Name: Tackling Over-Privileged SaaS Access with the Power of Security Automation
Start: 2024-06-11T18:00:00Z
End: 2024-06-11T18:00:26.000Z
Location: BrightTALK
Rating: 3.8

CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org.  Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa

Following a comprehensive survey of 2,800 IT and security professionals across the globe, Prisma® Cloud's team unveiled intriguing findings in their 2024 State of Cloud-Native Security Report.

The report survey found that although 47% of organizations know about security risks associated with AI-generated code, 100% of respondents embraced AI-assisted application development.

Despite recognized risks, this unanimous adoption suggests a potential oversight in balancing innovation and security. Watch this webinar to learn how to:
• Secure the next generation of AI-powered applications to stay ahead of inevitable AI-powered attacks.
• Unveil critical cloud security hurdles and remain aware of obstacles in application development.
• Plan for the future of your organization with the latest expert insights on cloud native security.

Secure Your Applications: Learn How to Prevent AI-Generated Code Risk

With the ever changing nature of IT and the rising number of cyber threats these days, IT teams are struggling to keep up without the help of automation. Despite that, over half of organizations (53%) cite security concerns as a significant barrier to using automation in endpoint management.* In this webinar, we’ll walk you through a 3 step guide on how to adopt safe automation that keeps your environment safe and up-to-date with a healthy balance of tech and human talent.

Join us to learn:
• A step by step guide to safe automation adoption
• Why automation is key to personal and organizational maturity
• What security certifications to look for in endpoint management tools

The IT Admin's Guide to Safe Automation

As we edge closer to 2030, compliance standards are evolving at an unprecedented pace. Join us for "Cloud Control: Scaling Compliance in Cloud Environments Like a Pro" to learn how to navigate these changes effectively. This session will cover the challenges of maintaining regulatory adherence in dynamic cloud infrastructures and how Continuous Controls Monitoring (CCM) and automation can transform your compliance approach. Gain insights into the integration of compliance as code into DevSecOps workflows, ensuring continuous compliance and security.

We’ll provide practical tips, detailed strategies, and real-world examples to help you streamline compliance processes, reduce manual efforts, and enhance efficiency. Hear from industry experts on the latest trends and technologies shaping the future of compliance. Learn how to prepare your compliance strategy for 2030 and beyond.

Cloud Control: Scaling Compliance in Cloud Environments Like a Pro

Join us as we dive into the results of the fourth annual State of Cloud-Native Security Report, commissioned by Palo Alto Networks. This study, which surveyed more than 2,800 cloud security professionals across ten countries, sheds light on the challenges organizations face and the strategies they employ to navigate the complexities of cloud security and AI risks.In this on-demand webinar, Stephen Giguere, Security Advocate at Prisma Cloud, covers the latest trends and insights shaping the future of cloud-native security:
• Although nearly half of organizations know about security risks associated with AI-generated code, 100% of respondents embraced AI-assisted application development.
• 47% of security professionals anticipate AI-driven supply chain attacks.
• 64% of organizations reported a substantial increase in data breaches.

Why you should watch:
• Gain valuable insights into the current cloud-native security landscape and industry trends.
• Explore the need for better risk prioritization in today's intricate cloud ecosystem.
• Address critical concerns surrounding AI-generated code, unmanaged APIs and the expansion of the attack surface.
• Learn actionable steps organizations take to secure data and rapidly deploy applications.
• Discover strategies for bridging the gap between security and development teams.
• Enhance readiness for AI-related security risks and integrate solutions into operational frameworks.

The State of Cloud-Native Security 2024

Understanding your cloud security posture does not necessarily mean understanding your data posture. Organizations adopting a Cloud-Native Application Protection Platform (CNAPP) to protect cloud-native applications are at risk of leaving data assets exposed. One such risk is shadow data resulting from dynamic changes to data pipelines and services across cloud service providers (CSPs) creating hidden repositories where the data is unknown, undiscovered, or unidentified. Due to the complexity of securing multicloud environments, this can pose significant security gaps leaving cloud teams in the lurch.

In this session, Terry Ray, SVP and Imperva Fellow, and Sumanth Kakaraparthi, VP of Product Management Imperva Data Security will discuss how organizations are overcoming these blind spots by effectively leveraging in-depth observability, meaningful analytics, and solid data protection practices to reduce data risk from information that drives business growth.

