Name: Cloud Security Masterclass-Building a Highly Secure S3 Bucket Part 2
Start: 2022-05-26T16:00:00Z
End: 2022-05-26T16:56:16.000Z
Location: BrightTALK
Rating: 0

Cloud computing has turned security on its head. The cloud attack surface is the configuration of thousands of interrelated resources — and it’s all changing constantly. Ensuring continuous cloud security and compliance requires a deep understanding how cloud works and the nature of misconfiguration. Why it happens, how hackers exploit it, and how to prevent it. 

At Fugue, we’re committed to helping cloud professionals master the concepts they need to ensure the security of their cloud infrastructure. Our Cloud Security Masterclass series is led by Snyk Chief Architect, Josh Stella, who has extensive experience with cloud security and working with national security customers as a Principal Solutions Architect with AWS. He takes us on technical deep dives into critical cloud infrastructure security concepts.    

Fugue helps cloud teams transform how they do cloud security at every stage of the software development lifecycle — so they can move faster in the cloud without breaking the rules that put data at risk.

The Twitch breach may have begun with a lone server misconfiguration, but its blast radius reached everything from sensitive customer data to source code for yet-to-be-released applications. Today’s cloud attacks don’t exploit a single misconfiguration, but rather a series of them.   In this Cloud Security Masterclass, Josh Stella will walk through a process for understanding the blast radius of a variety of potential security events in your environment, and steps you can take to prevent minor ones from becoming catastrophic breaches.   You’ll walk away from this session with an understanding of how to:  Evaluate your Identity and Access Management (IAM) resources for weaknesses that attackers can exploit Employ penetration testing methodologies to assess the blast radius of public-facing resource misconfigurations Harden your cloud security posture using policy as code to address complex, multi-resource “blast radius” risks

Cloud Security Masterclass: Minimizing the Blast Radius of a Cloud Breach

When the headline says “Cloud Breach Due to Misconfigured Server,” we’re only getting a small part of the story. Critical information on what really went down rarely becomes public knowledge. 

But in order to keep cloud data secure, it’s essential to understand how attackers are exploiting the cloud API control plane, and expand the blast radius well beyond the initial misconfigured resource in order to inflict real damage. 

In this session, Josh Stella, Chief Architect at Snyk, will walk through the ways control plane compromise attacks happen, and why you need to go beyond traditional cloud security posture management in order to spot the deeper design flaws in your environment that make these attacks possible.

Attendees will gain an understanding of:
-What the cloud control plane is and why attackers need access to it
-How to identify control plane compromise risks in your environment
-Why cloud security hinges with secure design, and where to start

How Hackers Compromise the Cloud Control Plane

The #1 cloud risk is the control plane APIs. When security is focused solely on preventing entry points into a cloud environment, defenders need to get it right 100% of the time. Attackers only need to get lucky once. A close examination of real-world cloud breaches shows that the security industry is approaching the problem all wrong, and these exploits will continue unabated until we change our thinking and focus on inherently-secure cloud design.

In this Cloud Security Masterclass, Snyk Chief Architect Josh Stella will walk through the taxonomy of cloud security involving the three vectors that we can manipulate in the design of secure cloud environments: resources, actions, and time. 

You’ll walk away from this session with a clear understanding of:

The nature of modern cloud breaches and how control plane API attacks unfold
Identifying cloud design failure and understanding blast radius risk in your environment
How to use policy as code to guide developers in secure cloud infrastructure design

Cloud Security Masterclass: Your Current Cloud Security Won’t Prevent Attacks

When the headline reads “Company suffers cloud data breach due to misconfigured server,” recognize that this is only a small part of the story. What’s missing is the series of moves the attacker executed to achieve their ultimate goal, because the data they’re after rarely resides on the initial “misconfigured server”. Failing to understand how attackers operate in the cloud causes teams to focus too much on the wrong things and develop a false sense of security.  

In this session, Snyk chief architect Josh Stella will explain how nearly every major cloud breach goes down, and why cloud security keeps failing even the most sophisticated teams and organizations. He’ll walk through how attackers are not only exploiting individual resource misconfigurations, but also architectural design vulnerabilities that enable them to compromise the cloud API control plane in order to discover and extract data without detection. 

Josh will lay out a five-point approach for addressing these modern cloud attacks: 1) know your environment; 2) focus on prevention; 3) Empower your developers; 4) automate with policy as code; and 5) measure what matters.  

You’ll walk away from this session with a better understanding of cloud threats and a systematic strategy for addressing them.

The missing story with every cloud breach—and what you need to know and do

Amazon S3 security is far more complex than making sure your access policy is set to private. In fact, that setting alone can result in a false sense of security. 

In this Cloud Security Masterclass, Josh Stella, co-founder and CEO of Fugue, dives into the layers of S3 on AWS and how malicious actors are circumventing common security steps to extract data without detection.

