to building trust between your DevOps and Security teams
    Leveraging automation everywhere and anywhere
    Sign up for this webinar (link) to gain actionable insights into how to achieve secure cloud operations in a hyper-growth company.

    And get ready to pose your toughest public cloud security and compliance questions to our expert panel.
  • Innovating at the Speed of Cloud without Compromising on Security and Compliance Sep 29 2021 12:00 pm UTC 60 mins
    Patrick Pushor, Jonathan Jaffe, Andras Cser
    Please join Orca Security for a dynamic discussion with Jonathan Jaffe, the CISO of Lemonade, one of the most successful and fastest-growing global insurance companies, and guest speaker Andras Cser, Vice President and Principal Analyst at Forrester, as we reveal the secrets to achieving high-speed growth while improving your security posture in the cloud.

    We will explore the keys to building a high-growth cloud insurance business while ensuring security and compliance without compromise.

    Participants will learn:
    How to leverage emerging cloud security technologies
    Prioritizing risk using context-aware security
    The keys to building trust between your DevOps and Security teams
    Leveraging automation everywhere and anywhere
    Sign up for this webinar (link) to gain actionable insights into how to achieve secure cloud operations in a hyper-growth company.

    And get ready to pose your toughest public cloud security and compliance questions to our expert panel.
  • CSPM, CWPP, CNAPP & CASB, Oh My! Recorded: Sep 22 2021 43 mins
    John Alexander
    The vendor landscape for cloud security and compliance solutions is crowded, diverse, and confusing.

    Join Director of Technical Product Marketing John Alexander as he breaks down the vendor landscape drawing on Orca and Analyst research, including Gartner’s recent Cool Vendors in Cloud Security Posture Management.

    Then see a live demo of how Orca delivers workload and data protection, cloud security posture management, vulnerability management, and compliance management - all from a single SaaS platform.
  • Crafting Comprehensive Cloud Compliance Recorded: Aug 26 2021 30 mins
    Patrick Pushor, Technical Evangelist, Orca Security
    Whether you are formally regulated or are simply looking to demonstrate your commitment to security and governance with best practice guidance, infrastructure and platform-as-a-service offerings provide unique governance challenges. These platforms offer a wide array of services each with their own security controls that must be continuously tested against a trusted standard. At the same time, public cloud platforms also host more traditional services like virtual machines, containers, and storage buckets. Here risks like old unpatched software (and hence vulnerabilities), sloppy credentials embedded in a test script, misplaced PII, or keys that facilitate lateral movement are hiding within your workloads.

    Dive in as we discuss how to build fully functional compliance guardrails at both the deep workload and broad cloud services levels with a single, simple approach.
  • How Unity Uses Continuous Risk Assessment to Empower its Google Cloud Estate Recorded: Aug 18 2021 59 mins
    Justin Somaini, Unity, Christopher Johnson, Google, and Alaap Pandit, Orca Security
    Meet Justin Somaini, Chief Security Officer at Unity. Somaini is an expert in securing large environments having done stints as the CISO of Yahoo! and SAP. The scale of operations at Unity is even bigger as their games and experiences reach billions of devices a year, powered in large part by a massive Google Cloud Platform estate as well as multi-cloud.

    Upon arriving at Unity, Somaini had a decision to make. Should he focus his initial efforts on preventative controls or on deep asset management with continuous risk assessments?

    Somaini will be joined by Google’s Christopher Johnson and Orca Security’s Alaap Pandit as they invite you into a lively discussion on:

    - How to reduce time-to-remediation by coupling continuous cloud risk assessments with automation
    - How deep cloud asset inventory and configuration management can unlock rich enterprise-wide capabilities
    - How to eliminate friction between Security and DevOps teams and empower DevOps with ownership of and accountability for security issues
    - Selection criteria for choosing a cloud security vendor, including the pros and cons of agent-based tools and scanners, CSPM (cloud security posture management), as well as a new category Gartner is calling Cloud-Native Application Protection Platform (CNAPP)
  • Friction Free DevOps - How to Secure and Govern Silently Recorded: Jul 29 2021 62 mins
    Patrick Pushor, Technical Evangelist, Orca Security
    Software developers are tasked with developing and releasing software at breakneck speed while security teams must have visibility into every workload that debuts to measure risk. Cloud security teams can't be autonomous as they depend on developers to install security agents to give them that very workload visibility. What's more is that security teams are drowning in non-prioritized alerts with little to no context which results in fatigue and distrust. How do we expect developers to be able to interpret such information? It's a relationship fraught with friction right from the start. Join me for an exploration of the challenge and some strategies we can leverage to reduce and even remove that friction entirely.
  • How to Eliminate Security Blind Spots Across AWS, Azure, and GCP Recorded: Jun 23 2021 47 mins
    Patrick Pushor, Technical Evangelist, Orca Security
    Are you using agents, network scanners, or CSPM tools to detect risks across your public cloud estate? If so, there’s a better way. Delivered as SaaS, Orca’s SideScanning technology reads your cloud configuration and workloads’ runtime block storage out-of-band, giving you cloud-wide, workload-deep security and compliance for AWS, Azure, and GCP - without the gaps in coverage, alert fatigue, and operational costs of agents.

