Name: How a Google Cloud Vulnerability Creates a Severe Supply Chain Risk
Start: 2023-07-20T18:00:00Z
End: 2023-07-20T18:00:47.000Z
Location: BrightTALK
Rating: 3

Orca Security is the industry-leading Cloud Security Platform that identifies, prioritizes, and remediates security risks and compliance issues across your cloud estate spanning AWS, Azure, Google Cloud and Kubernetes.

As organizations scale and modernize their cloud environments, they face increasing pressure to protect complex workloads, identities, and data without slowing innovation. In this joint webinar, GigaOm Field CTO Chris Ray, author of the 2025 GigaOm Radar Report for CNAPP, joins Orca Security experts Tim Chase and Ashleigh Lee to discuss the capabilities that matter most for securing modern cloud environments—and what’s next for the industry in 2026.

The panel will explore key features that every cloud security platform should deliver, including configuration drift detection, visualization of asset relationships, and data security and privacy. The discussion will also look ahead to emerging areas like threat hunting and anomaly detection, where analytics and machine learning are driving more proactive defenses.

The Future of Cloud Security: 2026 Trends and Insights from GigaOm

As we head into the end of the year, it’s important to take stock of how the cloud security landscape has transformed. Hear observations from industry leaders from Amazon Web Services (AWS) and Orca Security as they examine important trends around:
- How AI is transforming cloud environments and enabling new possibilities
- The expanding role of non-human identities (NHIs) in scaling modern organizations
- How cloud teams are advancing beyond traditional approaches to strengthen resilience

AI, NHIs, and the New Era of Cloud Risk

Gartner predicts that 90% of organizations will adopt a hybrid cloud strategy by 2027. Securing workloads across public cloud, private cloud, and on-prem environments has never been more critical—or more complex. Traditional tools often don’t fully cover hybrid deployments, leaving substantial blind spots that put sensitive data and operations at risk. 

Join Orca Security’s Tim Chase, Principal Technical Evangelist, and Dror Zalman, Product Manager, for a focused discussion on the unique challenges of hybrid cloud security. Learn how runtime protection can close visibility gaps, stop threats in real time, and deliver unified security across your entire hybrid estate.

What you’ll learn: 
     • Trends driving hybrid cloud adoption
     • Top security risks in hybrid environments
     • How runtime protection delivers full-stack, full-environment coverage

Hybrid Cloud Security: A Deep Dive into Runtime Protection

Cloud security risks are accelerating—and evolving fast. In this webinar, hear from Orca Security’s Bar Kaduri, Head of Research, and Shir Sadon, Cloud Security Researcher, as they unpack the key findings from the Orca 2025 State of Cloud Security Report. Join us to hear their perspectives and gain deep insights into topics such as:
   • The rise of AI-related risk in cloud environments
   • The growing threat of non-human identities (NHIs)
   • The growth of traditional cloud risks

AI, NHIs, and the New Risk Frontier: Unpacking the 2025 State of Cloud Security

Over the last 25 years, we have lived through several iterations of answering the question, “What security issue is most important to resolve?” Even with all of the advancements in code scanning, cloud workload protection, and visualizing attack paths to prevent compromise, developers and security teams need a more defensible way to determine what gets fixed first. Reachability analysis aims to solve this problem.

Join this webinar to learn about:
The evolution of vulnerability management from hypothetical risk to likely to be exploited
The intersection of application security and cloud security
Reachability analysis and what’s next for protecting cloud native applications

The Defender's Paradox: Why Traditional Vulnerability Management is Failing Cloud-Native Organizations

As organizations embrace the flexibility and innovation that multi-cloud strategies offer, they also inherit a new layer of complexity—especially when it comes to security. 

Examine the emerging challenges cloud security teams face, how to build a strategy that works across platforms and providers, and how cloud-agnostic security tools can help.