You’ll walk away from this session with a deeper understanding of S3 and how to think critically about cloud security for your specific use cases.

Cloud Security Masterclass: Building a Secure Amazon S3 Bucket-Part 1

Recently, Fugue explored how cloud engineering and DevOps teams can use Fugue to check the security of infrastructure as code (IaC)—and running cloud environments—using the same set of policies.

In this session, Aidan O'Connor will focus specifically on performing security checks on AWS CloudFormation IaC for AWS in AWS CodePipeline. Aidan will cover using policy as code (Open Policy Agent) and Fugue to automatically check for misconfigurations in CloudFormation (JSON and YAML), and options for how to handle violations. 

What Attendees Will Learn
Leveraging Fugue’s pre-built cloud security and compliance rules for CloudFormation security
Integrating automated IaC security checks in CI/CD workflows using AWS CodePipeline
Extending cloud security coverage to your AWS runtime environment using the same policies

Cloud Security in CI/CD with AWS CodePipeline, AWS CloudFormation & Fugue

Enterprise cloud environments typically need to adhere to a set of custom internal policies — in addition to any relevant compliance standards. But transforming these rules into policy as code and ensuring everyone’s applying them consistently across infrastructure as code (IaC) and runtime environments is a challenge for any security engineering team. 

Fugue simplifies the process of putting custom cloud policies into action so all teams are operating off of the same page. Developers are producing secure IaC fast, and security teams are keeping the runtime free of vulnerabilities — using the same policies. 

In this session, Fugue’s Ricardo Green will walk through how to implement and manage custom cloud policies with Fugue. 

What Attendees Will Learn
How Fugue uses OPA rules to evaluate IaC
Fugue’s basic and advanced custom rule capabilities
Managing custom rules in Fugue’s SaaS platform

Managing Custom Cloud Security Policies with Fugue

In this session, Aidan O'Connor will focus specifically on performing security checks on Terraform IaC for AWS in Bitbucket Pipelines (an integrated CI/CD service built into Bitbucket). Aidan will cover using policy as code (Open Policy Agent) and Fugue to automatically check for misconfigurations in Terraform (HCL code and JSON plans), and options for how to handle violations. 

What Attendees Will Learn
Leveraging Fugue’s pre-built cloud security and compliance rules for Terraform security
Integrating automated IaC security checks in CI/CD workflows using Bitbucket Pipelines
Extending cloud security coverage to your AWS runtime environment using the same policies

How to Integrate Cloud Security in CI/CD with Bitbucket and Fugue

In the cloud, “serverless” architectures can shift a lot more security responsibility to the cloud service provider. But the responsibilities that remain yours look radically different than what many are used to.

In our first Cloud Security Masterclass session on serverless security, we surveyed what cloud security looks like for serverless environments. In this session, we’re going deep on the biggest and most important attack surface when it comes to serverless: Identity and Access Management (IAM). 

Josh Stella (co-founder and CEO) is joined again by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to dig into the role IAM plays with serverless security, how IAM misconfigurations put data at risk, and why these mistakes are so easy to make and common in enterprise cloud environments.

This session covers: 

The IAM attack surface with serverless cloud environments 
The strategies hackers use to exploit IAM misconfigurations
How to spot these mistakes and eliminate them

Blowing up Serverless Security and How to Avoid it (Part 2)

“Serverless” cloud architectures that leverage services such as AWS Lambda and Azure Functions are transforming how we build and deploy applications. Serverless applications also require us to transform how we think about keeping our data secure. 

In this Cloud Security Masterclass session, we dig into how security is different for serverless cloud infrastructure environments —and what hasn’t changed. Josh Stella (co-founder and CEO of Fugue) is joined by Curtis Myzie (VP of Engineering) and Wayne Crissman (Director of Security) to walk through what it takes to keep data and applications secure in a serverless environment. 

This session covers: 

How going serverless “shifts” the Shared Responsibility Model
The serverless attack surface — what’s changed and what stays the same 
Modern serverless attack vectors, including IAM misconfiguration attacks
The impact of serverless on compliance audits 
Dos and don’ts to keep your serverless environment and data secure

Blowing up Serverless Security and (How to Avoid it) Part 1

Bringing an existing cloud environment into compliance and proving it to management and auditors is one of the most complex and daunting tasks for any engineering team.

But with the right approach, you can bring your cloud into compliance faster, with less disruption, and fewer headaches.

In this session, Fugue co-founder and CEO Josh Stella and Dave Williams, Former Cloud Architect at New Light Technologies, walk through a tried-and-true process for achieving cloud compliance that works for any cloud team, any cloud environment, and any compliance regime.

You’ll walk away from this session with a clear understanding of how to:
Break down the complexities of cloud compliance and build a plan for ease and speed
Apply controls to your use case and remediate issues without disrupting the business
Avoid common pitfalls, headaches, and tensions associated with cloud compliance

This approach is applicable for teams that need to bring their existing AWS, Microsoft Azure, or Google Cloud environment into compliance with standards such as SOC-2, HIPAA, PCI, NIST 800-53, ISO 27001, GDPR, CIS Benchmark Standards, and custom internal policies.

