Name: Securing Generative AI & Preventing Vulnerabilities with Legit Security
Start: 2024-07-22T14:00:00Z
End: 2024-07-22T14:00:24.000Z
Location: BrightTALK
Rating: 4.3

Legit is a new way to manage your application security posture for security, product and compliance teams. With Legit, enterprises get a cleaner, easier way to manage and scale application security and address risks from code to cloud. Built for the modern SDLC, Legit tackles the toughest problems facing security teams, including GenAI usage, proliferation of secrets and an uncontrolled dev environment. Fast to implement and easy to use, Legit lets security teams protect their software factory from end to end, gives developers guardrails that let them do their best work safely, and proves the success of the security program. This new approach means teams can control risk across the business – and prove it.

Secrets are a serious and prevalent security risk, but most secrets scanning tools don’t get the job done. Instead of making life easier for security, most tools dump piles of false positives or fail to address secrets beyond source code. 

Watch this demo with Liam McCamley, Senior Solutions Architect at Legit Security. Get a first-hand look how Legit enables you to: 

- Find secrets exposure across your SDLC – from Git history to build logs and shared workspaces – not just in source code.
- Spend less time struggling with false positives thanks to AI-powered, accurate results. 
- Continually scan for secrets. 
- Remediate and prevent secrets exposure automatically. 
- Scale to support the largest and most complex development organizations.

Demo: Finding Secrets Beyond Source Code

What risks are new Legit customers surprised to find lurking in their SDLCs?

 In this webinar, we’ll share the top unknown SDLC risks we uncover, and offer practical tips and advice on keeping them out of your SDLC.
Legit Senior Technical Account Manager Amanda Alvarez, a former DevSecOps engineer will walk attendees through the following common SDLC risks:

- Exposed secrets
- Unknown build assets
- Misconfiguration of build assets
- Developer permissions sprawl
- Missing AI guardrails
- IaC misconfigurations

She will also share detailed steps you can implement to prevent these vulnerabilities from creating risk in your SDLC.

The Top 6 Unknown SDLC Risks Legit Uncovers

Secrets are leaking everywhere from the developer environment today. Sensitive, business-critical secrets, cloud  keys, API tokens, PII, and more are routinely hardcoded into source code, stored in logs in plaintext, and reused and reshared across cloud services, productivity tools, and messaging apps. But even as threat actors shift left to take advantage of sprawling secrets estates, the longstanding, open-source scanners that many security teams rely on to find and secure their secrets first, before the adversary, are instead falling farther behind. 

Watch this webinar led by Liav Caspi, Co-Founder and CTO of Legit Security, where he explores what modern secrets scanning looks like today, and how to easily evolve any program beyond conventional detection techniques. using expanded visibility, automation, AI, and other cutting-edge techniques to our security advantage.  

Key takeaways:

- Discover why secrets have become the top initial attack vector for threat actors.
- Learn how conventional, open-source based tools leave major blind spots.
- Explore the advantages of a modern secrets scanner, and how to find and secure secrets at scale.
- Implement proactive measures to prevent future secret leaks and remediate existing ones.

The Open-Source Trap: How Legacy Secrets Scanners Fail Against Modern Threats

To deliver secure software development today, DevSecOps must be faster, more integrated, and more dynamic than ever before. But with increasing environment complexity, the rise of generative AI, and a host of novel threats targeting developer pipelines and services, traditional AppSec strategies no longer cut it. 

Watch this webinar with Joe Nicastro, Legit Security Field CTO, on “Innovating in AppSec: How to Take Back Control of Your SDLC with ASPM,” where we delve into cutting-edge strategies to implement a holistic approach to application security posture management (ASPM). 

Key takeaways: 
- Be aware that modern threats hide in the shadows of siloed services, tools, and pipelines. 
- Harden your build systems like run-time applications. 
- Build end-to-end visibility using your existing AppSec tools, from development to runtime. 
- Apply easy, practical next steps to move to ASPM and take control of your SDLC.