Cloud Security LIVE 2025: Mastering Multi-Cloud

Cloud security tools can inevitably make teams work in silos, leaving gaps while striving for full protection. See how our panelists redefine the status quo for their teams to sustainably work in the ways that are easiest and right for them.

Cloud Security LIVE 2025: Cloud & AppSec Myth Busting

Whether your organization is cloud-native or currently migrating to the cloud, every resilient cloud program requires some basic tactics executing on a long term strategy. 

This session will cover practical tips on how to approach building a resilient cloud security program—from executive alignment, to cross-functional buy-in and technology purchases to support corporate goals.

Cloud Security LIVE 2025: Growing a Cloud Security Program

Cloud security is a marathon, not a sprint. To stay ahead of the attackers as the threat landscape evolves, the former World Chess Champion, Max Euwe, says it best, “Strategy requires thought, tactics require observation.” 

There is no shortage of moves you could take as a security leader to keep your cloud environment and applications protected. Join this keynote session with Paul Vixie, AWS Deputy CISO, and Gil Geron, Orca Security CEO and Co-founder as they discuss:
   • Major trends in the cloud
   • Current challenges for cloud security
   • Strategy for resilience against cloud threats

Cloud Security LIVE Keynote: 2025 Mid-Year Review

Every security organization has to find a balance between preventing security breaches by proactively addressing risk and detecting breaches when they happen.  Join Orca Security for a practical discussion of using the Orca Security Platform to find the balance between the two.

Risks, Threats, and Solutions: Addressing Cloud Security in an Assume Breach World

Retailers are racing to meet evolving customer expectations by using cloud services to drive innovation, streamline operations, enhance customer experiences, and stay ahead of the competition. As retailers move to the cloud, they also become more attractive targets for bad actors seeking to exploit vulnerabilities, making robust security measures essential to protect operations and customer data. Join Orca Security, Google Cloud, and ESG to gain a better understanding of how retail organizations can effectively secure their cloud applications to protect their business and customer data.

Key Takeaways:
- How retail organizations can effectively secure their cloud applications
- How to gain full visibility, mitigate risk and achieve compliance with a cloud-native security solution 
- How to leverage cloud services to support business growth

Speaker Bios:
- Toby is an Advisor in Google Cloud’s Office of the CISO. As a Security Advisor, Toby works with the largest and most innovative companies on the planet, helping to develop security strategies. Prior to Google, Toby worked at Microsoft where he spent five years bringing industry solutions to Azure cloud. He is guided by a simple maxim: Build systems like you won’t be there to support them; build relationships like you will.
- As Orca's Field CTO, Neil helps organizations identify and contain security risks in their cloud estates. His passion for getting ahead of security problems comes from over a decade of leading customer-facing security incident response teams at Microsoft and seeing what happens when attackers win. Neil also helped build the future of cloud-native security at Twistlock, StackRox, and Torq before joining Orca. Neil is also an avid NYC-based street photographer.
- ESG Security Practice Director Melinda Marks covers technologies that help organizations scale safely while adopting faster cloud-native development cycles.

Navigating Cloud Security Challenges in the Retail Industry with Orca Security, Google Cloud, and ESG

As organizations increase their AI investments, AI security is often overlooked, leading to risks like exposed access keys, overly permissive identities, and misconfigurations that can undermine initiatives. Join our expert panel, moderated by Neil Carpenter, for a focused discussion on AI security in cloud computing, featuring insights from Orca’s 2024 State of AI Security Report. 

The session will cover:

● OWASP’s role in AI security and the Machine Learning Security Top Ten project.
● Key findings from Orca’s report and actionable strategies for your security framework.
● An introduction to AI Goat, the first open-source hands-on environment for AI security training.

Top AI Risks of 2024 in Cloud Services: An Expert Deep Dive

As the healthcare industry moves more data and applications to the cloud, security teams will (naturally) worry about the implications for privacy, compliance, and security. Join AWS and Orca Security for an open discussion of how diligent security teams are forging better security outcomes in the cloud.  We'll discuss how to address the unique concerns of hospitals, providers, and medical technology companies with a focus on prioritizing and addressing prominent risks.

