Name: Context is Critical: Making Sense of Vulnerabilities in a Cloud-Native World
Start: 2023-04-27T18:00:00Z
End: 2023-04-27T18:00:24.000Z
Location: BrightTALK
Rating: 4.6

Panoptica, Cisco’s Cloud Application Security solution, provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments. Panoptica ensures comprehensive cloud security, compliance, and monitoring at scale, offering deep visibility, contextual risk assessments, and actionable remediation insights for all your cloud assets. Powered by graph-based technology, Panoptica’s Attack Path Engine prioritizes and offers dynamic remediation for vulnerable attack vectors helping security teams quickly identify and remediate potential risks across cloud infrastructures. 

Generative AI has already entered workflows across business departments. But how should you be using GenAI for cloud security to achieve optimal efficiency and value? 
 
Join us in this fireside chat, featuring Papi Menon, VP and Chief Product Officer, Outshift by Cisco and Melinda Marks, Practice Director, Application & Cloud Security, Enterprise Strategy Group, as they discuss: 

• The role of generative AI technology in bolstering cloud security
• GenAI’s ability to autonomously identify and address emerging threats in real-time
• How to enhance overall defense mechanisms in cloud security with generative AI technology

Leveraging GenAI for Cloud Security

As we kick off 2024, join David Terrar, CEO of Cloud Industry Forum and guests for episode 47 of Digital Transformation in Action, where they share trends and predictions for the cloud landscape in the coming year.

Driving Cloud Change in 2024: Trends to Know

The difficulties of securing data in cloud-native applications are many, for example:
• There exists a proliferation of data islands, complicating the creation of a unified cloud security view;
• As microservices are created, evolved, and removed, those islands can remain unused—yet still pose a risk to you;
• Propagation and caching of sensitive data between microservices can result in compliance blindness.

That’s not to mention the variety of data storage formats with which IT pros must contend and protect (such as file, object, block, and SQL). Let’s hit the reset button, shall we?

Join us in this Fireside Chat at the Data Security Risks and Challenges BrightTALK Summit to discover 5 principles—based on the basics—with which you can improve cloud-native app security and to see how CNAPP solutions are making a real difference. Tim Miller, Technical Marketing Engineer at Outshift by Cisco joins the discussion with Enterprise Strategy Group analysts.

Securing Your Data in a Cloud-Native Application World

"If there has been a single dominant topic of discussion in 2023, it has to be the rapid rise of generative AI. New developments in the technology have drawn mass attention and it seems like everyone is trying to figure out how best to deploy generative AI in their own organizations. This presents a great opportunity to optimize existing machine learning efforts and automate operations even further – but it also opens the door to dangerous gaps in governance. Without the right protocols, companies can become vulnerable to a host of problems, from data loss and increased attack surface area to copyright issues and misinformation. 

The technology is so new that many organizations won’t yet have clear policies in place around the use of generative AI. And while there are licensed, regulated generative AI tools available, many people are currently using the vast array of free apps that have not been scrutinized from a compliance standpoint. How can teams take advantage of these new opportunities created by generative AI, while maintaining their standards of security and governance? How can teams protect themselves from the risks of shadow IT and create clear governance policies?

Tune into this latest episode of CISO Insights to hear Dan Lohrmann, Earl Duby and guest experts discuss how to govern data and balance the dual threat and opportunity of generative AI.

Threat & Opportunity: Governing Data in the Age of Generative AI

Although multi cloud architecture empowers organizations with a flexible and resilient approach to cloud computing, there are various intricacies and challenges when it comes to multi cloud security. From managing the complexity of different clouds, to cloud skill gaps your organization desperately needs to fill, managing a multi cloud environment is difficult if you don’t have the right tools in place.

Join us in this webinar to explore the dynamic landscape of multi cloud security. We'll delve into the essence of safeguarding data, applications, and infrastructure distributed across your diverse cloud environments. You’ll also learn about:

•. How a multi cloud security solution can act as a central orchestrator for your business, offering comprehensive protection against cyber threats
•. The benefits of consistent security controls, centralized visibility, integrated security tools, and efficient incident response
•  Why strategic prioritization of attack paths and efficient remediation are vital for proactive vulnerability management across diverse cloud environments

Mastering Multi Cloud Security: Strategies and Solutions

Join David Terrar, CEO of Cloud Industry Forum and guests for episode 44 of Digital Transformation in Action, as they revisit cloud security - with a particular focus on security spend and risk management.