Join to learn:
• How the rapid growth of cloud-native applications is creating shadow data 
• Why CNAPP falls short for data security, posture, and sensitive data management 
• What challenges do organizations face in gaining complete visibility and control across on-premises and multicloud platforms
• How organizations are leveraging a data-centric approach to protect data at scale

Reining in Shadow Data: Move Beyond CNAPP

In today's generative AI landscape, traditional security techniques fall short in protecting modern AI applications. Cybersecurity teams need to understand the OWASP Top 10 threats specific to LLMs to effectively mitigate AI and data risks. While LLM Firewalls play a crucial role in protection, they are not sufficient on their own to address these threats. The rapid adoption of generative AI, coupled with the rise of shadow AI, use of sensitive data, unknown vulnerabilities, and emerging threats, presents significant security, privacy, and compliance risks.

Join our in-depth webinar to explore the top 5 AI security steps recommended to bolster your GenAI defenses. We will cover:
• Understanding AI and Data Security Challenges: Delve into shadow AI, OWASP Top 10 threats for LLMs, data mapping, and sensitive data exposure risks.
• Implementing LLM Firewalls: Learn to protect your prompts, data retrieval, and responses from attacks.
• Enforcing Data Entitlements: Discover how to prevent unauthorized data access in GenAI applications.
• Enforcing Inline Enterprise Controls: Find out how to safeguard sensitive data during model training, tuning, and RAG (Retrieval Augmented Generation).
• Automating Compliance: Streamline your adherence to emerging data and AI regulations.

Top 5 Steps to Mitigate OWASP Top 10 Threats

The data security dilemma needs to be addressed. Despite a ballooning cybersecurity spend of over $183 billion dollars in 2023, breaches increased by a staggering 78% in the same year. Threat actors increasingly take advantage of the misalignment between security and usability that companies are trying to balance with their data. Legacy solutions using access control and dynamic masking have not kept up with the advancements of our data and AI workloads. Finding a balance between data consumption and security risk is possible, and can deliver significant value. 

Join this webinar to hear about:
• Understand the interplay between data risk and consumption to deliver business value and improve your data security posture.
• Re-examine the role access control and dynamic masking solutions play in your data security strategy.
• Uncover new areas of opportunity to apply a risk-based consumption model into your organization.
Translate a zero-trust data segmentation model into business value and achievable dollar savings.
• Drastically reduce your data’s attack surface, risk of breach, double extortion, third party supply chain, and cloud & AI workload exposure.

A Data Security Dilemma: The Misperception of Data Protection in Cybersecurity

In ephemeral cloud environments, organizations often struggle to keep track of all their cloud resources, especially in expanding hybrid and multi-cloud environments with dozens or hundreds of users deploying applications into production.

Proper implementation and enforcement of tagging rules for cloud resources can help users keep track of their running workloads while ensuring consistent application of security policies.

However, as much as resource tagging can help organizations, the implications of an inconsistent tagging strategy are far-reaching. Risks include difficulties identifying resource owners, inflated costs due to unidentified and unused/zombie resources, and potential vulnerabilities within stale, unpatched workloads.

Join this session to understand why tagging is a critical component of cloud security and how adopting Policy-as-Code and automation can help mitigate issues caused by inconsistent tagging. Presenters will dive into the best practices for building a tagging strategy and how you can implement them using a cloud-native application protection (CNAPP) tool.

Tagging Strategies for Cloud Security Success

Enterprises are accelerating cloud migrations, building business resilience, and enabling hybrid work by adopting zero trust (ZT) architectures. According to the “Security Outcomes for Zero Trust” report by Cisco, 86% of respondents report that they have already started a ZT implementation. 

Traditional ZT implementations are focused on securing user access TO applications using zero trust network access (ZTNA). However, as businesses increasingly rely on SaaS applications for their operations, security teams find that traditional ZTNA implementation often overlook critical gaps at the application and data level. These gaps include misconfigurations in access controls, unchecked privileges, data leaks, and overlooked third-party integrations. 

Zero Trust Posture Management (ZTPM) extends the zero trust architecture beyond the network to SaaS applications and data. Join AppOmni CTO, Brian Soby on Tuesday, June 18, 2024 to learn the ZTPM principles that secure THROUGH applications to create an end-to-end ZT architecture. See how to achieve:

1. Standardized least privilege access across your SaaS applications 
2. Continuous monitoring and closed loop ZT implementation
3. Granular access decisions to prevent privilege misuse
4. Dynamic policy enforcement to reauthorize users based on context and behavior
5. Configuration assurance to prevent drift and ensure compliance

Bolstering SaaS security with Zero Trust Posture Management

Are you thinking about data and AI security in 2024?