Innovating in Software Security: How to Take Back Control of Your SDLC with ASPM

GitHub Actions can quickly hand attackers the keys to your company’s most critical code infrastructure — without the right controls and protections in place, the implications are more severe than you may know. 

The Legit research team recently analyzed more than 2.5 million GitHub Actions workflow files belonging to over 553,000 organizations and personal users. The team found that most GitHub Actions workflows are insecure in some way; they’re overly privileged, contain risky dependencies and misconfigurations, etc. 

Join this webinar to understand: 

- Key findings and consequences of our research into GitHub Actions security
- How GitHub Actions workflows are exploited in the wild
- Practical steps to harden your CI/CD pipelines and workflows and mitigate the risks lurking in your GitHub Actions activity

GitHub Actions Exposed: Securing Critical Code Automation that Runs Your Software Factory

In today's rapidly evolving tech landscape, development environments have become increasingly intricate, presenting new challenges for application and software security. As attackers shift their focus from traditional application targets to exploiting vulnerabilities within software supply chains, the stakes have never been higher.
 
Join us for an insightful Fireside Chat on this topic at the 2024 Black Hat Summit, as Enterprise Strategy Group's Melinda Marks, Practice Director of Application & Cloud Security and Legit Security Field CTO, Joe Nicastro, dive into the complexities of modern development pipelines, explore the emerging threats, and discuss strategies to safeguard your software supply chains from potential catastrophes.
 
Watch the session live or register for the on-demand recording to access Nicastro’s and Enterprise Strategy Group’s insight and best practices for improving:

• Software supply chain, visibility, and security
• Application security posture management (ASPM)
• And more

Proven Strategies to Safeguard Software Supply Chains from Catastrophe

Application Security Posture Management (ASPM) is here to revolutionize AppSec for greater efficiency and effectiveness, and in its latest Innovation Insights report, Gartner predicts that over 40% of organizations will adopt ASPM by 2026.  

ASPM promises to solve issues organizations have been experiencing first-hand – a lack of visibility into complex developer environments, siloed security responsibilities across multiple teams and lack of context into security issues. All of this results in a strain on traditional AppSec tools and an inability to effectively assess and respond to risks.

As pioneers of ASPM, we’re excited to share how you can reap immediate benefits in your organization today. Join our session as we share what ASPM is and how it can help you:    

- Eliminate inefficient security silos and boost team productivity 
- Automate security controls so you can do more with less 
- Improve prioritization on critical business risks to improve effectiveness 
- Transform your SDLC into a secure-SDLC, drive secure development practices, hygiene and prevent supply chain attacks.

Application Security Posture Management: The New AppSec Revolution

The SolarWinds attack in December 2020 put software supply chain security on the radar of many organizations, and new threats have been rapidly multiplying ever since. But surveys show that 71% of security professionals have misconceptions about what effective software supply chain security entails and have yet to fully adopt a modern approach to securing it despite evidence that traditional AppSec tools and methodologies are no longer sufficient.

Join Liav Caspi (CTO at Legit Security) and John Tierney (Field CTO at Legit Security) as they reveal the 3 most common software supply chain security pitfalls and how to avoid them so you can:

- Protect your business beyond 3rd-party and open-source dependencies
- Prevent malicious injections into source code and development pipeline
- Secure build systems as robustly as production system
- Avoid attacks by taking a holistic approach to software supply chain security.

3 Software Supply Chain Security Pitfalls and How to Avoid Them

Did you know that once a secret makes it into a Git commit history, it stays there forever and can be left undiscovered for months or years? Recent attacks like Uber and Toyota underscore the risks. Once hackers gain access to critical systems via an exposed secret, they can move laterally across an organization to orchestrate dangerous supply chain attacks.

Join us as we walk through the problem of secrets in the modern development environment and what it takes to detect and prevent secrets in even the most complex organizations. You will learn:

- How to detect different types of secrets across your entire SDLC, not just in source code, but also pipelines and even Confluence.
- Best practices for preventing secrets from being inadvertently pushed to production.
- The value of prioritization and context when it comes to secret scanning, and how this can help you remediate faster.
- How innovative tools like AI can reduce the noise and false positives associated with secrets scanning.

