Solutions Forum 2022: Is Your SecOps Ready for Cloud and Containers?

  • Thursday, 20 Oct 2022 11:00AM EDT (20 Oct 2022 15:00 UTC)
  • Speakers: Jake Williams, Janet Matsuda, Michael Isbitski, Anna Belak, Stefano Chierici, Daniella Pontes, Xavier Mendez, Asha Ramakrishna
Skyscanner and Sysdig Join SANS to Share Insights

You likely have existing security capabilities to support threat detection and response in your organization, but are those capabilities designed for cloud and cloud-native environments? “Endpoint” or “host” concepts fade in favor of containers, serverless, and service interactions. Traditional security approaches can’t address the range of potential problems. What is your plan for maintaining visibility and control as IT teams evolve their technology stacks? Attend this forum to understand the types of threats impacting cloud and containers and hear from other industry veterans on topics including:

  • How to mitigate newer threats in cloud and container environments, such as compromised container images and cryptojacking
  • What’s needed to correlate events, map to MITRE ATT&CK, investigate incidents, and trigger appropriate response
  • How remediation must include “as-code” approaches and automation in cloud-native designs

Join the SANS Solutions Forum Interactive Slack Workspace for this event (and all SANS Forums)! Connect once, and you're set for all events in 2022!

As an added bonus, one lucky registrant will be chosen to receive a SANS Cloud Security Course valued at $8,200!! *** All event registrants will be entered in a drawing for a complementary SANS Cloud Course of your choice sponsored by Sysdig.*** (Travel & hotel expenses not included).





Skyscanner Logo

Agenda | October 20, 2022 | 11:00AM - 1:00PM ET

Schedule (EDT)


11:00 AM

Welcome & Opening Remarks

Jake Williams, Senior Instructor, SANS Institute
Janet Matsuda, Chief Marketing Officer, Sysdig

11:10 AM

Evolve Your SecOps Strategy for the Cloud Era

Traditional endpoint security approaches and tools like EDR aren't enough to secure cloud and cloud-native environments. Gaps in security monitoring or lost audit trails are inevitable, making forensics and incident response challenging, if not impossible. In this session, learn how:

  • Endpoint security tools can leave you exposed to cloud threats
  • Added context is needed for containers, Kubernetes, and cloud services
  • Remediation must use “as-code” approaches and automation in order to be effective

Michael Isbitski, Director of Cybersecurity Strategy, Sysdig

11:25 AM

DEMO: Applying EDR-like Workflows to Containers and Kubernetes

In this 10 minute demo, we will demonstrate how Sysdig provides an EDR-like experience and enables rapid response for cloud, containers, and Kubernetes environments.

Daniella Pontes, Sr. Product Marketing Manager, Sysdig

11:35 AM

The Right Time and Place for Machine Learning Pixie Dust

Moving to the cloud changes how we think about security, but we still want the most sophisticated detection and response systems money can buy. What’s the right formula for the best coverage against new threats? In this session, we will:

  • Learn about the nuances of machine learning in security
  • Identify security use cases where ML shines or falls short
  • Show how cryptojacking can be mitigated with carefully tailored ML

Anna Belak, Director of Thought Leadership Engineering, Sysdig

11:50 AM

DEMO: Detecting Crytojacking in the Cloud with Machine Learning

In this 10 minute demo, we will show you how Sysdig can automatically detect cryptojacking patterns with 99% precision using ML.

Nigel Douglas, Technical Marketing Manager, Sydig

12:00 PM

Accelerate Cloud Detection and Response Using the MITRE ATT&CK Framework

As cloud threats continue to rise, understanding an adversary’s tactics, techniques and procedures (TTPs) is critical to strengthening cloud security. How can you pull together a unified and simplified approach to speed up detection and response for your SOC team? In this session, we will: Dive into a comprehensive view of the MITRE ATT&CK for Cloud Matrix Explore real attack scenarios and best practices to detect them Share how open source tools like Falco power threat detection and response

Stefano Chierici, Sr., Security Researcher, Sysdig

12:15 PM

DEMO: Cloud Detection and Response Using MITRE

In this five minute demo, we will demonstrate how to detect and respond to threats across cloud and containers using the MITRE ATT&CK framework.

Daniella Pontes, Sr. Product Marketing Manager, Sysdig

12:20 PM

Fireside Chat: What Does Effective Cloud Detection and Response Look Like?

Hear from a panel of industry veterans on how environments have changed with adoption of cloud and container services, and how it's necessitated changes to threat detection and response. The panel will address real-world impacts to SecOps strategies in modern architecture and how processes and tooling must evolve.

Moderator: Jake Williams, Senior Instructor, SANS Institute
Michael Isbitski, Director of Cybersecurity Strategy, Sysdig for TL
Xavier Mendez, Head of Security, Skyscanner
Asha Ramakrishna, VP of Engineering, Sysdig

12:50 PM

Wrap-Up and Closing Remarks

Jake Williams, Senior Instructor, SANS Institute