Growing data volumes, increased regulation and the shift toward AI make it difficult for organizations to understand which sensitive data they hold, who can access it and where it's exposed. To regain visibility and control, organizations are exploring data security posture management with data detection and response.

In this webinar, you'll learn:

• Why the cloud creates a new attack surface that is inherently difficult to protect.
• The security and compliance risks that stem from unprotected data and AI infrastructure in the cloud.
• An introduction to DSPM and Dig Security, which was recently acquired by Palo Alto Networks.
• How agentless tools allow you to see a full picture of data risk in your environment within 24 hours, without impacting other business operations.
• Getting started with data discovery and classification.
• Monitoring data and responding to incidents in near-real time.

Stay one step ahead of data risk in 2024 to prevent costly breaches and compliance violations. Explore DSPM and DDR technologies and how they can help you discover, classify, protect and govern all your data across the different cloud environments.

Protecting Data and AI in 2024: What CISOs Need to Know

Living off the land (LOTL) cyber attacks have gained attention as a significant and growing threat to global security, exploiting everyday tools within your network to conduct malicious activities undetected, sometimes for years. The adoption of LOTL techniques by state-sponsored groups and independent actors is increasing, posing serious risks to critical infrastructure worldwide. Of course, LOTL won’t be the last innovation by bad actors, so by understanding and addressing these threats proactively, organizations can develop scalable strategies to bolster their defenses and maintain resilience into the future.

Register for the webinar on June 10th at 10:00 AM PT to join Ravid Circus, CPO of Seemplicity, and Dave Beabout, Global CISO at NTT Security Holdings, as they discuss LOTL attacks and delve into effective strategies that CISOs can implement to safeguard their organizations now, and going forward. In this conversation we will:

• Review the Geopolitical Landscape: Understand the role of LOTL attacks in the geopolitical landscape.
• Understand LOTL Techniques: Explore how these techniques are employed, their evolution, and future implications.
• Outline How to Build Organizational Resilience: Priority considerations for maintaining good cybersecurity hygiene when combatting LOTL and other advanced threats. 

Join us to equip yourself with the knowledge and tools to tackle one of the most insidious forms of cyber threats facing organizations today.

Navigating Modern Cyber Threats: Strategies to Overcome LOTL and More

In this era of breakneck advancements in AI, enterprises face the challenge of harnessing the power of AI, while safeguarding sensitive data and models. This webinar explores how Model Serving works with Confidential AI Clean Rooms to ensure that enterprise AI initiatives are secure, performant, and successful. 

AI and ML systems have countless components, which may be vulnerable and hard to manage. Using an AI inference platform enables enterprise AI teams to build fast, secure, and scalable AI applications. By combining an AI inference platform with Confidential AI Clean Rooms, you can add the benefits of Confidential Computing, a revolutionary technology that provides a hardware root-of-trust and protects the entire system and all of its components. 

Your models and data should reside within your cloud account with full visibility and control over the compute resources and network access. When the entire system is deployed in your own infrastructure, it ensures that data and models are never exposed to external access or third-party SaaS vendor risk. 

Join Anjuna and BentoML to see practical strategies to protect AI processing and collaboration workflows. You will learn how enterprises can embrace AI innovation with resilience and confidence, unlocking new opportunities.

Secure AI at Scale: Model Serving with Confidential AI Clean Rooms

Credentials, made up of passwords and usernames, serve as the keys to our online existence. According to Lastpass, professionals manage up to 200 sets of credentials on average, emphasizing the need for strong, unique passwords that are regularly updated. When credentials are compromised, cyber attackers gain frictionless entry into sensitive systems and can often move laterally to find your crown jewels.

Attend this webinar to understand:
• Execution methods behind compromised credential attacks
• What the bad actors do with stolen identities
• Preventative best practices to implement today

Compromised Credentials in 2024: What to know about the world's #1 attack vector

Tackling least privilege in cloud environments is complex; with over 42,000 permissions to manage, tens of accounts, and thousands of identities to create policies for, traditional least privilege is not only impractical, but feels hopeless.

Not to mention, the majority of those 42,000 permissions are mundane; so why are we asking DevOps to spend cycles securing low-risk permissions?

In this session, we’re talking all about action and securing what is most critical. Because, let’s be honest, we’re all looking to maximize risk reduction without frustrating our dev teams by limiting access. 

