Name: Real-Time CSPM: Cloud Security Starts with Complete Visibility
Start: 2023-07-18T17:00:00Z
End: 2023-07-18T17:00:49.000Z
Location: BrightTALK
Rating: 0

Your home for everything cloud native! Learn how you can see and stop threats across every phase of your software development lifecycle, from code to cloud and back. Here you'll find video content on topics, including but not limited to: Cloud Native Application Protection Platform (CNAPP) Security, Cloud Security Posture Management (CSPM), Software Supply Chain Security, Vulnerability and Risk Scanning, Advanced Malware Protection, Cloud Workload Protection (CWPP)
Kubernetes Security Posture Management (KSPM) & more! 

As organizations increasingly migrate their workloads to the cloud, the question of security becomes paramount. Many are left wondering how to effectively protect their multi-cloud workloads from ever evolving and prominent cybersecurity threats. "Mastering Cloud Security: An Introduction to Workload Protection" will discuss the key components of a cloud workload protection solution, focusing on the unique capabilities needed to safeguard workloads against current and emerging threats.

Key Takeaways:
• Understanding the unique challenges of cloud workload security
• A breakdown of critical workload protection capabilities
• Learn about effective protection strategies including behavioral detection techniques, drift prevention, and malware protection
• Practical guidelines for implementing a robust cloud workload protection strategy

Join us for this in-depth look into cloud workload protection and arm yourself with the knowledge and tools needed to safeguard your organization's multi and hybrid cloud environments. Whether you are a seasoned security professional or new to the field, this webinar will offer valuable insights for anyone invested in securing their cloud native applications.

Fortify Your Cloud Journey: Mastering Workload Protection

Containers as a service, like AWS Fargate, have proven to be a valuable mechanism for DevOps teams to build and deploy complex applications at scale. By removing the need for infrastructure management and security, customers can also reduce development costs using AWS Fargate with Amazon EKS.

However, customers are still responsible for runtime security, and ensuring that the code and applications that run on the containers are secured.

In this webinar, we will cover how customers can more easily automate and take advantage of AWS Fargate services to speed the delivery cycle, while still ensuring that security teams could enforce risk mitigation controls that would not disrupt the application’s availability, including.

•Integrating security and assurance into the Fargate container build process 
•Automating assurance policies that prevent non-compliant and unregistered images running 
•Monitoring processes that Fargate containers run, assessing them against policies, and enforcing networking segmentation to prevent container breakouts 
•Blocking unauthorized activities and zero day attacks without stopping all container processes

Security and Assurance for AWS Fargate Containers - A How-To Session

In this session, we'll explore the growing challenges faced by security and risk professionals in managing and securing cloud workloads and discuss effective strategies to mitigate these risks.

Managing cloud security risk has become increasingly complex, with security professionals struggling to keep up with the never-ending list of security alerts and siloed tools across their multi-cloud environments. Traditional CSPM approaches often fall short in providing real-time visibility and context necessary to understand and address cloud security risks effectively.

We’ll explore the key pain points associated with cloud security and highlight actionable solutions to overcome these challenges. Discover how real-time visibility provides the context, clarity and confidence you need to accurately identify cloud security risks, prioritize remediation efforts, and reduce noise by aggregating findings. 

By attending this session, you'll:

• Understand the evolving challenges in managing and securing cloud workloads
• Explore strategies to achieve real-time visibility and effective risk management
• Learn how to prioritize and remediate critical cloud security issues efficiently
• Discover techniques to unify cloud security across the application lifecycle
• Gain insights into achieving regulatory compliance in cloud environments

Cloud Security Explained | Code-To-Cloud and Back Webinar Series

As cloud computing continues to reshape the modern IT landscape, the approach to cloud security must also undergo a seismic shift. Over the years, cloud security posture management (CSPM) has undergone a remarkable transformation, adapting to the ever-changing needs of cloud-native environments.