Why Coverage Throughout the SDLC is Critical to Your Security Posture

CISOs, AppSec, and DevSecOps teams realize they need to step-up software supply chain security with increased attacks and regulations as drivers. Security teams can accelerate their program maturity with the help of new tools and processes provided they are easy to implement and supercharge productivity. Modern security solutions also need to keep pace with the speed of their development team’s software releases, while effectively protecting the business from software supply chain attacks.  

Join Ricardo Lafosse, CISO of Kraft Heinz for a conversation on how his team adopted a modern software supply chain security approach that:

- Hardened SDLC systems and continually provides real-time visibility across their SDLC
- Gained quick adoption by the cross-functional teams that operationalize their use
- Accelerated the maturity of their overall application security program

Fortune 500 CISO Insights: Our Fast Track to Software Supply Chain Security

We have seen numerous headlines about the damage caused by hardcoding secrets in code. To combat this pervasive risk, security teams are turning to code scanners that look for secrets but soon realize that their visibility into all the places hardcoded secrets can be lurking is incomplete and outdated.   

Join us as we discuss practical methods you can use to prevent software supply chain attacks and reduce the damage caused by hardcoded secrets. In this webinar, you will learn:

- New techniques attackers are using to harvest your hardcoded secrets
- Why accurate visibility into your development pipelines, beyond just source code, is paramount to the success of secret scanning programs
- How to scale secret scanning initiatives to effectively support thousands of developers

Finding Dangerous Hardcoded Secrets You Didn’t Know Existed in Your SDLC

One of the most alarming types of software supply chain attacks is malicious source code modification that stays hidden as it progresses downstream in the development pipeline to create a backdoor for future malicious activities. Despite this common attack objective, the specific techniques bad actors use to access, submit, and/or modify source code varies, requiring AppSec and DevSecOps teams to address a wide range of risk mitigation measures to protect their businesses.

In this webinar, you will learn the latest best practices to:

- Prevent malicious source code modification by external and internal threats
- Stop maliciously modified source code from causing further downstream damage in your development pipelines 
- Protect popular source code management (SCM) systems like GitHub, GitLab and BitBucket

5 Best Practices to Stop Malicious Submissions in Your Development Pipeline

It’s been over a year since GenAI hit the market, and Gartner has estimated that only 10% of generative AI solutions have made it to production. Such roadblocks range from difficulty testing to poor observability, to knowing which LLM is the best to use to the development and management process presenting new challenges for time-crunched data science teams. 

Join VP of Field CTOs Lisa Aguilar, and Jess Lin Lead GenAI Data Scientist, as they explore the two biggest decisions facing aspiring AI teams: how to choose the right LLM and how to compare and optimize GenAI performance. She’ll share:

-How to evaluate commercial versus open-source models
-How to balance cost, performance, and risk management factors
-How to benchmark your GenAI experiments against performance and quality metrics
-How to build effective (and sustainable) intervention and moderation strategies
 
Attendees will also see the real-world impact of AI with a behind-the-scenes look at digital consultancy for sustainable growth BSI and how they reduced model development time by 67%.

Choosing the Right LLM and Optimizing GenAI Performance

Join hosts Kevin Oliviera and Todd Bursch in Get Visibility and Control of Data a presentation on safeguarding generative AI transformation by ensuring visibility and control of data to prevent data leaks and breaches. As the benefits of AI become more undeniable, AI-based productivity gains face challenges in the form of risks to data privacy. Attendees learn to prevent risks before they occur with mindful AI transformation and the proper tools for the job such as AI Mesh. 

