Name: 5-Minute Cloud Security Investigations in Action
Start: 2024-07-18T04:00:00Z
End: 2024-07-18T04:00:32.000Z
Location: BrightTALK
Rating: 0

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights, a unique AI architecture, and open source Falco. Sysdig delivers live visibility by correlating signals across cloud workloads, identities, and services to uncover hidden attack paths. By knowing what is running, teams can prioritize the vulnerabilities, misconfigurations, permissions, and threats that matter most. From prevention to defense, Sysdig helps enterprises move faster and focus on what matters: innovation.

Sysdig. Secure Every Second.

For businesses innovating with containers, every second counts. These environments present new attack surfaces for cybercriminals eager to exploit known security gaps in cloud-native settings. Sysdig is partnering with Docker by integrating Sysdig runtime insights into Docker Scout to help developers prioritize vulnerability risk and move faster.

Designed for developers and security professionals, Sysdig and Docker invite you to join our upcoming live webinar to learn use-cases:

- How to identify, prioritize, and fix security issues across the software supply chain to prevent unnecessary breaches
- How to cut through the vulnerability noise using Sysdig Runtime insights
- Hear best practices for accelerating cloud-native application delivery

_______________________________________
This event is co-hosted in partnership with Docker and Sysdig. As a result, both Docker and Sysdig are collecting your personal data when you submit such information as part of the registration process above. For more information on each party’s privacy practices, please see: 
Docker: https://www.docker.com/legal/docker-privacy-policy/
Sysdig: https://sysdig.com/legal/privacy-policy/

Both may use your personal data to inform you about its products, services, and events.

Unlock Security Efficiency with Sysdig and Docker

In recent months, attackers have targeted large political and sporting events, taking advantage of human error and major organizations’ cloud environments. Cyber attacks are more sophisticated than ever before, and due to the commonality of cloud-native technologies and services, detecting potential threats has become more difficult.

Cloud attacks are fast, and attackers can inflict critical damage on an organization in minutes. DevSecOps teams are progressively trying to keep pace with the many layers of increased complexity in their cloud estates. Once an organization is subject to an attack, they have approx. 5 sec to detect, 5 mins to correlate data, and 5 mins to respond before the damage is done. We are witnessing DDoS and MFA attacks on a global scale more frequently. All organizations are subject to large numbers of vulnerabilities, but not all pose an immediate risk. Using threat intelligence can improve future operations, preparation, and deterrence.

In this interactive session, Graham Cluley, podcaster and independent cybersecurity analyst, and Jonathan Care, expert cybersecurity advisor and former Gartner analyst, will discuss past and present cybersecurity concerns on global events such as the Olympics and elections, some of the more recent attacks to hit the headlines, the common challenges faced by DevSecOps teams in these cases, and strategies to overcome these hurdles effectively. Join our expert panelists addressing specific concerns and providing actionable advice.

Discussion points

Real-World Hack Stories: recent security breaches
Olympics, elections, and global events
Challenges in DevSecOps. Common obstacles faced by teams in integrating security with DevOps
Strategies for Overcoming Challenges: Best practices for fostering a security-first culture

Off-Track or On-Target: Paris Olympics, Global Elections, and Cyberattacks

In a security breach, employing well-defined DFIR techniques becomes imperative to effectively mitigate the incident's impact. However, with the spread of the adoption of containers, the employment of DFIR processes and capabilities is not just complex but is increasingly so. Join us in an insightful session covering cutting-edge DFIR practices on container environments. After a short overview of the essence of DFIR, we'll direct our focus towards various advanced DFIR techniques within a Kubernetes environment, which can prove highly beneficial in the event of a compromise. Starting from how to checkpoint compromised apps and restore them in a sandboxed environment for further analysis, we will move to conducting memory forensics on container evidence using old-style open-source DFIR tools. At the end of the presentation, the audience will be familiar with the advantages and disadvantages of the latest DFIR capabilities and have the basics to understand how to use them.

CSI Forensics: Unraveling Kubernetes Crime Scenes

Organizations embracing Cloud Native architectures require rapid and effective security measures. This keynote underscores the shift to open source in security operations and the importance of meeting the 555 Benchmark: 5 seconds to detect, 5 minutes to triage, and 5 minutes to respond to cloud threats. It highlights redefining processes and harnessing human intelligence and automation within an open-source ecosystem for cloud security

KEYNOTE: What can you do in 5-Mintues?

