Name: How to: Identify API Risks in Your Cloud-Native Environments
Start: 2023-03-24T14:03:00Z
End: 2023-03-24T14:03:06.000Z
Location: BrightTALK

Panoptica, Cisco’s Cloud Application Security solution, provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments. Panoptica ensures comprehensive cloud security, compliance, and monitoring at scale, offering deep visibility, contextual risk assessments, and actionable remediation insights for all your cloud assets. Powered by graph-based technology, Panoptica’s Attack Path Engine prioritizes and offers dynamic remediation for vulnerable attack vectors helping security teams quickly identify and remediate potential risks across cloud infrastructures. 

Generative AI has already entered workflows across business departments. But how should you be using GenAI for cloud security to achieve optimal efficiency and value? 
 
Join us in this fireside chat, featuring Papi Menon, VP and Chief Product Officer, Outshift by Cisco and Melinda Marks, Practice Director, Application & Cloud Security, Enterprise Strategy Group, as they discuss: 

• The role of generative AI technology in bolstering cloud security
• GenAI’s ability to autonomously identify and address emerging threats in real-time
• How to enhance overall defense mechanisms in cloud security with generative AI technology

Leveraging GenAI for Cloud Security

As we kick off 2024, join David Terrar, CEO of Cloud Industry Forum and guests for episode 47 of Digital Transformation in Action, where they share trends and predictions for the cloud landscape in the coming year.

Driving Cloud Change in 2024: Trends to Know

The difficulties of securing data in cloud-native applications are many, for example:
• There exists a proliferation of data islands, complicating the creation of a unified cloud security view;
• As microservices are created, evolved, and removed, those islands can remain unused—yet still pose a risk to you;
• Propagation and caching of sensitive data between microservices can result in compliance blindness.

That’s not to mention the variety of data storage formats with which IT pros must contend and protect (such as file, object, block, and SQL). Let’s hit the reset button, shall we?

Join us in this Fireside Chat at the Data Security Risks and Challenges BrightTALK Summit to discover 5 principles—based on the basics—with which you can improve cloud-native app security and to see how CNAPP solutions are making a real difference. Tim Miller, Technical Marketing Engineer at Outshift by Cisco joins the discussion with Enterprise Strategy Group analysts.

Securing Your Data in a Cloud-Native Application World

"If there has been a single dominant topic of discussion in 2023, it has to be the rapid rise of generative AI. New developments in the technology have drawn mass attention and it seems like everyone is trying to figure out how best to deploy generative AI in their own organizations. This presents a great opportunity to optimize existing machine learning efforts and automate operations even further – but it also opens the door to dangerous gaps in governance. Without the right protocols, companies can become vulnerable to a host of problems, from data loss and increased attack surface area to copyright issues and misinformation. 

The technology is so new that many organizations won’t yet have clear policies in place around the use of generative AI. And while there are licensed, regulated generative AI tools available, many people are currently using the vast array of free apps that have not been scrutinized from a compliance standpoint. How can teams take advantage of these new opportunities created by generative AI, while maintaining their standards of security and governance? How can teams protect themselves from the risks of shadow IT and create clear governance policies?

Tune into this latest episode of CISO Insights to hear Dan Lohrmann, Earl Duby and guest experts discuss how to govern data and balance the dual threat and opportunity of generative AI.

Threat & Opportunity: Governing Data in the Age of Generative AI

Although multi cloud architecture empowers organizations with a flexible and resilient approach to cloud computing, there are various intricacies and challenges when it comes to multi cloud security. From managing the complexity of different clouds, to cloud skill gaps your organization desperately needs to fill, managing a multi cloud environment is difficult if you don’t have the right tools in place.

Join us in this webinar to explore the dynamic landscape of multi cloud security. We'll delve into the essence of safeguarding data, applications, and infrastructure distributed across your diverse cloud environments. You’ll also learn about:

•. How a multi cloud security solution can act as a central orchestrator for your business, offering comprehensive protection against cyber threats
•. The benefits of consistent security controls, centralized visibility, integrated security tools, and efficient incident response
•  Why strategic prioritization of attack paths and efficient remediation are vital for proactive vulnerability management across diverse cloud environments

Mastering Multi Cloud Security: Strategies and Solutions

Join David Terrar, CEO of Cloud Industry Forum and guests for episode 44 of Digital Transformation in Action, as they revisit cloud security - with a particular focus on security spend and risk management.

Revisiting Cloud Security: Managing Spend and Risk

After the success and interest in our first cyber myth busting episode, we’re bringing a second instalment to this topic - answering your hot questions, and diving into common cyber misconceptions.

In this special episode of The (Security) Balancing Act, Diana Kelley and cyber experts will sit down, and deep dive into the common cyber myths.

 What misconceptions drive you crazy? Bring your best myths and join Diana Kelley and guests as we decipher common cyber myths in a bid to clear up the confusion.

Blasting Cyber Myths: Part Two

Cybersecurity is so often focused on securing enterprise infrastructures from external threats – for good reason. Cyber attacks are always evolving alongside security protocols, so organizations must stay vigilant. Yet when so many resources are devoted to protecting operations from the outside, it is easy to leave yourself at risk of another kind of attack: insider threats. In fact, a 2023 study from Cybersecurity Insiders found that 74% of organizations are at least moderately vulnerable to insider threats.