Forcepoint’s Senior Product Marketing Manager, Kevin Oliveira and Global Solutions Architect, Todd Bursch explore: 

• Security solution Data Security Posture Management with AI Mesh and how it revolutionizes data Visibility and Control
• Review of data sources and connectors, including SharePoint, Azure and Google services
• Use of content detectors and compliance templates
• Pre-built and custom dashboards, including for: GenAI; ransomware exposure;
• Redundant, Outdated and Trivial (ROT) data; and high-risk users
• A description of how DSPM with AI Mesh provides proactive security for GenAI applications

Discover how to support and security for AI transformation supports proactive protection for companies to take control of their own policies and compliance without administering a ‘one-size-fits-all' method.

Get Visibility and Control of Data

CISOs face a myriad of challenges, including the impact of generative AI (GenAI). Join our webinar for an in-depth exploration of the pivotal intersection of cybersecurity and GenAI. As technology rapidly evolves, organizations worldwide confront escalating security threats, emphasizing the critical need for proactive cybersecurity measures. Explore strategies for strengthening cybersecurity programs in today’s dynamic landscape.

In this webinar you will gain insight into:

• Understanding GenAI Threats: Delve into deepfake technology risks and impacts on security and trust, exploring how it challenges organizational defenses.
• Defense Strategies: Master advanced techniques for detecting and mitigating deepfake threats, leveraging AI-driven anomaly detection and robust authentication methods.
• Practical AI Applications: Harness AI defensively and offensively to strengthen cybersecurity resilience and proactively counter emerging threats.

In this webinar, you will gain a deep understanding of the evolving threats posed by Generative AI, along with innovative strategies to strengthen your organization’s cybersecurity defenses. Don’t miss this chance to acquire practical knowledge and actionable insights that can safeguard your organization against emerging AI-driven threats. Join us to stay ahead in the dynamic landscape of cybersecurity.

Understanding Generative AI's Impact on Cybersecurity: Insights for CISOs

Enterprise Strategy Group Principal Analyst, Networking, Jim Frey, Presents: 

The scope of Generative’s AI impact is immense, touching every part of IT – even networking. GenAI and automation are fast becoming essential for infrastructure teams to build and operate the agile networks needed to meet the complex, hybrid connectivity needs of AI-enabled business. This session will reveal the ways in which GenAI and other forms of AI and automation are being applied across the networking lifecycle, highlighting where true progress is being made and where promises are still ahead of reality.

The Progress of GenAI in the Networking Lifecycle

Want to get started with Generative AI to build a chatbot that can answer questions based on your company’s data and documents but not sure where to start? This session is for you.

Patrick Masi-Phelps, Principal Sales Engineer at Dataiku, and Carsten Weidmann, Senior Partner Sales Engineer at Snowflake, will walk you through how to use retrieval augmented generation (RAG) to create a chatbot.

To explore more about Dataiku, check out the rest of our content:

CHECK OUT DATAIKU: https://bit.ly/36XBlpK
AI&Us: https://www.dataiku.com/stories/ai-and-us/
ROAI: https://www.dataiku.com/return-on-ai/ 

Linkedin: https://bit.ly/3lXyRMb
Twitter: @dataiku
Instagram: @dataiku

Build a Generative AI Chatbot With Dataiku and Snowflake

GenerativeAI is the mandate of the day - but what are its applications ‘beyond the hypewave’? How should enterprise and large-scale content aggregators and producers refactor their workflows to not just cope with the avalanche of raw data and content throughout their organization - but integrate new AI/ML workflows efficiently and thoughtfully to turn raw data and content into a valuable resource?

In this session, we’ll highlight uses of GenAI in various fields, discuss why almost every operation and enterprise can learn from the leading continuous content producers, then discuss what’s beyond ‘naive’ GenAI in the field of using AI/ML to draw out insights and meaning from raw rich media content, and even teach your AI highly specialized recognition tasks that can dramatically boost your organization’s productivity and efficiency.

