Hi [[ session.user.profile.firstName ]]

Application Security for Cloud-Based Companies

It used to be that software vendors sold native applications that would run on a single environment, sheltered by firewalls and anti-virus software, leaving data on a local drive. Today’s SaaS applications have made every application a Web application and thus made their customers’ once internal applications external ones. Ultimately, the increased risk of cyber attack has made security objectives a business target just like sales goals. This interactive session will discuss real-world examples of companies aligning security and business goals while transitioning to the cloud and how they tackled long-standing issues to develop a continuous security culture.

Attendees will learn how Web applications have become the primary attack target of a cloud-based organization with a thorough look at statistics on recent hackings. They will also learn how the movement towards cloud computing has reduced, even erased, effectiveness of the network security layer from a technical standpoint and what risks insecure applications on the cloud pose to themselves and other companies. Additionally, listeners will gain an understanding of how fix and remediate these key risks though secure coding practices.
Recorded Oct 12 2011 39 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Jim Manico, VP Security Architecture, WhiteHat Security
Presentation preview: Application Security for Cloud-Based Companies

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Strategies for Breach Prevention & Response Feb 10 2021 4:00 pm UTC 60 mins
    Muhammad Ahmad, CISO at FINCA Microfinance Bank, Mike Lloyd, CTO at RedSeal & JP Bourget, President at BlueCycle
    In 2019, the United States had 1,473 data breaches with over 164.68 million sensitive records exposed. In the first half of 2020, there were 540 reported data breaches, according to Statistica. What can we apply from 2020? How can enterprises better protect against a data breach in 2021? Hear from the experts and learn the best practices around faster breach detection and response.

    Join experts and thought leaders for a roundtable discussion on the tools and policies that make breach prevention possible and the solutions that can help keep your networks secure and make it easier to detect and deal with intruders.

    We’ll discuss:
    - Lessons from the biggest breaches in 2020
    - How to prepare for the inevitable and have a plan in place for during and after the breach
    - Types of attacks enterprises need to prepare for
    - Threat modeling and risk management
    - Best in class solutions and recommendations for security teams
    - Staying sane in the SOC and strategies for dealing with stress and alert fatigue
  • Cyber Defense In The Modern Org: 7 Low-Cost Tips To Secure Your Organization Feb 10 2021 1:00 pm UTC 60 mins
    Erich Kron, Security Awareness Advocate, KnowBe4
    Cybersecurity is often expensive, time-consuming and can have catastrophic consequences if done wrong. From scams designed to steal money to attacks designed to disrupt business and bring production to a halt, attackers have been upping their game continuously.

    In the meantime, the security vendor's marketing departments relentlessly try to sell the latest and greatest "solution" to our problems with catchy ideas and the latest trends and buzzwords. Do we really need AI-enabled, ML-enhanced, multi-disciplinary, automated threat hunting cloud-connected, quantum controlled, blockchain-processing toasters in our organizations? Marketing departments sure think so. Sadly, all of this buzzword bingo has drawn attention away from securing the basics in favor of more technology, which requires more trained cybersecurity professionals to manage and really don't reduce our risk in any meaningful way.

    This session will focus on 7 low-cost, but vital fundamental security principles that are being overlooked, resulting in significant breaches and disruption in small, medium and global organizations alike.
  • Navigating Complexity: A Path Through Too Much Choice Feb 10 2021 9:00 am UTC 60 mins
    Mike Lloyd, CTO at RedSeal
    We’re all trying to protect constantly changing network environments without enough people, and with too many tools – all while we face attackers who are persistent and automated. Dr. Mike Lloyd, RedSeal CTO, draws on his background in epidemiology and modern cybersecurity, as well as his study of history, to show how others have dealt with such challenges, and extracts practical lessons you can use to decrease complexity and increase digital resilience.
  • Threat Modeling over Coffee: A simple method of Data Prioritization Feb 9 2021 10:00 pm UTC 60 mins
    Molly Payne, Recovering Threat Hunter currently in the role of Raytheon’s MSSP SOC Manager at Raytheon
    Software and Data systems in most people’s companies are complicated and tend to grow organically. This organic growth can make it difficult to know what/where/how your assets need protecting. Come join me for a cup of coffee while I share the strategies I use through stories from the field on how to help you threat model your environment and take a proactive step to breach protection.