Revisiting Cloud Security: Managing Spend and Risk

After the success and interest in our first cyber myth busting episode, we’re bringing a second instalment to this topic - answering your hot questions, and diving into common cyber misconceptions.

In this special episode of The (Security) Balancing Act, Diana Kelley and cyber experts will sit down, and deep dive into the common cyber myths.

 What misconceptions drive you crazy? Bring your best myths and join Diana Kelley and guests as we decipher common cyber myths in a bid to clear up the confusion.

Blasting Cyber Myths: Part Two

Cybersecurity is so often focused on securing enterprise infrastructures from external threats – for good reason. Cyber attacks are always evolving alongside security protocols, so organizations must stay vigilant. Yet when so many resources are devoted to protecting operations from the outside, it is easy to leave yourself at risk of another kind of attack: insider threats. In fact, a 2023 study from Cybersecurity Insiders found that 74% of organizations are at least moderately vulnerable to insider threats.

Insider threats require an entirely different security approach, especially as they bring up an entirely new problem: accidental or unintentional threats. Not all internal damage is done maliciously, with many incidences tied more to human error than criminal intent. The Ponemon’s Institute’s “2022 Cost of Insider Threats Global Report” found that over half of insider threats (56%) came from employee or contractor negligence. Creating an internally secure environment for your organization therefore requires a multi-pronged strategy that can protect against both intentional and unintentional attacks.

In this episode of CISO Insights, series hosts Dan Lohrmann and Earl Duby will be joined by security experts to break down what it takes to tackle insider threats.

From Inside the House: Tackling Intentional & Unintentional Insider Threats

As more organizations adopt microservices, containers, Kubernetes, and serverless architectures, the complexity of their IT environments continues to grow, creating an expanded attack surface. Given the dynamic and complex nature of cloud-native environments, how confident are you in your development and security teams' ability to identify and prioritize the most significant security risks and remediate vulnerabilities in a timely manner to reduce the risk of a security breach? 
 
To secure cloud-native applications, organizations use multiple tools from different vendors. However, these tools are often not developer-friendly, creating a fragmented view of risk. This results in an excessive number of alerts that can waste developers' time and delay remediation efforts.
 
Join this fireside chat to learn why you need an end-to-end cloud application security solution in today’s dynamic and complex multi-cloud environment. And why it’s essential to address the most significant risks first, reducing the risk of a breach and saving valuable time and resources when time is of the essence.
 
Key takeaways:
 
• Improve Visibility: Gain real-time insights into security issues across cloud assets to reduce compliance violations and expedite deployment of cloud-native apps.
• Contextualize Risks: Prioritize vulnerabilities that can have the most significant impact on cloud apps.
• Enable Security through Collaboration: Prioritize vulnerabilities through collaboration among teams to develop effective remediation plans.

How to Prioritize Critical Vulnerabilities to Protect Your Cloud Applications

Video: How to Prioritize Critical Vulnerabilities to Protect Cloud Applications

The Global Cloud-native Application Protection Platform (CNAPP) Market size is expected to reach $21.2 billion by 2028, rising at a market growth of 18.6% CAGR. Adopting cloud-native architectures can significantly reduce IT costs, improve operational efficiency, and increase development speed and agility—although, they also introduce security risks, such as vulnerabilities in containers, microservices, and APIs. 

Implementing the proper security measures in this context requires a cloud-native security approach, in which solutions are purpose-built for cloud environments and can leverage automation and machine learning to detect and respond to security threats in real-time. 

Watch this exclusive Fireside Chat with experts from Cisco and BrightTALK to discover the key to unlocking cloud-native application modernization in today’s sprawling environments, alongside a discussion on how to formulate a cloud-native app security protection plan.