'Workflow Thinking’ for GenAI and Rich Media Enhancement

Enterprise Strategy Group Principal Analyst, Data Analytics & AI, Mike Leone Presents: 

The meteoric rise of generative AI has sparked a surge of AI challenges that organizations must overcome to ensure greater levels of trust in the underlying technology and its outputs. Recent Enterprise Strategy Research highlights that while 78% of people are using generative AI for personal use like boosting productivity or improving efficiency, just 36% of organizations have policies in place to limit usage. The lack of organizational action to minimize issues like potential biases, legal liability, unknowingly sharing intellectual property, and more is leading organizations down a path of potential disaster. Uncover the potential shortcomings and challenges organizations face, as well as issues already encountered due to a lack of action being taken by business teams.

Evaluating the Pillars of Responsible AI

Business in 2024 calls for a shift in the ITSM landscape, with the mainstream role of Artificial Intelligence (AI) in transforming workplaces. AI and its cutting-edge fact, generative AI bring to the forefront the importance of enhancing employee experiences, and ways to achieve it. It is also important for IT leaders to choose the right AI tools to avoid unnecessary tech spends while balancing organizational efficiency and productivity.

Join us for an in-depth discussion on the promise AI holds in ITSM, especially in transforming employee experiences, its challenges and how Freshworks is at the forefront of this AI revolution.

Here’s what you can expect to learn::

● The power of AI in enhancing employee experiences
● Facets of AI, with a special focus on generative AI
● Challenges in implementing generative AI
● Freshworks at the forefront of the AI revolution and its role in enhancing employee experiences through Freshservice and Freddy AI
● Best practices in implementing generative AI

Leveraging AI in the Evolving and Transformative ITSM Landscape

Predictive insights are the lifeblood of today’s business. Imagine that your product team is coming up with new features, your operations team is investigating supply chain issues, and your marketing team is developing 360-degree profiles of customers. What do these scenarios have in common? For a modern business operating in today’s dynamic environment, all three are powered by predictive analytics.

Increasingly, artificial intelligence and machine learning technology (AI/ML) is enabling high-value predictions that lay the groundwork for better decision-making. Advanced analytics, including generative AI, hold the power to sharpen your company’s competitive edge, drive operational efficiencies, and maximize growth.  

With generative AI, data scientists can more easily make sense of ever-growing datasets. They can automate tedious tasks like filtering and parsing huge volumes of data to quickly extract meaningful information.  

Join us to learn how leaders are overcoming the common pitfalls around AI workflows, how Teradata and Amazon Web Services (AWS) are penetrating barriers to predictive analytics, and how data scientists can scale analytics leveraging an integrated AI toolset.

Unleash AI Innovation Across the Enterprise with Teradata and AWS

Artificial Intelligence (AI) holds tremendous potential for innovation, but without high-quality data, AI is just... artificial. This webinar explores current AI trends, their impact on data security, and how to protect sensitive information in an AI-driven world. We will discuss the critical importance of discovering, monitoring, and safeguarding data to leverage AI effectively, including the growing use of AI copilots in the workplace.

Learn how today’s leading organizations secure their data and ensure the safe use of AI, enabling CISOs and CDOs to confidently support new AI-driven initiatives. Attend to learn about the:
- Risks of over-privileged data access for AI copilots and data access
- Security implications of feeding data into Large Language Models (LLMs)
- Dynamic discovery and protection of data for the safe use of AI

From Artificial to Intelligent: Securing Data for AI

How can AI change a Security Analyst's workflow? Ashish, CISO & Host of AI CyberSecurity Podcast, and Caleb Sima, Chair of CSA AI Security Alliance & Co-Host of AI Cybersecurity Podcast, catch up with Ely Kahn, VP of Product at SentinelOne, to discuss the revolutionary impact of generative AI on cybersecurity. Ely will speak about the challenges and solutions in integrating AI into cybersecurity operations, highlighting how to simplify complex processes and empower junior to mid-tier analysts.

How AI Can Be Used in Cybersecurity Operations

Enterprise Strategy Group Principal Analyst Dave Gruber Presents: 

Security professionals claim that increasing security operations difficulty is driven by the sophisticated and evolving threat landscape, a growing attack surface, and a rising volume of security alerts. Trained large language models (LLMs) and generative AI have the potential to help cybersecurity teams analyze and prioritize decisions in each of these areas, mitigating cyber-risk. Uncover how organizations are using AI technologies today and whether these technologies have met expectations.