    Problem to be Solved: How do I know what to protect?

    Solution: Have coffee with your managers and use three simple question to threat model the assets they control.

    Delivery: Sharing three stories from my work as a SOC manager, Analyst and Threat Hunter as examples of why to threat model, and how easy it can be.

    The Stories:

    1. The case of the lost donor list.

    a. Third Party Vendor Compromise

    2. What does the FBI and Web shells have in common?You.

    a. Unpatched Servers.

    3. What was stolen?

    a. Ransomware and mystery assets.
  • CISO Tips for Shaping Your Security Strategy Feb 9 2021 6:00 pm UTC 60 mins
    Ray Espinoza, Chief Information Security Officer at Cobalt.io
    Description of the webcast content in enough detail to outline the challenge or the problem to be solved, the solution you propose and importantly some bullet points/key takeaways for the audience e.g in this webinar you will learn... (2k character-max)

    Security leaders at high-growth startups and major enterprises alike are asking themselves, “How do I level up my program this year?” Economic uncertainty, a global pandemic, and rising customer expectations make this question even more complex.

    Join Ray Espinoza, current head of security at pentesting company Cobalt, as he draws upon years of experience managing infosec programs at eBay, Workday, Amazon, and Cisco as well as working with heads of security at both large and small businesses. Ray will draw upon his time spent “in the trenches” to tackle common CISO pain points around program planning and execution.

    Specific topics which he will explore include the following:

    How the concept of “security maturity” differs for companies of varying size -- and how to measure progress.

    The characteristics and practices that define more mature security teams.

    Professional blunders that yield tangible learnings, and strategies for avoiding common pitfalls (including basic breach prevention).

    The advent of pentesting 2.0, and how it fits more neatly into agile development lifecycles.

    If there is a specific topic which you’d like Ray to address, submit your question for consideration to XYZ.
  • Beyond the Hype: Use Cases that Work with Applied Behavioral Analytics Feb 9 2021 6:00 pm UTC 60 mins
    David Swift, Director of Partner Enablement at Securonix
    Phishing and other human-facing social engineering tactics remain the primary vectors of successful attacks. The transition to remote work greatly expanded the attack surface and opened new vectors for campaigns.

    Organized cybercrime groups commonly use zero-day attacks to avoid detection. They typically compromise user credentials, so they can move across your organization to get to your most precious data.

    How can you detect zero-day events without constant rules updates and rewrites and sifting through mountains of false positives?

    How do you achieve infinite scale without an endless number of events to triage?

    David Swift will discuss the top ten use cases and three keys to finding security threats in any environment using behavioral analytics. You will learn:

    -The critical threat detection techniques to identify zero-day and malicious activity from both outside attackers and internal users.
    -Five indicators that combine known threats and machine learning to identify compromises.
    -Key log sources needed to solve the compromised user dilemma and how to detect misuse and malware.
    -Primary use cases across industries such as Manufacturing, Healthcare, Energy, and Financial Services.

    David Swift is a 15-year veteran of SIEMs, UEBA, SOCs and a security evangelist.
  • Panel Discussion: Getting Ahead of the Breach Feb 9 2021 4:00 pm UTC 60 mins
    Panelists: Allen Ohanian at Dept. of Children & Family Services, Ashton D'Cruz at NatWest Markets, Nir Shafrir at Nyotron
    2020 was the worst year on record for breaches. E.g. there were 2,935 publicly reported breaches in the first three quarters of 2020. According to a recent report from Risk Based Security, the number of records exposed in 2020 was up to 36 billion. 

    What can enterprises learn from this and do to better protect their data? Is breach prevention even possible?

    Hear from the experts on what the new normal for organizations looks like, the cybersecurity best practices to adopt and what's in store for the rest of 2021.

