Hi [[ session.user.profile.firstName ]]

Infrastructure as Code Security with Regula

Fugue’s Curtis Myzie (VP Engineering) and Chris Suen (VP Product) will walk through how you can use Regula to identify policy violations in Terraform and AWS CloudFormation to save time and prevent cloud misconfiguration right from the start.
Recorded Jul 29 2021 39 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Chris Suen, VP of Product at Fugue and Curtis Myzie, VP of Engineering at Fugue
Presentation preview: Infrastructure as Code Security with Regula

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Locking Down the Security Of IAM Oct 5 2021 7:00 pm UTC 45 mins
    Josh Stella, CEO,CTO and Co-Founder, Fugue
    Cloud identity and access management resources such as AWS IAM are powerful infrastructure tools that are more akin to cloud-based networks. But the complex layers of cloud IAM configurations creates security challenges, and IAM misconfigurations are common in enterprise cloud environments. These vulnerabilities are now a primary attack vector for hackers and are often missed by compliance checks.

    In this session, Fugue co-founder Josh Stella will simplify how to think critically about IAM security in your cloud infrastructure environment. You’ll understand how to identify dangerous and overly-permissive IAM misconfigurations—and how hackers leverage these vulnerabilities to access your environment, discover resources, move laterally, and extract data without detection.

    Attendees will walk away with a clear understanding of:

    How cloud IAM resources work and how to simplify your approach to IAM security
    How to spot dangerous IAM misconfiguration vulnerabilities in your cloud environment
    Where compliance often misses with IAM security and how hackers exploit it
  • Avoiding a Cloud Security Collision with Policy-Based Automation Sep 28 2021 3:00 pm UTC 59 mins
    Josh Stella, CEO, Co-Founder and CTO of Fugue; Matt Howard, Executive Vice President of Sonatype
    In this session, Charlene O'Hanlon (Security Boulevard and DevOps.com) brings together Josh Stella (CEO, Fugue) and Matt Howard (EVP, Sonatype) to explore the inevitable convergence of development, ops, and security, and why this represents the first-ever opportunity to align all cloud stakeholders with policy automation up and down the stack — and left and right across the SDLC.

    Attendees will learn:

    How to avoid a messy collision of cloud developers, operations, and security — and achieve alignment instead
    Where teams get cloud security wrong, and why this becomes the rate-limiting factor for speed and agility in the cloud
    Why IT security policy automation must happen vertically up and down the stack, and horizontally across the software development lifecycle

    This session will provide valuable insights to help you think more critically about the security of your unique cloud use case, empower your teams to move faster in the cloud than ever before, and reduce risk along the way.
  • Fugue: IaC Security with OPA and Regula: Custom Rules Recorded: Sep 14 2021 44 mins
    Curtis Myzie, VP of Engineering, Fugue
    In this session, Curtis Myzie, Fugue's VP of Engineering, will walk through how to develop custom policies using Rego, the language used by Regula and Open Policy Agent (OPA).

    You’ll walk away from this session with a clear picture of:

    -Using Rego to build custom policies for checking Terraform templates
    -Developing multi-resource policies for advanced, contextual cloud security
    -Using your custom Regula policies to check Terraform HCL and plan files

    You can also use your same Regula policies to check your running cloud environment using Fugue.
  • Securing Terraform with IaC with the Regula Policy Engine Recorded: Aug 25 2021 53 mins
    Josh Stella, Fugue Co-Founder and CEO and Curtis Myzie, Fugue VP of Engineering
    Join us as Josh Stella and Curtis Myzie dig into using Regula, an open source policy engine for checking infrastructure as code. For this session they’ll focus on checking Terraform in development (HCL checks) and in CI/CD (Terraform plan checks).