Have you ever woken up at night wondering why a parasitic fungal infection looks so much like cryptojacking? What about that time you were looking at hyphae under a microscope, and you couldn’t stop thinking about the implications that had on your defense-in-depth strategy? Let's not forget when you fed your pet Slimold and realized the analog it posed to your zero-trust cloud-access project. If, like me, these questions are on your mind 24/7, then this is the talk for you! We will explore the many lessons cybersecurity professionals can learn from our spore-bearing cousins from across the planet. Attendees will come away with newfound knowledge from the world of fungi and best practices in cybersecurity across the spectrum of cloud-native applications.

All I Know About Cybersecurity  I Learned from Fungus

What Sets the Cloud Apart? Can Your EDR Keep Up in the Cloud? ☁️

Watch Now! Dive into the exciting world of cloud detection and response (#CDR) with Sysdig CEO Suresh Vasudevan in this must-watch LinkedIn Live session. Featuring special guests Chris Forbes and Matt Stamper, distinguished CISO Advisors with a wealth of certifications (CIPP/US, CISA, CISM, CRISC, CDPSE, QTE), this session offers invaluable insights for any cloud security enthusiast.

This session marks the inaugural episode of Sysdig’s new Sysdig LIVE series. Discover the unique opportunities and complexities of cloud detection and response, and learn from some of the brightest leaders in #CloudSecurity. Don’t miss this chance to elevate your understanding and find out how to extend your EDR.

Sysdig LIVE: At Cloud Speed: Detection & Response for CISOs (LIVE)

What Sets the Cloud Apart? Can Your EDR Keep Up in the Cloud? ☁️

 Watch Now! In this must-watch LinkedIn Live session, dive into the exciting world of cloud detection and response (#CDR) with Sysdig CEO Suresh Vasudevan. Featuring special guests Chris Forbes and Matt Stamper, distinguished CISO Advisors with a wealth of certifications (CIPP/US, CISA, CISM, CRISC, CDPSE, QTE), this session offers invaluable insights for any cloud security enthusiast.
This session marks the inaugural episode of our new Sysdig LIVE series. Discover the unique opportunities and complexities of cloud detection and response, and learn from some of the brightest leaders in #CloudSecurity. Don’t miss this chance to elevate your understanding and learn how to extend your EDR to the cloud. Watch now and get the answers to the critical questions every CISO should be asking.

Sysdig LIVE:  At Cloud Speed: Detection & Response for CISOs

Cloud attacks are fast. Malicious actors leverage automation and other sophisticated techniques, executing attacks in less than 10 minutes on average. Security teams need to investigate and assess the situation to initiate an immediate response, but unfortunately, this is rarely the case. The overwhelming amount of data available in the cloud often needs more security context, slowing investigations to a crawl, as analysts are forced to collect and correlate evidence across multiple tools and domains manually.

So, how can security teams accelerate cloud investigation to combat these fast-moving threats? By joining this session, you'll gain valuable insights on:

- The importance of achieving the 5/5/5 benchmark for cloud detection and response – 5 seconds to detect, 5 minutes to triage, 5 minutes to respond.
- How to streamline investigation, minimizing manual effort from your security operations team.
- Key considerations for selecting security tooling optimized for swift investigation and response.
 
Speaker(s):
Matthew Rosenquist, Innovative CISO and Cybersecurity Strategist
Jamie Butler, Head of Runtime Protection and Response Strategy, Sysdig
Shantanu Gattani, VP, Product Management, Sysdig

Fast-Track Cloud-Native Investigations: Win the Race Against Bad Actors

Cloud attacks are fast. Malicious actors leverage automation and other sophisticated techniques, executing attacks in less than 10 minutes on average. Security teams need to investigate and assess the situation to initiate an immediate response, but unfortunately, this is rarely the case. The overwhelming amount of data available in the cloud often needs more security context, slowing investigations to a crawl, as analysts are forced to collect and correlate evidence across multiple tools and domains manually.

So, how can security teams accelerate cloud investigation to combat these fast-moving threats? 

Join this session to learn:
**The importance of achieving the 5/5/5 benchmark for cloud detection and response – 5 seconds to detect, 5 minutes to triage, 5 minutes to respond.
**How to streamline investigation, minimizing manual effort from your security operations team.
**Key considerations for selecting security tooling optimized for swift investigation and response.