Join us as we embark on a journey to trace the evolution of CSPM from inception to its cutting-edge state today. In this webinar, we will dive into the evolution of CSPM, exploring the beginnings of the solution, the challenges it aimed to address, and why agentless-only scanning no longer provides real cloud security. Throughout this session, we will analyze the pivotal milestones that have shaped the evolution of CSPM, from basic configuration checks to sophisticated behavioral threat detection and beyond. Then, we'll speculate on what the future holds and how CSPM can keep evolving to address future cloud and cloud-native security challenges.
Key highlights of the webinar:
• The genesis of CSPM: Understanding its origins and initial motivations.
• Evolutionary stages: A comprehensive overview of CSPM's development over the years
• Key challenges and solutions: Examining the pain points CSPM has tackled along the way
• Advanced CSPM capabilities: Understanding the latest innovations driving CSPM effectiveness
• The future of CSPM: Predicting the trajectory and upcoming trends in cloud and cloud-native security

The Evolution of Cloud Security Posture Management (CSPM)

In this session, we'll address the critical pain points and challenges faced by developers and DevOps professionals in ensuring the security of their software development practices. 

Learn how to fortify your software supply chain and effectively manage third-party risks and open-source vulnerabilities. Gain insights into integrating security practices seamlessly into your CI/CD pipeline, enabling you to identify and remediate vulnerabilities in container images early in the development lifecycle. Elevate your container security through advanced container analysis, ensuring compliance and detecting embedded vulnerabilities in your deployments.

By attending this session, you will learn how to:
• Strengthen your software development practices with industry-leading approaches
• Secure your software supply chain and mitigate third-party risks
• Integrate security seamlessly into your CI/CD pipeline for continuous protection
• Enhance container security through advanced analysis and compliance enforcement

Dev Security Explained | Code-to-Cloud and Back Webinar Series

In today's dynamic and ever-evolving technology landscape, organizations are rapidly embracing cloud-native architectures to drive innovation and scalability. However, this shift introduces new security challenges that need to be addressed.

During this session, our expert speakers will guide you through the fundamentals of CNAPP and its crucial role in securing your cloud-native applications. We will explore the unique security requirements and pain points that arise when deploying applications in a cloud-native environment. From containerization to microservices, we will discuss the key vulnerabilities and risks that need to be mitigated.

You will gain insights into how a CNAPP enables seamless collaboration across teams, eliminates cloud native blind spots with true holistic visibility, and prevents successful attacks using one source of truth across the entire software development lifecycle (SDLC) that is only available from a platform solution.

CNAPP Explained | Code-to-Cloud and Back Webinar Series

Despite having robust code scanning, software supply chains are being compromised through attacks targeting developer tools. How do these attacks evade traditional security checks, and what’s the impact downstream in production?

In this session, you’ll learn how to apply security throughout the entire application lifecycle. This will enable you with the ability to catch and remediate zero-day threats and prevent your development teams from creating attack surface in runtime while maintaining compliance with industry frameworks such as SLSA, NIST SSDF, and CIS Software Supply Chain Benchmark.

You’ll also see eBPF-based pipeline integrity scanning in action. This will allow your development teams can connect with real time context and block suspicious behavior or malware in environments. Providing comprehensive protection against advanced supply chain attacks all within one tool.

Context from Code-Cloud and Back with eBPF powered pipeline integrity scanning

Software supply chain attacks are dramatically on the rise, and data shows a 300% increase year-over-year. Although threats to the software supply chain continue to increase, studies show that security across development environments remains low. So, what can you do?

Join 451 Research and Aqua Security as we discuss the findings of an in-depth end-user study from senior security leaders in large enterprises across the world, share perspectives on the general state of affairs as they relate to application security testing, more specifically the software supply chain and dive into the new capabilities of the Aqua supply chain solution.

In this webinar, you’ll learn:

-The present state of secure application development -Conditions driving change -Current areas of focus for enterprises -How to prevent the next software supply chain attack

Extending the focus of AppSec to securing the Software Supply Chain

Ensuring software integrity is harder than ever given the increasing assembly line complexity of open source dependencies, CI/CD toolchains, infrastructure-as-code and containers that now factor into the software development process. Successful high-profile software supply chain attacks on enterprises along with the new U.S. executive order mandating the use of software bills of materials (SBOMs) are driving organizations to expand security efforts around software development and better secure the software supply chain.