    You’ll learn how to:

    Get started with Regula and pre-built policies (including CIS Foundations Benchmarks policies)
    Integrate Regula IaC checks into your git workflows and CI/CD pipelines
    Write custom policies using the open source Rego language
  • Cloud Security Masterclass: How Hackers Exploit Dev and Test Environments Recorded: Aug 12 2021 50 mins
    Josh Stella, Fugue co-Founder and CEO
    Join us as Josh Stella shows how hackers exploit common dev and test cloud environment vulnerabilities to steal production data.
    You’ll walk away from this session with a clear understanding of:
    How sensitive data winds up in dev and test environments, including databases, database snapshots, and API credentials.
    How easy it can be for hackers to access these environments, discover resources, and extract data without detection
    Strategies for securing non-production environments without slowing down cloud engineers and application developers
  • Infrastructure as Code Security with Regula Recorded: Jul 29 2021 39 mins
    Chris Suen, VP of Product at Fugue and Curtis Myzie, VP of Engineering at Fugue
    Fugue’s Curtis Myzie (VP Engineering) and Chris Suen (VP Product) will walk through how you can use Regula to identify policy violations in Terraform and AWS CloudFormation to save time and prevent cloud misconfiguration right from the start.
  • Blowing up Serverless Security and How to Avoid it (Part 2) Recorded: Jul 20 2021 47 mins
    Josh Stella, Fugue Co-Founder and CEO; Curtis Myzie, Fugue VP Engineering and Wayne Crissman, Fugue Director of Security
    In the cloud, “serverless” architectures can shift a lot more security responsibility to the cloud service provider. But the responsibilities that remain yours look radically different than what many are used to.

    In our first Cloud Security Masterclass session on serverless security, we surveyed what cloud security looks like for serverless environments. In this session, we’re going deep on the biggest and most important attack surface when it comes to serverless: Identity and Access Management (IAM).

    Josh Stella (co-founder and CEO) is joined again by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to dig into the role IAM plays with serverless security, how IAM misconfigurations put data at risk, and why these mistakes are so easy to make and common in enterprise cloud environments.

    This session covers:

    The IAM attack surface with serverless cloud environments
    The strategies hackers use to exploit IAM misconfigurations
    How to spot these mistakes and eliminate them
  • Cloud Security Masterclass: Bringing your Cloud into Compliance and Proving it Recorded: Jul 6 2021 48 mins
    Josh Stella, Fugue Co-Founder and CEO and Dave Williams, Cloud Architect at New Light Technologies
    Bringing an existing cloud environment into compliance and proving it to management and auditors is one of the most complex and daunting tasks for any engineering team.

    But with the right approach, you can bring your cloud into compliance faster, with less disruption, and fewer headaches.

    In this session, Fugue co-founder and CEO Josh Stella and Dave Williams, Cloud Architect at New Light Technologies, walk through a tried-and-true process for achieving cloud compliance that works for any cloud team, any cloud environment, and any compliance regime.

    You’ll walk away from this session with a clear understanding of how to:
    Break down the complexities of cloud compliance and build a plan for ease and speed
    Apply controls to your use case and remediate issues without disrupting the business
    Avoid common pitfalls, headaches, and tensions associated with cloud compliance

    This approach is applicable for teams that need to bring their existing AWS, Microsoft Azure, or Google Cloud environment into compliance with standards such as SOC-2, HIPAA, PCI, NIST 800-53, ISO 27001, GDPR, CIS Benchmark Standards, and custom internal policies.
  • Infrastructure as Code Security with Regula Recorded: Jun 30 2021 39 mins
    Chris Suen, VP of Product at Fugue and Curtis Myzie, VP of Engineering at Fugue
    Fugue’s Curtis Myzie (VP Engineering) and Chris Suen (VP Product) will walk through how you can use Regula to identify policy violations in Terraform and AWS CloudFormation to save time and prevent cloud misconfiguration right from the start.
  • A Cloud Security Masterclass: Advanced AWS Misconfiguration Attacks in Action Recorded: Jun 29 2021 40 mins
    Josh Stella, Co-Founder and CEO of Fugue
    When it comes to securing your cloud infrastructure, we've moved beyond avoiding simple S3 misconfigurations and into preventing more advanced attacks.