Cloud Security Masterclass: Bringing your Cloud into Compliance and Proving it

Gaining full visibility into the security posture of a dynamic, at-scale cloud environment can challenge even the best security engineering teams. When this effort involves multiple cloud providers, compliance standards, and internal security policies, things can get complicated fast. 

For this Fugue Lunch & Learn, we invited Alfonso Cabrera (Director of Platform Engineering) and Matt Stegall (Senior Engineer) from Red Ventures to share how they have implemented and leveraged Fugue to manage the security posture of a dynamic, multi-cloud environment. Learn how they onboarded hundreds of their AWS accounts and Google Cloud subscriptions within hours and gained holistic visibility into the security posture of their cloud environments using Fugue.

Attendees will walk away with an understanding of using Fugue to: 

Onboard multiple cloud accounts across providers into Fugue using the Fugue API 
Develop and deploy custom security policies to augment turnkey compliance libraries
Operationalize cloud security to improve efficiencies and increase developer velocity

Getting Multicloud Security Visibility at Red Ventures (and Fast!)

Amazon Web Service’s Identity and Access Management (IAM) service is a powerful tool for managing access to your AWS resources that’s essentially a new kind of network in the cloud. But configuring AWS IAM securely can become complex pretty quickly—and dangerous AWS IAM misconfigurations are quite common.   In Part 2 of this Cloud Security Masterclass, Fugue co-founder Josh Stella digs deeper into how AWS IAM works to help you think more critically about the security for your AWS use cases. He’ll show you how hackers can exploit IAM misconfigurations so you can spot these in your environment and eliminate them.

Locking Down the Security of AWS IAM - Part 2

If you use Amazon Web Services (AWS), you’re probably making extensive use of the AWS Identity and Access Management (IAM) service. It’s a powerful tool for managing access to your AWS resources that’s essentially a new kind of network in the cloud.   But AWS IAM security can become quite complex. Recent high-profile cloud-based data breaches have involved AWS IAM and aren’t the result of simple customer mistakes. Rather, advanced cloud misconfiguration attacks exploit IAM misconfigurations that compliance controls and security professionals often miss.   In this Cloud Security Masterclass, Fugue co-founder Josh Stella digs into how AWS IAM works to help you think more critically about the security for your AWS use cases. You’ll understand how to identify AWS IAM misconfiguration vulnerabilities you may have missed before—and how malicious actors exploit them.

Cloud Security Masterclass: Locking Down the Security of AWS IAM-Part 1

Josh Stella continues his Cloud Security Masterclass series on how to think like a hacker to uncover previously unknown vulnerabilities in your cloud environment.   These misconfiguration vulnerabilities are often missed in compliance audits and overlooked by security teams. But they’re also playing an increasingly important role in today’s modern cloud attacks.   In this session, Josh explores some more advanced misconfiguration risks that are increasingly common in today’s enterprise cloud environments—and how you can spot them before the bad guys do.

Thinking Like a Cloud Hacker Part 2

To keep your cloud infrastructure secure from hackers, you have to start thinking like one. Today’s attackers have a vast toolbox for stealing your cloud-based data. Automation can find gaps in your security posture that provide access to your environment. And cloud misconfigurations can enable them to find and extract data—often without detection.  And don’t expect compliance rules to flag these for you, because they often don’t.  It’s time you started looking at your cloud environment from a fresh perspective — that of a hacker who’s out to exploit vulnerabilities you aren’t aware of.  In this Cloud Security Masterclass, Fugue CTO Josh Stella helps you get into the mindset of an attacker probing your cloud environment. You’ll learn how to spot previously-missed vulnerabilities and determine the blast radius of your cloud security gaps.

Cloud Security Masterclass: Thinking Like a Cloud Hacker Part 1

Amazon S3 probably gets a lot of use at your company—it’s easy to use, reliable, and scalable.
But S3 security isn’t so simple—it’s easy to get wrong and think you got it right. Recent high-profile cloud-based data breaches have involved advanced S3 misconfigurations that otherwise appeared to be secure.

In this Cloud Security Masterclass, Fugue co-founder and CEO Josh Stella goes deeper into three critical components of S3 security to help you think critically about security for your unique AWS use cases.

You’ll understand how to think critically about the security of IAM Roles, Bucket Policies, and Block Public Access for your specific use cases.

Cloud Security Masterclass-Building a Highly Secure S3  Bucket Part 2

Amazon S3

Amazon Web Services

Cloud Infrastructure

Cloud Misconfiguration

Cloud Security

CSPM

DevSecOps

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Cloud Security Masterclass-Building a Highly Secure S3 Bucket Part 2

Presented by

About this talk

More from this channel