In this webinar, we’ll explore:
• Why you should focus on sensitive vs non-sensitive permissions
• 5 risky permissions you should look at right now
• Challenges of implementing least privilege with native tooling
• How to build least privilege that scales alongside your cloud
• Implementing global policies that support both security and DevOps efficiency

Join us to learn how your organization can navigate the complexities of cloud security, achieve operational efficiency, and secure your cloud environments with our trailblazing approach to least privilege.

Least Privilege Reality Check: Refining Cloud Access and Permissions

With an increasingly distributed workforce and cloud-hosted data, the SaaS security threat landscape is evolving faster than ever before. Attackers are identifying poorly secured devices and identities to gain access to SaaS applications and the sensitive data contained within them.

Join a panel of cybersecurity experts from Crowdstrike, Valence and Corelight as they delve into:
• The increasing number of attacks on SaaS applications
• How attackers exploit poorly-secured devices to access sensitive permissions & data
• Real-life case studies unveiling where attackers have been successful breaching SaaS-hosted sensitive data  
• Actionable steps to bolster your organization’s risk prioritization, remediation, and threat detection capabilities to stop breaches

Navigating the Security Maze of distributed SaaS Applications and Devices

The movement to the cloud has transitioned businesses and how they work, but the security and data tools used to tackle the new cloud challenges have not transitioned as well. And with all your data fueling the rapid adoption of AI applications, you now face an entirely new set of security risks. Why does it take so long for your cloud security and data tools to provide greater value? What can you do to enable the safe use of AI and associated data? Why can’t we utilize the data and AI to truly understand risk and manage the security posture of all your cloud, data, and AI? Wait… maybe we can.

Join this session to learn how you can forge a modern approach that integrates best-in-class technologies from cloud-native application protection platform (CNAPP) to data security posture management (DSPM), data security platform (DSP), AI security governance, and more. Learn how cloud security architects, vulnerability management, SOC, and GRC teams can combine the power of intelligent context, correlation, and threat intel to get into the mindset of an attacker and understand the risk patterns between modern apps, models, and data.

Key learnings:
• Outcomes achieved from using AI to protect cloud, AI models, and data
• Building intelligent risk and threat analysis model for protecting critical infrastructure and sensitive data in the cloud
• Understanding the incident blast radius and implications of sensitive data exposure
• Scaling remediation practices for addressing cloud and data security issues
• Streamline compliance with security standards, global data protection regulations, and privacy laws

A Smarter Approach to Protecting your Cloud, Data, and AI

Confidential computing can help any organization dramatically improve security without friction and complexity. Workloads can operate with privacy with hardware-level isolation, yet use fully elastic cloud computing, raising the bar on security and privacy over operations. In financial services and Fintechs, Confidential Computing can speed time to market with the highest levels of security, while avoiding spend and effort on software-only solutions that will always be vulnerable.

Join this webinar to learn the story of Portal's journey to integrate their Blockchain infrastructure with Confidential Computing, a pivotal technology currently shaping their security posture. Portal is a rapidly emerging financial technology company. Parsa Attari, co-founder at Portal, will engage in a candid fireside chat with Mark Bower, VP of Product at Anjuna, exploring the progression of Portal's venture into deploying secure enclave technology while meeting critical timelines.

Don't miss this insightful conversation illuminating the transformative power of this enabling technology in the Fintech sector.

Secure Nextgen Fintech: Portal's Fusion of Blockchain and Confidential Computing

Security automation brings a world of efficiency, saving man hours, reducing costs, and decreasing risk of data exposure. When done right, security automation streamlines manual and time-consuming tasks into automated workflows for the security operations team, making network security processes more efficient and less prone to human error. With enhanced efficiency, faster decisions can be made, improving an organization's entire security posture. 

Exposure management provides a broad view across the entire attack surface so organizations can better understand their cyber risk and prioritize critical business decisions. But what if this could be automated. Security teams would gain visibility into what their attack surface looks like and where they have the greatest risk. IT and security teams would be better positioned to work together to address cyber risk from both a technical and business standpoint. 

In this panel, Gal Nakash, Chief Product Officer at Reco, a SaaS security solution sits down with Denisa Nine, Senior Program Manager at UiPath, a software automation provider to discuss the role of security automation in protecting against the greatest risks that could lead to a breach, how it can be used to tackle over-privileged SaaS access and what the future of automation might hold.

Tackling Over-Privileged SaaS Access with the Power of Security Automation

SaaS

Data Exposure Management

Security Automation

CISO

Cyber Security

Application Security

Compliance

Remediation

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Tackling Over-Privileged SaaS Access with the Power of Security Automation

Presented by

About this talk

More from this channel