Insider threats require an entirely different security approach, especially as they bring up an entirely new problem: accidental or unintentional threats. Not all internal damage is done maliciously, with many incidences tied more to human error than criminal intent. The Ponemon’s Institute’s “2022 Cost of Insider Threats Global Report” found that over half of insider threats (56%) came from employee or contractor negligence. Creating an internally secure environment for your organization therefore requires a multi-pronged strategy that can protect against both intentional and unintentional attacks.

In this episode of CISO Insights, series hosts Dan Lohrmann and Earl Duby will be joined by security experts to break down what it takes to tackle insider threats.

From Inside the House: Tackling Intentional & Unintentional Insider Threats

As more organizations adopt microservices, containers, Kubernetes, and serverless architectures, the complexity of their IT environments continues to grow, creating an expanded attack surface. Given the dynamic and complex nature of cloud-native environments, how confident are you in your development and security teams' ability to identify and prioritize the most significant security risks and remediate vulnerabilities in a timely manner to reduce the risk of a security breach? 
 
To secure cloud-native applications, organizations use multiple tools from different vendors. However, these tools are often not developer-friendly, creating a fragmented view of risk. This results in an excessive number of alerts that can waste developers' time and delay remediation efforts.
 
Join this fireside chat to learn why you need an end-to-end cloud application security solution in today’s dynamic and complex multi-cloud environment. And why it’s essential to address the most significant risks first, reducing the risk of a breach and saving valuable time and resources when time is of the essence.
 
Key takeaways:
 
• Improve Visibility: Gain real-time insights into security issues across cloud assets to reduce compliance violations and expedite deployment of cloud-native apps.
• Contextualize Risks: Prioritize vulnerabilities that can have the most significant impact on cloud apps.
• Enable Security through Collaboration: Prioritize vulnerabilities through collaboration among teams to develop effective remediation plans.

How to Prioritize Critical Vulnerabilities to Protect Your Cloud Applications

Video: How to Prioritize Critical Vulnerabilities to Protect Cloud Applications

Context is critical as IT professionals are tasked with making sense of vulnerabilities in a cloud-native world. For example, vulnerabilities can happen at any point in the app development cycle (CNAPP), and security pros are staring down the tunnel of information overload with unceasing alerts.

With so much on their plates, how can these pros dial into the security vulnerabilities that are a must-tackle and protect their cloud-native environments?

ESG Senior Analyst Melinda Marks sits down with Papi Menon, VP of Product Management, Emerging Technologies & Incubation at Cisco Panoptica, to discuss this topic and explain:

•        Context is critical: why does vulnerability matter?
•        How Cisco’s Panoptica helps secure your cloud journey
•        Why a trusted partner like Cisco matters in your cloud security

Context is Critical: Making Sense of Vulnerabilities in a Cloud-Native World

The Global Cloud-native Application Protection Platform (CNAPP) Market size is expected to reach $21.2 billion by 2028, rising at a market growth of 18.6% CAGR. Adopting cloud-native architectures can significantly reduce IT costs, improve operational efficiency, and increase development speed and agility—although, they also introduce security risks, such as vulnerabilities in containers, microservices, and APIs. 

Implementing the proper security measures in this context requires a cloud-native security approach, in which solutions are purpose-built for cloud environments and can leverage automation and machine learning to detect and respond to security threats in real-time. 

Watch this exclusive Fireside Chat with experts from Cisco and BrightTALK to discover the key to unlocking cloud-native application modernization in today’s sprawling environments, alongside a discussion on how to formulate a cloud-native app security protection plan.

Unlocking Business Potential with Cloud-Native Application Modernization

Panoptica's dashboard makes it easy for security engineers to figure what risks to deal with by highlighting them based on pods, APIs, and serverless functions, and the miTRE Attack framework. This video gives you a complete overview of the Panoptica dashboard.

How to: Use the Panoptica Dashboard

Panoptica gives you visibility into all the functions deployed in your cloud accounts. This video shows you how Panoptica inspects your Serverless runtime environment for risks, vulnerabilities, and leakage of secrets.

How to: Visibility Assessment & Remediation of Risks in Serverless Environments

Panoptica's assessment information comes from its runtime scans and CI?CD pipeline events. This video shows you how Panoptica provides a complete inventory of your cluster and the workloads it is running.

How to: Get a Comprehensive View of K8 Clusters and Running Workloads

Obtaining a comprehensive inventory of your runtime environment in Panoptica starts with onboarding your Kubernetes cluster. This video provides a step-by-step tutorial of how to set up Panoptica for a standard cluster deployment or a more advanced deployment.

How to: Set Up a Cluster in Panoptica

Join Helen Beal, Chief Ambassador at DevOps Institute and guests for episode 35 of Day-to-Day DevOps, where they discuss all things GitOps.

This discussion will explore:

- GitOps as an operations model and how it accelerates software delivery
- GitOps vs DevOps
- The role of GitOps in a DevSecOps world
- How GitOps is evolving secure development, API security and CI/CD pipeline security
- And more

Gaining Insight Into GitOps

Panoptica's API Security dashboard presents a prioritized list of the top six security risk findings identified in your cloud environments. This video shows how Panoptica helps you drill down into advanced API risk assessments.

How to: Identify API Risks in Your Cloud-Native Environments

Cloud

Cloud Security

Kubernetes

API security

Risk Assessment

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How to: Identify API Risks in Your Cloud-Native Environments

Presented by

About this talk

Cisco – Panoptica