    Security leadership should attend this cast to see:

    - Orca’s 5-minute onboarding process;
    - The power of addressing the control plane and data plane at once;
    - The scanning process for vulnerabilities, misconfigurations, malware, lateral movement risk, exploitable keys, weak passwords, and unsecured sensitive data;
    -How to prioritize risk based on the underlying security issue, its accessibility, and blast radius.


    About the Speaker:
    Patrick is a serial startup technologist having played early and key roles in over six startups across four countries in the past 12 years including multiple cybersecurity and fintech companies. Previously, he worked as an independent consultant focused on infrastructure and integration projects in nearly every industry from national defense to agriculture. More recently, Patrick helped define the CSPM market as an early employee at Dome9 Security and is leveraging that experience at Orca Security to revolutionize how we think about and approach cloud workload protection.
  • Cloud Security Punch-Out! – Rapid7 InsightVM vs Orca Security Recorded: Apr 10 2021 14 mins
    Patrick Pushor
    Rapid7 InsightVM uses a combination of workload agents and network scanners. Both can assess vulnerabilities in workloads and containers, but only scanners can assess compliance. Rapid7 supports many compliance standards.

    Our series lab represents a real-world cloud computing environment, but is smaller. It’s a single AWS VPC with EC2 instances, a container, and a load balancer. We leverage security groups, route tables, and an internet gateway to route traffic to our public subnets and workloads. In addition, we have private subnets with workloads having no internet access. Outside the VPC is a single S3 bucket.

    In this comparison Orca rolled with the punches, providing near instant-on, one-time deployment and full coverage of virtual machines, containers, storage buckets, databases, and much more. Orca found risks pertaining lateral movement potential, poorly aging software, weak passwords, and much more.
  • Cloud Security Punch-Out! — Orca Security vs Qualys Cloud Platform Recorded: Apr 10 2021 14 mins
    Patrick Pushor
    We’re excited to present another head-to-head bout, this time featuring Orca Security and Qualys Cloud Platform. Our Cloud Security Punch-Out series comprises short-form comparison videos pitting Orca Security against some of the world’s largest IT security brands. Each match includes a quick scenario overview followed by a review and comparison of each solution. This punch-out between Orca Security and Qualys Cloud Platform was done on August 3, 2020.
  • How I got ‘X-ray and thermal vision’ across our public cloud infrastructure Recorded: Sep 24 2020 57 mins
    Michael Meyer, Chief Risk and Innovation Officer of MRS BPO, Patrick Pushor, Technical Evangelist, Orca Security
    In this presentation learn about:

    - 5 risks hiding inside every public cloud estate
    - How to get instant-on, workload-level visibility across 100% of your AWS, Azure, and GCP assets
    - The power of addressing both the control plane and data plane at once
    - Pros and cons of different cloud security tools: traditional agent-based tools and scanners, CWPP (cloud workload protection platforms), and CSPM (cloud security posture management)
  • How I Achieved Security Discipline and Governance Across AWS, Azure, and GCP Recorded: Sep 4 2020 63 mins
    Orca Security
    Jack Roehrig, CISO at Turnitin, needed to improve security discipline and governance, close gaps, and reduce the potential attack surface. Yet he knew traditional agent-based security tools would miss high-risk aspects of his multi-cloud estate.

    Learn how Jack achieved 100% coverage and eliminated friction with DevOps by viewing this webinar replay.
  • Finding PII in the Cloud Recorded: Sep 4 2020 2 mins
    Orca Security
    Insecurely stored PII can lead to data breaches, hefty fines and a loss of brand reputation. Orca makes it easy to find all places where PII is stored incorrectly across your entire Cloud Estate.
  • Identifying the Risk of a Lateral Movement Attack in Your Cloud Recorded: Sep 4 2020 15 mins
    Orca Security
    To mitigate the risk of a lateral movement attack, monitor for private keys and passwords in shell history. Attackers can use these to move laterally across your environment.

    Orca Security scans your entire cloud account in a holistic manner. It peers into each machine’s filesystem for private keys, such as on server A, taking a hash of each found. It then checks the authorized key configuration across all other assets for public keys. Watch and learn more.
  • Risk of Lateral Movement Recorded: Sep 4 2020 2 mins
    Orca Security
    Orca Security scans your entire cloud account in a holistic manner. It peers into each machine’s filesystem for private keys, such as on server A, taking a hash of each found. It then checks the authorized key configuration across all other assets for public keys. If any are found, such as on server B, Orca calculates hashes and compares the private key hash to find a match. If there is, Orca sends an alert. Watch, and learn more.
  • Orca Security Overview Recorded: Sep 4 2020 2 mins
    Orca Security
    Cloud Security Deserves Better! It’s time to stop iterating on IT security solutions designed for on-prem networks. Orca Security deploys in minutes because no opcode runs within your environment. There are no agents to install and maintain, no overlooked assets, no DevOps headaches, and no performance hits on live environments.
Cloud Security Deserves Better. It's time for a big change.
See how leading enterprises and cloud-first companies detect risks in public cloud environments such as AWS, Microsoft Azure, and Google Cloud Platform.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Friction Free DevOps - How to Secure and Govern Silently
  • Live at: Jul 29 2021 5:00 pm
  • Presented by: Patrick Pushor, Technical Evangelist, Orca Security
  • From:
Your email has been sent.
or close