Securing GenAI Within Your Organization, While Gaining Leverage Using It

With the ever-changing landscape of emerging technologies and rising employee expectations, how do you balance continuously elevating service experiences with optimizing costs and future-proofing?

As IT teams across the globe are tasked with the challenge of doing more with less, GenAI has emerged as the undeniable force multiplier --- but not without its share of skepticism and concerns. Join Freshworks to delve deeper into GenAI’s potential, misconceptions, and the strategic vision required to build higher-performing teams.

Evolve IT Services with GenAI for Exceptional Employee Experiences

The current IT and service operations landscape is desperate for change: High-touch integrations have plagued traditional event-management with varied results. Systems are rigidly rules-based, difficult, and expensive to maintain. ITOps & incident management teams are burnt out. Adoption of new, innovative tech is daunting, if not impossible. 

Generative AI is not a silver bullet, but it can alleviate these challenges when deployed with the right technology that delivers context for a clear view of every incident and a clear framework that breaks down silos between teams, tools, and workflows.

Join BigPanda as they discuss:

- Benefits of full-context operations for both ITOps and incident management teams
- How AI delivers incident context to drive business outcomes
- A practical approach to getting started with AI-powered tools

AIOps 101: Using Gen AI to Deliver Context & Remediate Faster

Enterprise Strategy Group Senior Analyst, Data Protection, Ops & Sustainability, Jon Brown Presents: 

Generative AI is rapidly transforming technology and business strategies. According to recent Enterprise Strategy Group research, 85% of organizations are actively using, planning to use, or considering generative AI across many of their functional areas, including IT operations. This session will explore current use cases for generative AI in IT operations, how AI is impacting the selection and use of IT operations tools, customer sentiment about desired outcomes and expected challenges related to AI adoption, key stakeholders influencing purchasing decisions, functional requirements, business and technology drivers, tool consolidation plans, and more.

The Impact of GenAI in IT Operations

GenAI is the gamechanger that can transform work across your organisation, but AI is only as powerful as the platform it’s built on. 

When you marry GenAI capabilities with a powerful workflow automation platform, every employee in your organisation is empowered to do more, do it faster and create what they couldn't before. Working smarter has never been easier.

Join our team of experts to discover what ServiceNow’s Now Assist with GenAI can do for your employees, customers, agents, and developers. Learn how GenAI

• can gather the full body of case information that IT agents and operators need to promptly resolve IT issues. 
• can automate and expedite building tasks for developers and empower citizen developers to do more than they can imagine. 

Increase productivity, transform experiences, and accelerate agility on the Now Platform. 

Featured speakers: 
• Peter Doherty – Sales Director, Sales Operations, ServiceNow
• Doug Alcock – Senior Solution Sales Executive, Creator Workflows, ServiceNow
• Sylvain Hauser – Solution Consultant, Creator Workflows, ServiceNow


Resources:

Unlocking strategic business advantages with Generative AI
https://www.servicenow.com/now-platform/generative-ai.html

Put AI to work with Now Assist

Enterprise Strategy Group: GenAI Summit​

GenAI is revolutionizing industries by creating innovative solutions that transform how we interact with technology. However, as with any powerful tool, GenAI introduces unique risks and vulnerabilities that need robust security measures.

Join us for an insightful webinar where John Tierney, Field CTO at Legit Security, will delve into the intricacies of securing Generative AI. This session will provide critical insights into the market importance of GenAI, practical use cases, inherent risks, and strategies to safeguard your AI initiatives.

Securing Generative AI & Preventing Vulnerabilities with Legit Security

Generative AI

Vulnerabilities

Vulnerability Intelligence

genai

Risk Assessment

Supply Chain

secure infrastructure

Governance

large language models

mlops

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Securing Generative AI & Preventing Vulnerabilities with Legit Security

Presented by

About this talk

Legit Security