    The topics up for discussion will include:
    - Cybersecurity in the new normal
    - How attackers have take advantage of the pandemic
    - Critical steps to take on the path to preventing data breaches 
    - Why data protection and cybersecurity should not be separate functions
    - Best practices and solutions for breach detection and response
    - Lessons from the field and recommendations for CISOs
  • Breach? What Breach? Feb 9 2021 1:00 pm UTC 60 mins
    Tee Patel, COO, vCISO at Iron Oak Security & Dave Sifleet, Security & Governance Sr Consultant at Hytec Information Security
    Handling of security breaches is vital – but what assurance do you have that you will even notice one in a timely manner? And if you do, will you have everything in place to make an informed decision and respond?

    In this talk, we’ll:
    -Cover off all the basics – who to involve, where to look, and how to tie your activities together.
    -Consider how to rapidly progress your knowledge from detecting ‘something’ to building rapid and informed understanding of a breach.
    -Analyse the activities required before you hit the ‘response’ stage from the highest level.
  • Breach Detection: an integral part of Digital Transformation Feb 9 2021 11:00 am UTC 60 mins
    Himanshu Dubey, Director of Security Labs & Sangram Desai, Project Manager at Quick Heal Technologies Ltd.
    Endpoints are the most targeted entity by Cyber Attackers. As per this survey by Ponemon institute, 68% of the organizations have experienced endpoint attacks, of which 80% were unknown threats / zero days. And the average patch gap to respond to these attacks was 97 days!

    Cyber attackers are always identifying newer avenues to infiltrate organization’s networks. In current times, as more and more organizations go through rapid digital transformation, the opportunities available for Cyber Attackers are at an all time high; and they are pulling out all stops to leverage that
    Organizations need to have robust protection mechanisms to minimize the possibility of a successful Cyber Attack against their network. At the same time, they must be prepared for a successful breach. In this talk we will discuss the approaches that organizations can adopt to detect and respond to successful breaches in their environment.

    Key takeaways
    - Major Security threats- Zero-day attacks, APTs, Trojans
    - Why Breach Detection is needed
    - Various tools & techniques that can be adopted for Breach Detection
  • How to implement a new cyber solution to change the defense status Feb 9 2021 9:00 am UTC 60 mins
    Sneer Rozenfeld, VP Sales at Cyber 2.0
    2020 showed us that there is no silver bullet. Everyone is getting attacked. We will discuss what makes the hackers be one step ahead of all defense systems and how Cyber 2.0 brings a new method of defense being one step a head of the hackers.
  • Global Requirements in Privacy & Security: Compliance & Breach Prevention Feb 8 2021 10:00 pm UTC 60 mins
    Jordan Fischer, Global Privacy Team Lead, Beckage
    With the increasing globalization of business, the international flow of data is creating unique complexities in developing and maintaining effective global compliance solutions in security and privacy. This presentation will explore impactful regulatory frameworks, including the EU's General Data Protection Regulation, and the California Consumer Privacy Act, drawing parallels and identifying differences. Ultimately, the talk will provide attendees with effective solutions to proactively comply with global regulatory requirements in both privacy and security and prevent privacy and security breaches.
  • Breach Prevention and Impact Reduction Feb 8 2021 8:00 pm UTC 60 mins
    Will Ehgoetz | Senior Threat Hunter, IntelliGO Networks
    Recently we have seen significant and wide-reaching cybersecurity breaches making headlines. William Ehgoetz, Senior Threat Hunter at ActZero / IntelliGO leads our Threat Hunting team and deals first-hand with the fallout of such events. In this webinar, he will focus on on things you can do proactively to overcome such concerns, both on your own, or with external help - so that you can rest assured, there is no need to panic.

    The webinar will cover;
    - Why blind panic won’t help & why you need to trust in your cybersecurity program
    - How employee education, training, and having an incident response plan in place helps
    - Some of the more effective / proactive options (e.g Software Restrictions Policy) and other advice he gives our MDR clients
    - How integrating threat hunting into an organization’s existing security capabilities offers proactive protection against adversaries
  • Back to Basics: Planning for a Breach Edition Feb 8 2021 4:00 pm UTC 60 mins
    John Robison, Chief Security Officer at ProMiles, INC.
    This presentation presents breach management having two requirements, controlled and uncontrolled. Today, the CSIRP is a mythological beast. Theses two requirements of breach management are the reasons for the myth. The missing first step was found as evidenced by participating in audits and jobs. Why planning for the breach is necessary. Key people, identified by name in contract or law, are to be the principle agents of notification. Identifying responsible parties for both of the two requirements is one problem. Find out the other problems.
  • Removing 24x7 administrator rights to break the attack chain Feb 8 2021 4:00 pm UTC 60 mins
    JD Sherry, Chief Strategy Officer, Remediant
    The average ransomware spreads as follows: (1) attacker phishes their way onto an employee workstation.; (2) attacker extracts admin credentials from employee’s workstation and (3) attacker uses admin credentials to move laterally.

