SANS Cloud Security Operations Solutions Forum

  • Friday, 18 Oct 2019 8:30AM MST (18 Oct 2019 14:30 UTC)
  • Speaker: NULL

In the Denver area? Join us at the Live Event. Register here.

Forum Chairman: Kenneth G. Hartman

All organizations must protect their confidential information. After all, it is this information that gives the organization its competitive value and enables it to achieve its mission. Security operations (SecOps) is focused on the day-to-day tasks necessary to protect the confidentiality, integrity, and availability of the organization's data and the systems that process it. Moving this data to the cloud certainly brings creates some SecOps challenges. What works on-premise may not work effectively in the cloud and might not scale well.

Concerns about the trustworthiness of the cloud are the most significant barrier to cloud adoption. Knowing these apprehensions, Cloud Service Providers (CSP) and other solution providers are tackling this challenge head-on and have created innovative solutions to help cloud customers secure the data they process in the cloud. Cloud-native technical security controls that leverage application programming interfaces (API) and the software-defined aspects of cloud services enable customers to lock down their environments in ways that are not possible on-premise. These capabilities have caused some to argue that a properly configured cloud environment may be more secure.

The challenge with so much innovation and so many choices is that customers can get overwhelmed with all the hype in the marketplace. The SANS Cloud Security Operations Solutions Forum will focus on cloud security operations solutions that work, with a focus on providing specific technical advice directly from the vendor support engineers working in the field.

Earn 4 CPE Credit hours for attending this event.


8:30am - 9:10am: Welcome & Keynote - What Cloud Saavy Customers Really Want ' Customer Care in the Era of CI/CD, SOAR, and Self-service

There are lots of innovative, brilliant solutions that can greatly benefit us as cloud customers. Many times these messages may fall on deaf ears. Bulk email is effortless to ignore, and trade show booths are minimally effective. How do solution providers truly connect with the right customers? Just as important, what are cloud customers looking for in the relationships they have with their Cloud Service Providers and Security Solution Providers? Presented from the perspective of a Cloud Security Product Manager turned Cloud Security Engineering Leader, this talk delves into what customers need from their providers to help them overcome their concerns about cloud adoption.

Kenneth G. Hartman, Forum Chairman

9:10am - 9:40am: Taking a Security Mulligan

We've spent years iterating on the traditional model of security to improve over time. Fundamentally the controls and technologies we've been iterating and how we use them haven't changed much. With the advent of the cloud we are at a unique inflection point that could allow us to fundamentally change our security model. Is it time to take a security mulligan?

Alex Wood, VP Information Security and CISO, Pulte Financial

9:40am - 10:20am: Secure and Protect Your Users Everywhere

With highly distributed environments becoming the norm, SaaS usage on the rise and roaming users an attractive target for threats, find out how to shift your security, gain control and protect users more effectively. In this session we will take a look at new third party research that reveals a fundamentally new approach to how organizations secure roaming users and branch office locations.

We will discuss how Cisco Umbrella and Cisco Advanced Malware Protection (AMP) for Endpoints provide the first and last line of defense to help you prevent, detect and respond to attacks before damage can be done.

Chris Bilodeau, Technical Marketing Engineer, Cloud Security, Cisco

10:35am - 11:15am: Operationalizing Security in Cloud Environments

Data breaches in 2019 are already 'double 'what they were for 'all of last year, according to the latest breach barometer report from IT security firm Protenus. 'In response, security visibility is now a top concern for enterprises hosting applications on public cloud infrastructure.'the scale and speed of change in IaaS environments demand a continuous, automated approach.

This talk will discuss the fundamental requirements to operationalize effective automated security controls in cloud environments and offer examples on how users of CloudPassage Halo have leveraged its tooling to do so.

Siri Oaklander, Principal Solutions Architect, CloudPassage

11:15am - 11:55am: Cloudy with a Chance of DFIR: How Our Traditional Methodologies Need to Change

Traditional digital forensics and incident response (DFIR) processes include preparation, identification, containment, eradication, recovery, and retrospective. The introduction of mutable environments and resources within cloud-based networks means that our approach to incident response has changed. Our methodologies are fundamentally the same, but instead of relying on traditional approaches'such as capturing an image and downloading it from a cloud provider 'we should conduct our investigations with the same cloud resources.

The problem is, the cloud's sprawling nature makes DFIR increasingly difficult, especially when it comes to the identification, containment, and eradication steps. But since cloud providers are built with dynamic networks and resources in mind, we have new capabilities that allow us to automate the containment, eradication, and initial investigative processes.

During this presentation, Swimlane Research Engineer Josh Rickard will walk you through both traditional and cloud-centric incident response processes with security orchestration, automation, and response (SOAR). He will also discuss how open-source tools can assist with forensic investigations in cloud-based environments as well as explore a few 'gotchas ' related to incident response that should be continual areas of focus by the cybersecurity community.

Josh Rickard, Security Research Engineer, Swimlane

11:55am - 12:35pm: Microsoft Cloud Security Posture Management

Security practitioners at organizations today face the daunting challenge of securing assets and resources not only on-premises, but also in a public cloud - or possibly multiple public clouds. This may also be accompanied by resources hosted at 3rd party facilities. Merger and acquisition activities provide ever more complexity. Cloud Security Posture Management (CSPM) provides a means for security professionals to ensure that cloud applications are deployed in a secure manner and that they maintain compliance with established policies and frameworks. Automation tooling and machine learning become vital in this effort. This presentation will discuss this topic and how Microsoft helps play a role.

Chuck Enstall, Cloud Security & Compliance Architect, Microsoft

12:35pm - 12:45pm: Closing Remarks


Kenneth G. Hartman, Forum Chairman

Kenneth G. Hartman is a security engineering leader in Silicon Valley. Ken's motto is "I help my company earn and maintain the trust of our customers in our products and services." Toward this end, Ken drives a comprehensive program portfolio of technical security initiatives focused on securing customers' data in the AWS Cloud. Ken has worked for a variety of Cloud Service Providers in Architecture, Engineering, Compliance, and Security Product Management roles. 'From 2002-2011, Ken helped launch and lead a company called Visonex into a profitable, nation-wide dialysis-specific electronic medical record using a software-as-a-service (SaaS) business model. Ken holds a BS Electrical Engineering from Michigan Technological University and a Masters Degree in Information Security Engineering from SANS Technology Institute. Ken has earned the CISSP, as well as multiple GIAC security certifications, including the GIAC Security Expert. Ken is also a Licensed PI in Michigan as required by law to consult on criminal cases involving digital forensics.