    In this Cloud Security Masterclass that’s ripped from the headlines, Fugue co-founder and CEO explores a common set of cloud misconfiguration vulnerabilities involving AWS VPCs, IAM, and other services. These misconfigurations typically fly under the radar of many security teams and compliance frameworks.

    You’ll see how the hacker took advantage of these common cloud misconfigurations to gain access to environments, moving laterally, and extracting sensitive data without detection.
  • Blowing up Serverless Security and (How to Avoid it) Part 1 Recorded: Jun 22 2021 51 mins
    Josh Stella, Fugue co-Founder and CTO, Wayne Crissman, Fugue Director of Security, Curtis Myzie, Fugue VP of Engineering
    “Serverless” cloud architectures that leverage services such as AWS Lambda and Azure Functions are transforming how we build and deploy applications. Serverless applications also require us to transform how we think about keeping our data secure.

    In this Cloud Security Masterclass session, we dig into how security is different for serverless cloud infrastructure environments —and what hasn’t changed. Josh Stella (co-founder and CEO of Fugue) is joined by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to walk through what it takes to keep data and applications secure in a serverless environment.

    This session covers:

    How going serverless “shifts” the Shared Responsibility Model
    The serverless attack surface — what’s changed and what stays the same
    Modern serverless attack vectors, including IAM misconfiguration attacks
    The impact of serverless on compliance audits
    Dos and don’ts to keep your serverless environment and data secure
  • Thinking Like a Cloud Hacker Part 2 Recorded: Jun 10 2021 47 mins
    Josh Stella, Co-Founder and CEO of Fugue
    Josh Stella continues his Cloud Security Masterclass series on how to think like a hacker to uncover previously unknown vulnerabilities in your cloud environment.

    These misconfiguration vulnerabilities are often missed in compliance audits and overlooked by security teams. But they’re also playing an increasingly important role in today’s modern cloud attacks.

    In this session, Josh explores some more advanced misconfiguration risks that are increasingly common in today’s enterprise cloud environments—and how you can spot them before the bad guys do.
  • Cloud Security Masterclass: Thinking Like a Cloud Hacker Part 1 Recorded: May 25 2021 50 mins
    Josh Stella, Co-Founder and CTO of Fugue
    To keep your cloud infrastructure secure from hackers, you have to start thinking like one. Today’s attackers have a vast toolbox for stealing your cloud-based data. Automation can find gaps in your security posture that provide access to your environment. And cloud misconfigurations can enable them to find and extract data—often without detection.

    And don’t expect compliance rules to flag these for you, because they often don’t.

    It’s time you started looking at your cloud environment from a fresh perspective — that of a hacker who’s out to exploit vulnerabilities you aren’t aware of.

    In this Cloud Security Masterclass, Fugue CTO Josh Stella helps you get into the mindset of an attacker probing your cloud environment. You’ll learn how to spot previously-missed vulnerabilities and determine the blast radius of your cloud security gaps.
  • Building a Highly Secure S3 Bucket Part 2 Followup Recorded: May 13 2021 14 mins
    Josh Stella, Co-Founder and CEO of Fugue
    In this video, Josh Stella provides additional insight into the five layers of Amazon S3 Security that he wasn’t able to cover in the first two Cloud Security Masterclass sessions focused on S3.

    Securing your Amazon S3 resources is critical to keeping your cloud-based data secure, but it’s easy to get a false sense of security here. You need to understand how IAM Roles, Bucket Policies, and Block Public Access work to ensure the security of your specific use cases.
  • Cloud Security Masterclass-Building a Highly Secure S3 Bucket Part 2 Recorded: May 4 2021 57 mins
    Josh Stella, Co-Founder and CEO of Fugue
    Amazon S3 probably gets a lot of use at your company—it’s easy to use, reliable, and scalable.
    But S3 security isn’t so simple—it’s easy to get wrong and think you got it right. Recent high-profile cloud-based data breaches have involved advanced S3 misconfigurations that otherwise appeared to be secure.