    So why were admin credentials present on an employee’s workstation? JD Sherry of Remediant explores the role of administrator privileges in a breach and how securing 24x7 admin rights can sustainably prevent the spread of a breach beyond the first point of intrusion. 24x7 administrator access on endpoints can be used by attackers to spread ransomware and move from one machine to the next. This is an important concept to understand because

    1. A lot of 24x7 administrator access exists and each account creates a point of exposure. For example, Remediant sees that the average employee workstation has 480 admins with 24x7 access to it
    2. This access is business justified (needed by systems administrators, IT helpdesks) and spreads over time
    3. Easy for attackers to find: These accounts are easy targets for attackers because they are easy to find, provide powerful access and always available
    4. Not easy for security teams to fix: Finally, 24x7 access is very hard to find and clean up for security or IT operations teams

    It’s no wonder 74% of breached organizations admit to the involvement of a privileged account.
  • Lead with Data-Centric Security to Prevent Breaches Feb 8 2021 1:00 pm UTC 60 mins
    Thad Mann, VP & Cybersecurity Strategist at WaveStrong, Inc.
    As security practitioners, we recommend a balanced approach to enable better business outcomes while adequately protecting digital assets from unauthorized use and malicious attacks.

    But what is the right balance?

    Even though companies spend significant amounts money and expend precious resources to protect their business, the impact of data breaches have only increased. Time and time again we read reports that, regardless of how much time, money and resources are expended, organizations continue to be impacted by nefarious and malicious actors.

    Is there a better way?

    I contend that taking a data-centric approach to improving your security program will also have the benefit of significantly reducing the impact of future security breaches. In fact, a properly deployed and managed enterprise Data Protection Program can help you prevent breaches.

    Is it that simple?

    Although vendors have done a good job of simplifying the deployment and management of their tools, deploying these solutions in the context of a complex enterprise is nontrivial. For example, what is the best way to integrate the tools so that there are adequate layers of security to protect the asset without adding unnecessary complexity.

    In this webinar you will learn to :
    Understand what is a data-centric security approach
    Prevent breaches with a data-centric approach
    Operationalize your enterprise data protection program
    Select and prioritize data-centric security tools
  • Using Threat Intel to Prevent and Detect Cyber Attacks Feb 8 2021 1:00 pm UTC 60 mins
    Jeff Foresman, VP of Security Operations & CISO at Digital Hands
    Organizations today are losing the battle against sophisticated cyber criminals to prevent, detect and respond to malware, ransomware, and data breaches. Security data holds many answers, but only if an organization can easily and quickly collect, understand, and prioritize the information to respond in a quick and efficient manner. There are also numerous threat intelligence sources but organizations are struggling to understand how to utilize this data in a meaningful way.

    This presentation will focus on answering the following questions:

    • What is going on? - Can you protect and defend in real time to prevent becoming another global breach or ransomware news headline?
    • How Important is it? - Can you quickly and easily get the security intelligence needed to prevent, detect, and respond to incidents before they do damage?
    • Where should I focus? - Do you have the right solutions and resources to effectively and rapidly action threat responses across your security infrastructure?