Unlocking Business Potential with Cloud-Native Application Modernization

Panoptica's dashboard makes it easy for security engineers to figure what risks to deal with by highlighting them based on pods, APIs, and serverless functions, and the miTRE Attack framework. This video gives you a complete overview of the Panoptica dashboard.

How to: Use the Panoptica Dashboard

Panoptica's API Security dashboard presents a prioritized list of the top six security risk findings identified in your cloud environments. This video shows how Panoptica helps you drill down into advanced API risk assessments.

How to: Identify API Risks in Your Cloud-Native Environments

Panoptica gives you visibility into all the functions deployed in your cloud accounts. This video shows you how Panoptica inspects your Serverless runtime environment for risks, vulnerabilities, and leakage of secrets.

How to: Visibility Assessment & Remediation of Risks in Serverless Environments

Panoptica's assessment information comes from its runtime scans and CI?CD pipeline events. This video shows you how Panoptica provides a complete inventory of your cluster and the workloads it is running.

How to: Get a Comprehensive View of K8 Clusters and Running Workloads

Obtaining a comprehensive inventory of your runtime environment in Panoptica starts with onboarding your Kubernetes cluster. This video provides a step-by-step tutorial of how to set up Panoptica for a standard cluster deployment or a more advanced deployment.

How to: Set Up a Cluster in Panoptica

Join Helen Beal, Chief Ambassador at DevOps Institute and guests for episode 35 of Day-to-Day DevOps, where they discuss all things GitOps.

This discussion will explore:

- GitOps as an operations model and how it accelerates software delivery
- GitOps vs DevOps
- The role of GitOps in a DevSecOps world
- How GitOps is evolving secure development, API security and CI/CD pipeline security
- And more

Gaining Insight Into GitOps

While zero trust has been touted as a north star for enterprise security, some experts argue that it may not be effective in all scenarios. With this reservation in mind, how can organizations, like yours, ensure that their Zero Trust strategies are effective, aligned with their security goals, and thwart today’s persistent phishing threats? 

Find out by tuning into this Fireside Chat between ESG Principal Analyst Jon Oltsik and Deepen Desai—Global CISO and Head of Security Research & Operations at Zscaler—as they survey how Zero Trust fares against the current threat landscape. 

Agenda items include:
• Zero Trust challenges & strategies for effective adoption
• A review of the 2023 ThreatLabz Phishing Report with the latest trends & techniques
• Tactics to pivot for supply chain, IoT, and MFA attacks 
• The rise of AI chatbots and their impact on cybersecurity defenders
• And much more

How Zero Trust Fares Against Current Cyber Threats

With the ever-increasing number of cyber breaches, a significant question remains: have we accepted or turned a blind eye to the problem? The recent breach reporting mandates and global regulatory requirements make it clear that we need to do more to protect our assets. 

Although challenged by the cost of cyber insurance, talent gap, increased complexity, more audits, and deeper analysis by investors, it is still essential to find ways to reduce costs, retain skilled talent, demonstrate risk management, and improve cybersecurity. 

Join ESG Principal Analyst Jon Oltsik and Ross Brewer, Chief Revenue Officer at SimSpace, for an exciting Fireside Chat that delves into the world of modern cybersecurity strategies to help you stay ahead of the attack curve. This event will cover:

• Tactics for satisfying investors
• Ways to fill the talent gap while moving from cyber assumptions to cyber certainty
• And how you can put your cybersecurity strategies to the test, balance the checkboxes, and create predictability in a cyber range

Cybersecurity in 2023: The Good, The Bad, and The Strategy

Because cloud environments are noisy, nobody has enough resources to pay attention to every single alert. The only way to effectively prioritize risks and detect threats, therefore, is to gain complete visibility and context from code to cloud. 

To achieve this feat requires consolidating all previously siloed capabilities—e.g. scanning of cloud accounts for misconfigurations, CSPM, CIEM, KSPM, CWPP, and more—to a single view. Given these myriad components, the path to success is often, well, cloudy. 