Learn more: 
https://orca.security/solutions/industries/industry-healthcare/
https://orca.security/partners/technology/amazon-web-services-aws/

Mitigating Risks in Healthcare Cloud Environments: Insights from Orca and AWS

In the ever-evolving landscape of cloud security, identifying and mitigating risks is crucial for maintaining the integrity of your cloud environment. We invite you to join industry veterans from Orca Security and Aqua Security, who collectively bring over 40 years of experience in cybersecurity, for an insightful and educational session designed to enhance your understanding of container security and incident response in the cloud.  

Scenario: 
You’ve experienced an actual attack and now need to find the root cause and remediate it. Without runtime controls, your forensic investigations and attack path analysis can feel like chasing ghosts. This webinar will provide you with a comprehensive framework to achieve swift remediation and maintain robust cloud security. 

Key Takeaways: 
● Understanding Attack Paths: Learn how to identify and analyze attack paths within your cloud environment. 
● Framework for Remediation: Discover a structured approach to quickly and effectively remediate security incidents 
● Real-World Demo: Witness a live demo showcasing instant response and investigation techniques in the cloud

Navigating Attack Paths in the Cloud: A Framework for Swift Remediation

AI is revolutionizing industries, and cloud security is no different. Generative AI can significantly accelerate, simplify and improve an organization’s security posture. But what about the security risks in AI models? In this session, we will explore how GenAI is reducing Enterprise IT workloads and enhancing cloud security, while also introducing new risks. Join AI experts at Orca Security to learn about the five most common AI model risks, including data leakage and tampering, and how to prevent them.

Learn more about Orca's GenAI capabilities: https://orca.security/platform/ai-cloud-security/
Learn more about Orca's AI Security (AI-SPM) capabilities: https://orca.security/platform/ai-security-posture-management/

Accelerate Cloud Security with AI and Reduce AI Risk

AI is revolutionizing industries, and cloud security is no different. Generative AI can significantly accelerate, simplify and improve an organization’s security posture. But what about the security risks in AI models? In this session, we will explore how GenAI is reducing Enterprise IT workloads and enhancing cloud security, while also introducing new risks. Join AI experts at Orca Security to learn about the five most common AI model risks, including data leakage and tampering, and how to prevent them.

Bad.Build is a critical vulnerability discovered by the Orca Research Pod in the Google Cloud Build CI/CD service, which enables attackers to gain unauthorized access to code and images in Artifact Registry. The flaw presents a significant supply chain risk since it allows the injection of malicious code into applications, which could then be downloaded and installed by customers and partners.

Learn from our speakers as they deep-dive into the anatomy of Bad.Build and provide practical recommendations on how to fortify your defenses around the use of the Google Cloud Build service.

In this webcast, we’ll cover:
 •  The steps that led to the Bad.Build discovery
 •  A live demonstration of the Proof of Concept exploit, which includes Privilege Escalation and Remote Code Execution
 •  Recommendations on how to reduce exposure to this risk

How a Google Cloud Vulnerability Creates a Severe Supply Chain Risk

Cloud

Cloud Security

Vulnerabilities

Vulnerability Management

Risk Management

IT Security

Cyber Security

Cyber Defence

Cyber Incident Response

Threat Detection

Welcome to the virtualization community on BrightTALK! Whether it affects servers, storage, networks, desktops or other parts of the data center, virtualization provides real benefits by reducing the resources needed for your
infrastructure and creating software-defined data center components. However, it can also complicate your infrastructure. Join this active community to learn best
practices for avoiding virtual machine sprawl and other common virtualization pitfalls as well as how you can make the most of your virtualization environment.

Virtualization

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How a Google Cloud Vulnerability Creates a Severe Supply Chain Risk

Presented by

About this talk

Orca Security