    Attendees to this discussion will come away with an understanding of the cyber threats and how an organization can develop solutions to effectively prevent and detect malware outbreaks, ransomware attacks and data breaches. Attendees will also gain an understanding of Threat Intelligence options and how to integrate it into your prevention and detection solutions.
  • When It Comes to Cloud, Soften Up Feb 8 2021 9:00 am UTC 60 mins
    Shinesa Cambric, Identity Governance and Compliance Architect, GleauxbalMinds Security Consulting
    When it comes to security, the “softer” skills of governance, designing good architecture, and embedding good change management often get forsaken in favor of tools and quick implementations. However, embracing these items should be at the core of your cloud security strategy. In reviewing the OWASP Top 10 and the MITRE ATT&CK® framework for cloud, many of the attack vectors could be reduced through good governance and change management hygiene. Join this session to take a look at native tools within cloud environments that will help show your “soft side”.
  • Storage Technologies & Practices Ripe for Refresh Feb 3 2021 6:00 pm UTC 75 mins
    John Kim, NVIDIA; Eric Hibbard, SNIA; Alex McDonald, SNIA; Tom Friend, Illuminosi
    So much of what we discuss within SNIA is the latest emerging technologies in storage. While it’s good to know about what technology is coming, it’s also important to understand the technologies that should be sunsetted.

    In this webcast, you’ll learn about storage technologies and practices in your data center that are ready for refresh or possibly retirement. Find out why some long-standing technologies and practices should be re-evaluated. We’ll discuss:

    •Obsolete hardware, protocols, interfaces and other aspects of storage
    •Why certain technologies are no longer in general use
    •Technologies on their way out and why
    •Drivers for change
    •Justifications for obsoleting proven technologies
    •Trade-offs risks: new faster/better vs. proven/working tech
  • Like shooting Phish in a Barrel: 3 Perspectives on Email Protection Jan 21 2021 10:00 pm UTC 45 mins
    Matt Bishop, University of California Davis | Richard Ford, Cyren | Josh Douglas, Mimecast
    In this round table, we bring together three vastly different perspectives on the same problem to see where we are, what we can do about it, and what our future looks like. Our round table discussion includes the vendor, customer, and researcher perspective. While each of us experiences the problems we face differently by seeing our vulnerabilities and opportunities from different viewpoints we can find the best possible solution.

    We will begin by discussing how we got here and what today’s threat landscape looks like with respect to email-centric threats. We will then explore the raft of mitigation techniques available, where they work… and where they don’t. We will also look at the system writ large, and explore the impact systemic changes, such as the shift of business mail to O365, are likely to have on attackers. Finally, we will discuss how we see things changing in the future: what will the conversation in five years look like?

    At every point in this discussion, our focus is on engaging a diverse set of views and pointing out practical steps that defenders can take to provide the most cost-effective and pragmatic solutions to protect their users from a threat that is only going to grow.

    In this webinar you will learn:
    • How to think about the email vector the same way the attacker does: it’s about the people, not the medium
    • What attacks we see today and why they work
    • How to build a comprehensive strategy that helps secure the messaging channel
    • How to measure and prove to your boss you built a comprehensive strategy that helped secure the messaging channel
    • How we think these kinds of attacks will change in a coevolutionary system
  • Cloud Security 2021: Emerging Trends, Threats, and Responses Recorded: Jan 21 2021 60 mins
    Aaron Klein, SecureCloudDB // Tim Sandage, AWS // Mike Hughes, Prism RA // Jeff Collins, Lightstream // Tyler Kennedy, Rewind
    There’s something refreshing about starting a new year. What’s not so refreshing is facing new security risks. To fortify your approach and learn a few must-take steps, join us to hear how a panel of experts is approaching cloud security in 2021.

    SecureCloudDB Founder Aaron Klein will moderate a candid conversation with expert security leaders Tim Sandage of AWS, Mike Hughes of Prism RA, Jeff Collins of Lightstream, and Tyler Kennedy of Rewind as they discuss:

    - Emerging cloud security trends
    - The biggest security threats facing organizations
    - Strategies to prevent or stop an attack
    - Actions that you should take today
    - Regulations to watch out for
    - Considerations for CISOs using the public cloud

    This panel will offer practical advice about emerging threats and recommended counters for anyone who is responsible for navigating security in the cloud. Come with questions as live audience Q&A will wrap up the session.
The latest trends and best practice advice from the leading experts
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Application Security for Cloud-Based Companies
  • Live at: Oct 12 2011 8:00 pm
  • Presented by: Jim Manico, VP Security Architecture, WhiteHat Security
  • From:
Your email has been sent.
or close