To prevent these attacks, modern development must intelligently leverage SBOMs and the secure software development framework for control of the development process that empowers teams to go faster with inherent security.

Join Aqua, IBM & AWS to learn:

-Compliance for the US Executive Order -Adopting the new guidance from NIST to implement secure development practices -Preventing software supply chain attacks by securing code, enabling shift left security, proactively leveraging SBOMS and ensuring open-source health -The impact of well-implemented supply chain security on process improvements and their financial outcomes

Moving Beyond SBOMS To Secure The Software Supply Chain

DevSecOps has been trending for several years and while many aspire to the practice, fewer are able to implement it rigorously. How is the accelerated adoption of the cloud impacting DevSecOps transformation?

Join Merritt Baer, principal in the AWS Office of the CISO, and Rani Osnat, SVP of strategy at Aqua Security, for an informed exchange from the perspective of a cloud service provider and a cloud-native security pioneer on how enterprises are working thorough and resolving these challenges.

Among the topics that will be covered:

-Is DevSecOps necessary for developing and deploying applications in the cloud? Or it is just a buzzword? -How are different organizations approaching the concept of DevSecOps? Are there right and wrong approaches? -What is a realistic starting point and how can you identify quick wins while making the right long-term investments to secure your cloud footprint? -How can your organization maintain alignment across security, Dev, Ops and SRE teams?
-Why does a cross-functional approach underpin the development of AWS services and where does security fit in?
-How does the shared responsibility model factor into security considerations and what is the role of third-party security products?
-How has the threat landscape changed and what threats should we prioritize?

Cloudy with a Chance of DevSecOps | AWS

The shift towards building applications as Cloud Native is now in full swing, as new applications are built for speed and scale using DevOps principles, containers, and Kubernetes in the Cloud. A corresponding shift is underway in how to secure these applications in a way that preserves and builds on their unique properties.

In this presentation, Tsvi Korren, Aqua's Field CTO will discuss the basic building blocks of Cloud Native and how to build a security program that starts at the supply chain and ends with stopping attacks directed at running workloads.

The Building Blocks of a Cloud Native Security Program

Zero-trust is a security model that assumes every user, device and system within an organization's network is potentially untrustworthy and requires verification before granting access to resources. This approach removes the assumption of trust based on network location or user identity, enabling a more secure cloud-native environment.

In this program, we will provide a comprehensive guide to implementing zero-trust security for cloud-native environments. We will cover the basic principles of zero-trust including the principle of least privilege, networking and micro segmentation and container access at runtime.

We will also explore the challenges and benefits of implementing zero-trust security in a cloud-native environment, as well as the tools and techniques that can be used to support this approach. By attending this program, you will have a better understanding of how to design and implement a zero-trust security model for your organization's cloud-native environments and learn best practices for maintaining and monitoring it.

Join AWS and Aqua Security to learn more about the benefits of implementing zero-trust security and how it can help secure your cloud-native environment.

Implementing zero-trust security: A conversation with AWS & Aqua Security

Cloud attacks happen in seconds and are designed specifically to evade agentless detection. Traditional CSPM solutions can only provide partial visibility and fail to alert security professionals of their true cloud security risks. In this event, you’ll see first-hand how Aqua’s unique approach goes beyond point-in-time snapshot scanning to provide real-time visibility for a complete risk assessment of your multi-cloud environments. With complete visibility and high-fidelity risk detection, you have better context to prioritize what’s most important, without the manual task of sifting through the noise of ever-mounting alerts.

A few main takeaways:

How 52% of cloud native attacks evade agentless detection
Real-time risk visibility into fileless and in-memory attacks
Cloud Service Provider cost control (snapshot scanning adds up)

This industry-first solution delivers on the promise of real-time cloud security, outperforming traditional CSPM solutions and providing 100% visibility into 100% of the problem, eliminating the frustration that comes with legacy CSPM.

Real-Time CSPM: Cloud Security Starts with Complete Visibility

CSPM

Cloud Security

Public Cloud

Cloud Adoption

Application Security

Cloud Applications

Cloud Native

Vulnerabilities

Real Time Analytics

Real Time Response

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Real-Time CSPM: Cloud Security Starts with Complete Visibility

Presented by

About this talk

More from this channel