Learn How to Thwart Cyber Attackers with Training at SANS Boston. Save $350 thru 2/20.

Cloud Security Summit & Training

San Jose, CA | Mon, Apr 29, 2019 - Mon, May 6, 2019
Event starts in 72 Days

Cloud Security Summit Agenda

Summit speakers

We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates. The following talks and speakers have been confirmed for the 2019 SANS Cloud Security Summit:

Secrets for All the Things: The Injection of Secrets for Every Application in Your Cloud-Agnostic Environment

In this presentation, we'll discuss why a centralized location for the management of secrets is important, and how to leverage this to retrieve secrets for applications and micro-services across multiple cloud environments. These environments include Amazon Web Services, Google Cloud Platform, and container orchestration platforms like Kubernetes, EKS, and GKE. We'll provide examples of each platform using secrets management solutions like Hashicorp Vault, and we’ll look at how to reduce friction for application owners by automating this process with the help of custom-tailored sidecar containers.

Brian Nuszkowski, Staff Security Engineer, Cruise Automation
Mike Ruth(@MF_Ruth), Staff Security Engineer, Cruise Automation

Demonstration of Typical Forensic Techniques for AWS EC2 Instances

This demo is a step-by-step walk-through of techniques that can be used to perform forensics on Amazon Web Services (AWS) Elastic Cloud Compute (EC2) instances. During the demonstration we’ll use various tools such as LiME, Magarita Shotgun, AWS-IR, SIFT, Rekall, and Volatility. For more information, see bit.ly/cloud_dfir_demo and bit.ly/2NwmBVH.

Kenneth G. Hartman (@KennethGHartman), Security Consultant; Community Instructor, SANS Institute

Who Done It? Gaining Visibility and Accountability in the Cloud

Every day more enterprises are incorporating cloud services and workflows. Moving data to the public cloud has many advantages, but it also brings new risks and challenges for the security team. While traditional techniques and controls can be applied in many cases, there are also new areas involving cloud-native services and APIs unique to this environment. In this presentation, we will explore several use cases, techniques, and tools that can be applied to resolve the challenges associated with moving data to the cloud.

Marta Gomez-Macias (@Mrs_DarkDonado), IT Security Developer, Wazuh
Ryan Nolette (@sonofagl1tch), Security Engineer, Independent Researcher

Automating Cloud Security Monitoring at Scale

The big three cloud providers innovate at a pace that security teams have a hard time keeping up with. New architectural patterns for cloud security and governance call for each team or application to get its own account to limit blast-radius and provide for better financial accountability. The depth of services and the breadth of accounts across multiple different cloud providers prevent many security organizations from detecting issues before they become a data breach. Most vendor-based solutions either lack the ability to scale to hundreds of accounts or ignore the misconfiguration risks of the newer, more advanced offerings from the cloud providers. Cloud providers innovate faster than the security vendor community, and the security team shouldn’t have to slow the adoption of new services because our vendor community cannot keep up. Turner Broadcasting is a cloud-first organization with a variety of brands ranging from CNN to the Cartoon Network and Adult Swim, in addition to broadcast and streaming partnerships with organizations such as the National Basketball Association and the National Collegiate Athletic Association. Turner operates in all three public cloud providers. In this talk, we will touch on the history of our cloud migration and dive deep into how we blended a set of policies with a swarm of Amazon Web Services lambda to deliver customized compliance reports to all our business stakeholders for all three public clouds. Attendees will come away with a strategy and actionable set of tasks to kick-start their cloud security program, along with guidance on how to find and select tools they can use to automate configuration checking at scale.

Chris Farris (@jcfarris), Cloud Security Architect, Turner Broadcasting

Automating the Creation of Network Firewall Rules Using PowerShell and CI/CD

Managing firewall rules is a complex task. During this talk, we'll discuss one way to automate the creation and management of those firewall rules using PowerShell and a continuous integration and deployment (CI/CD) pipeline. The basis of the presentation is an actual customer implementation of this end-to-end process. We will discuss the requirements for the solution and how this solution was developed and has grown from proof of concept to production. Although the implementation is Azure-specific, the talk will be abstracted to showcase the feasibility of this approach across multiple clouds. Demos presented during the talk will showcase the PowerShell script and then the end-to-end workflow using Azure DevOps.

Nills Franssens (@nillsf), Cloud Solution Architect, Microsoft

Serverless Security: Attackers and Defenders

In serverless applications, the cloud provider is responsible for securing the underlying infrastructure, from the data centers all the way up to the container and run-time environment. This relieves much of the security burden from the application owner, but it also poses many unique challenges when it comes to securing the application layer. In this presentation, we will discuss the most critical challenges related to securing serverless applications, from development to deployment. We will also walk through a live demo of a realistic serverless application that contains several common vulnerabilities, and see how they can be exploited by attackers and how to secure them. We will also use examples from a recent story published in Dark-Reading magazine on how we hacked a real-world serverless application and won the $1,000 bounty!

Ory Segal (@orysegal), CTO, PureSec