You will earn 6 CPE credits for attending this virtual event.
Summit Format: Virtual
Cloud-based services are becoming increasingly more attractive to organizations as they offer cost savings, flexibility, and increased operational efficiency. However, protecting systems, applications, and data in the cloud presents a new set of challenges for organizations to overcome. Security teams need to adapt and learn how to utilize the tools, controls, and design models needed to properly secure the cloud.
For businesses and users making the transition to the cloud, robust cloud security is important. Constantly evolving security threats are becoming more sophisticated and IT teams will achieve greater security if they adopt a similar approach for the cloud as they do for their on-premise IT environment. Cloud security solutions are generally deployed and used to help protect data running across major public cloud services and private clouds.
Join this SANS lead event as we explore various cloud security topics through invited speakers while showcasing current capabilities available today. Presentations will focus on technical case-studies and thought leadership using specific examples relevant to the industry.
9:45 - 10:00 AM EDT - Event Welcome
Ken Hartman, Chair, SANS Institute
10:00 - 10:35 AM EDT - A streamlined approach to security governance throughout the Kubernetes lifecycle
Om Moolchandani, Co-Founder, Chief Information Security Officer, Chief Technology Officer, Accurics
Kubernetes is the standard for cloud native development in public and private clouds, and is notoriously complicated to secure.'there are a variety of approaches and tools to help you establish and monitor security policies within your clusters and applications, and additional tools that try to shift security left into the development process. 'Unfortunately, this often leads to fragmented enforcement and redundant controls which waste time and effort while leaving gaps and blind spots.
This session explains a streamlined approach for securing Kubernetes which relies on open source technologies which work together to establish security policies through automated enforcement throughout the cloud native lifecycle.'learn how to start with a single source of truth for security policy, erect guardrails that enforce that policy in integration and deployment pipelines, and implement runtime controls that ensure non-compliant resources and configurations cannot enter the cluster at runtime. 'Coupled with a robust library of existing policies and the ability to define your own, such an approach delivers better security with less effort.
10:35 - 11:10 AM EDT - Getting Started With SASE: Connect, Control and Converge With Confidence
Eric Eddy, Technical Marketing Engineer, Cisco Cloud Security Business Group, Cisco
Digital business transformation and the shift to a distributed workforce are driving networking and security to the cloud. The secure access service edge (SASE) model consolidates networking and security functions word ' traditionally delivered in siloed point solutions ' into a single integrated cloud-delivered service. Join us to hear pitfalls to avoid when starting your transformation to SASE.
11:10 - 11:25 AM - Break
11:25 AM - 12:00 PM EDT - Building in the Cloud? Working in the Cloud? Ohh '.We need to Monitor in the Cloud?
Joel Bork, Senior Threat Hunter, IronNet
Josh Trout, Software Engineering Manager, IronNet
Every organization is scrambling to enable Network Detection and Response capabilities into their enterprise network since the Solarwinds/Solarigate incident. 'Unfortunately this incident was not directed ONLY to enterprise networks - it impacted cloud and hybrid environments alike.
If that is the case, then how do you get the network traffic out of a hybrid or cloud environment?
This is a question we hear often and in this talk we are answering exactly that and how we at IronNet are using it to monitor our cloud-based build system and devops efforts.
12:00 - 12:35 PM EDT - Exploiting and Defending Service Account Impersonation Permissions in GCP
Jesse Somerville, Senior Security Engineer, Praetorian
Andy Gu, Security Engineer, Praetorian
Managing Google Cloud Platform (GCP) Service Account Identities can be daunting, especially for cloud deployments in large, distributed organizations. With simple misconfigurations or usages of insecure defaults, users may be exposing themselves to project or organization compromise.
In this talk, Jesse Somerville and Andy Gu will outline the primary structure of the IAM permission model in GCP and how identities are utilized by various Google Cloud resources. We will identify misconfigurations that can be leveraged by malicious users to escalate privileges and walk through attack paths attackers can use. As a result of these vectors, we will present a few solutions that can allow users to audit account usage and manage privileged access that leverages tooling such as vTPMs, Googles Identity Aware Proxy, Stackdriver, and Service Account Impersonation Privileges.
12:35 - 1:10 PM EDT - Shift-Left is Not Sufficient: Why Agentless Runtime AI Security is Necessary for the Cloud
Arun Raman, VP of Cloud Products, Blue Hexagon
There has been a huge hype about tools for dealing with cloud misconfigurations and cloud security posture. However, modern attacks on the cloud cannot be thwarted anymore by just shifting left. Attackers have moved to complex, multi-stage attacks that use supply chain infection, evasive beaconing, zero-day Linux malware, and ransoming cloud storage. These attacks only manifest at runtime, and defending against them requires multi-vector inspection of workload, network, storage, and control plane activity at runtime and in real-time. As importantly, the security architecture must provide full cloud coverage and must not introduce supply chain risk.
In this session, we will explore customer case studies on how an agentless runtime AI security approach helped defend against real-life modern cloud attacks.
We also demonstrate how such a solution can be deployed within minutes and easily maintained in complex multi-region, multi-VPC, multi-OS, multi-account, and multi-cloud architectures.
1:10 - 2:10 PM EDT - Lunch
2:10 - 2:55 PM EDT - Palo Alto Networks
2:55 - 3:35 PM EDT - Not All Risks are Equal - Why Context Matters in Cloud Security
Patrick Pushor, Technical Evangelist, Orca Security
The promise of adding new security tools and capabilities to your security operations efforts is more intelligence to make better, more well-informed decisions with, but do they deliver on that promise? If your Security Operations Center (SOC) team receives hundreds of 'high priority ' alerts every day should they even trust the risk score that is being used? An overwhelming number of alerts desensitizes the very people tasked with responding to them, leading to missed or ignored alerts or delayed responses. In this session, we discuss our best strategies in the fight against alert fatigue and how to rebuild trust in security intelligence.
3:35 - 3:50 PM EDT - Break
3:50 - 4:25 PM EDT- Beyond DAST: A DAST-First Tool with IAST Depth
Mark Schembri, Technical Solutions Engineer, Invicti
The versatility of modern dynamic tools bring advantages that extend far beyond the typical vulnerability scanning functionality. The inclusion of True IAST functionality provides the best of both worlds by maintaining the advantages of a DAST solution while gaining the ability to go deeper than ever before to identify and verify more vulnerabilities with access to the application code.
In this presentation we discuss what True IAST is and how it helps get you even closer to your web application security goals.
4:25 - 5:00 PM EDT - Gigamon
5:00 - 5:35 PM EDT - Upleveling of the cloud infrastructure: Shift-Left vs Shift-Up
Dinesh Subhraveti, Container and Cloud Security, CrowdStrike
Containers represent an upleveling of cloud infrastructure from physical and virtual machines toward applications. This shift is forcing businesses to think of new approaches. First, security awareness is being extended to earlier stages of application development ('shift-left '). Second, the security signal captured at runtime is being extended to include application-level events such as container context ('shift-up '). Join us to hear how you can account for these fundamental changes and provide a holistic solution that effectively blends traditional security capabilities with ones required by modern environments.
5:35- 5:45 PM EDT - Wrap-Up
Summit: June 3-4 | Training: June 7-12
CloudSecNext Summit & Training will bring together a unique combination of real-world user experiences and case studies, as well as practical, technical training focused on specific approaches and skills for building and maintaining a secure cloud infrastructure. As a virtual attendee, you'll explore current approaches, tools, and techniques with fellow practitioners facing similar cloud-related security challenges.