In this Fireside Chat, ESG Senior Analyst Melinda Marks sits down with Tim Chase, Global Field CISO at Lacework, to examine actionable strategies with which you can cut through the noise to prioritize cloud security risks with precision. Tune in to discover how:

• To strengthen cloud security risk prioritization 
• Developers and security pros should collaborate to identify vulnerabilities
• Lacework helps their customers reduce cloud attack surfaces 
• And much more

Raising the Signal: Effective Risk Prioritization in Cloud Security

In this RSA roundtable discussion led by top Enterprise Strategy Group analyst Jack Poller, hear from leading CISOs regarding the biggest challenges, best practices, and attack trends impacting the cybersecurity space today—all assessed by ESG’s independent voice. 

Normally, access to Enterprise Strategy Group analyst research and consulting services would be a costly investment, but today you can listen in for free.   

Topics covered include:
• The key concerns for modern CISOs
• How enterprises are shifting their security strategies
• ESG’s top 3 best practices for protecting sensitive cloud data
• And more

CISO top challenges vs. priorities (from ESG’s experts)

Enterprise Strategy Group (ESG) is a global leader in unbiased market analysis, research, and strategy – and ESG’s recent research into Zero Trust has uncovered some uncomfortable facts. 

In this panel discussion, ESG Senior Analyst Mark Bowker sits down with leaders from VMware and Entrust to answer key questions around Zero Trust this year – including:

• Why are we seeing a surge in Zero Trust projects now?
• Which vendor Zero Trust claims are true vs. false? 
• How is the role of PKI changing in light of the move toward Zero Trust networks?
• What level of urgency should IT and infosec leaders put on being quantum-ready?
• And much more

Zero Trust in 2023: Roundtable with ESG’s Analyst Mark Bowker

Enterprise Strategy Group (ESG) helps advise on critical business decisions using their world-class research on Zero Trust network security. Their recent studies indicate that all too often, businesses don’t have an effective Zero Trust strategy.

In this exclusive Fireside Chat, ESG Senior Analyst and industry vet Jack Poller examines what Zero Trust optimization looks like in practice and what you need to know to get started. Topics covered include:

• The ZTNA maturity model
• Essential action items for CIOs and CISOs
• The role of crypto agility in enterprise Zero Trust projects
• And more of ESG’s independent research

Enterprise Strategy Group’s Zero Trust optimization roadmap

What we are hearing from CISOs, Nick Lantuh, Co-founder & CEO of Interpres Security explains, is that cybersecurity has become too costly, complicated, siloed, and requires significant manual engineering to succeed using current methods. These issues dovetail with the competing objectives to secure your organization from large-scale attacks, while simultaneously optimizing costs in today’s budget constrained environment.

A threat-centric cybersecurity approach holds the key to resolving many of these issues, in which defense surface management is key. Tune in as Lantuh and an ESG analyst deconstruct this topic in the following Fireside Chat.

Additional agenda topics include:
•     Why defense surface management is needed in today’s security environments
•     Defense Surface Management concept and origins
•     Steps organizations can take to validate their security strategies
•     How continuous monitoring improves the security posture

101 from Enterprise Strategy Group: What is defense surface management?

@ RSA Conference 2023 USA

Context is critical as IT professionals are tasked with making sense of vulnerabilities in a cloud-native world. For example, vulnerabilities can happen at any point in the app development cycle (CNAPP), and security pros are staring down the tunnel of information overload with unceasing alerts.

With so much on their plates, how can these pros dial into the security vulnerabilities that are a must-tackle and protect their cloud-native environments?

ESG Senior Analyst Melinda Marks sits down with Papi Menon, VP of Product Management, Emerging Technologies & Incubation at Cisco Panoptica, to discuss this topic and explain:

•        Context is critical: why does vulnerability matter?
•        How Cisco’s Panoptica helps secure your cloud journey
•        Why a trusted partner like Cisco matters in your cloud security

Context is Critical: Making Sense of Vulnerabilities in a Cloud-Native World

Cloud Native

Cloud Applications

Cloud Security

Cloud Risk

Application Security

Application Vulnerabilities

Application Development

Vulnerability Intelligence

Vulnerability Management

Cloud

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Context is Critical: Making Sense of Vulnerabilities in a Cloud-Native World

Presented by

About this talk

Cisco – Panoptica