    In this Cloud Security Masterclass, Fugue co-founder and CEO Josh Stella goes deeper into three critical components of S3 security to help you think critically about security for your unique AWS use cases.

    You’ll understand how to think critically about the security of IAM Roles, Bucket Policies, and Block Public Access for your specific use cases.
  • Locking Down the Security of AWS IAM - Part 2 Recorded: Apr 27 2021 45 mins
    Josh Stella, Fugue Co-Founder and CEO
    Amazon Web Service’s Identity and Access Management (IAM) service is a powerful tool for managing access to your AWS resources that’s essentially a new kind of network in the cloud. But configuring AWS IAM securely can become complex pretty quickly—and dangerous AWS IAM misconfigurations are quite common.

    In Part 2 of this Cloud Security Masterclass, Fugue co-founder Josh Stella digs deeper into how AWS IAM works to help you think more critically about the security for your AWS use cases. He’ll show you how hackers can exploit IAM misconfigurations so you can spot these in your environment and eliminate them.
  • Cloud Security Masterclass: Building a Highly Secure Amazon S3 Bucket-Part 1 Recorded: Apr 20 2021 55 mins
    Josh Stella, Fugue Co-Founder and CEO
    Amazon S3 security is far more complex than making sure your access policy is set to private. In fact, that setting alone can result in a false sense of security.

    In this Cloud Security Masterclass, Josh Stella, co-founder and CEO of Fugue, dives into the layers of S3 on AWS and how malicious actors are circumventing common security steps to extract data without detection.

    You’ll walk away from this session with a deeper understanding of S3 and how to think critically about cloud security for your specific use cases.
  • Cloud Security Masterclass: Locking Down the Security of AWS IAM-Part 1 Recorded: Apr 6 2021 51 mins
    Josh Stella, Co-Founder and CEO of Fugue
    If you use Amazon Web Services (AWS), you’re probably making extensive use of the AWS Identity and Access Management (IAM) service. It’s a powerful tool for managing access to your AWS resources that’s essentially a new kind of network in the cloud.

    But AWS IAM security can become quite complex. Recent high-profile cloud-based data breaches have involved AWS IAM and aren’t the result of simple customer mistakes. Rather, advanced cloud misconfiguration attacks exploit IAM misconfigurations that compliance controls and security professionals often miss.

    In this Cloud Security Masterclass, Fugue co-founder Josh Stella digs into how AWS IAM works to help you think more critically about the security for your AWS use cases. You’ll understand how to identify AWS IAM misconfiguration vulnerabilities you may have missed before—and how malicious actors exploit them.
Mastering the security of your cloud infrastructure environment.
Cloud computing has turned security on its head. The cloud attack surface is the configuration of thousands of interrelated resources — and it’s all changing constantly. Ensuring continuous cloud security and compliance requires a deep understanding how cloud works and the nature of misconfiguration. Why it happens, how hackers exploit it, and how to prevent it.

At Fugue, we’re committed to helping cloud professionals master the concepts they need to ensure the security of their cloud infrastructure. Our Cloud Security Masterclass series is led by Fugue CTO and co-founder Josh Stella, who has extensive experience with cloud security and working with national security customers as a Principal Solutions Architect with AWS. He takes us on technical deep dives into critical cloud infrastructure security concepts.

Fugue helps cloud teams transform how they do cloud security at every stage of the software development lifecycle — so they can move faster in the cloud without breaking the rules that put data at risk.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Infrastructure as Code Security with Regula
  • Live at: Jul 29 2021 4:00 pm
  • Presented by: Chris Suen, VP of Product at Fugue and Curtis Myzie, VP of Engineering at Fugue
  • From:
Your email has been sent.
or close