Cloud Investigations in Just 5 Minutes: Exploring the Pitfalls of EDR for Cloud

As you move more workloads to AWS cloud, including investing in GenerativeAI workloads, ensuring tight security from early development through production is critical for safeguarding your business.

Join Sysdig and AWS for this deminar session for a discussion and demo of delivering unified security from “shift left” to “shield right” to accelerate your innovation on AWS.

Secure Your AWS Workloads From Code to Cloud

Cloud has changed the way we develop, deploy, and scale apps. Traditional perimeter and end-point security does not address the distributed and ephemeral nature of cloud and has huge blind spots for adversaries to go undetected. Active cloud risk is the most imminent threat security teams need to address. Even purpose-built Cloud Security Posture Management (CSPM) tools, relying on point-in-time assessments, need to catch up in detecting and mitigating these active risks.

This SANS Spring 2024 CyberFest keynote addresses the distinction between static and active cloud risks, common tactics used in cloud attacks, and the new 5/5/5 framework that sets a new standard in detecting, prioritizing, and responding to active cloud risks and threats. Watch it for a live discussion and real-life examples from our experts from Sysdig and Amazon.

Active Cloud Risk. How to Combat the Most Critical Threats

With a staggering 34% of all GenAI workloads publicly exposed, the need for swift detection of active risk has never been more urgent. Security teams, especially SecOps, are under immense pressure to identify and mitigate threats to AI models and data without delay. 
Mounting compliance pressures, fueled by recent and significant regulatory actions, have put security teams on high alert. The need to detect, prioritize, and remediate risks in real time, correlating assets and leveraging runtime insights, is more pressing than ever.

Within the last six months, President Biden issued an executive order, the NTIA called for independent audits of high-risk AI systems, and the EU adopted the world's first legal regulation around AI. This all leads to security teams needing to detect, prioritize, and remediate active AI risk by:

- Detecting threats in real-time to prioritize the most critical risk to AI workloads and data
- Correlating AI assets with activity and visualizing risk with interconnected resources
- Leveraging runtime insights to identify in-use AI packages with the highest risk to prioritize the most critical vulnerabilities to fix first

Join this webinar to learn how to gain visibility into AI workloads, identify active risk and suspicious activity in real-time, and ensure compliance with emerging AI guidelines.

How to Safeguard  GenAI Workloads in Exposed Environments

Discover the /555 Benchmark and empower your security team to combat cloud attackers faster with insights from Sysdig and Tines. Advanced threat actors readily leverage native cloud capabilities and automation to accelerate their attacks. Attackers need just 10 minutes or less to breach an organization. Traditional EDR tooling's limited cloud visibility and context has hamstrung even the most adept security teams' cloud detection and response workflows. Security teams are ready to embrace the realities of the cloud with cloud-native approaches, and it starts with the /555 Benchmark. 

In this webinar, we discuss:
-  Sysdig threat research and how cloud attacks are different
-  What the /555 Benchmark is
-  How /555 can secure business outcomes and operations
-  Why real-time detection in ephemeral assets matters
-  How to gain better visibility and context in the cloud
-  How Sysdig and Tines can simplify DevSecOps, operations, and security workflows
-  How security teams can implement tools and processes to meet the /555 benchmark

The /555 Benchmark: Challenge Cloud Attackers with Faster CDR

Organizations modernizing applications in the cloud find themselves drowning in vulnerabilities and security alerts. With too much noise and not enough time, teams need a better way to prioritize and address real risks to stay ahead of threats.

Join Sysdig for a discussion of how to boost your software supply chain security and address risk from development through production.

In this session we’ll cover:

-The latest cloud-native security risks and challenges

-How to better prioritize vulnerabilities and misconfigurations

-Using runtime signals to reduce AppSec noise up to 95%

-Detecting active cloud risk to protect against cyberattacks

-Improving outcomes with AppSec tools like Snyk, Checkmarx, and Docker

Fix What Matters First: Bridging Code and Cloud Security

Many organizations value speed and agility, which makes the cloud attractive. However, bad actors are weaponizing cloud automation and public access points to launch attacks in as little as ten minutes. In a constantly evolving arms race, generative AI is the next frontier that security teams must embrace to speed analysis and automate their cyber defenses. 

Join us as we discuss the latest in generative AI, debate its merits, and how it can be best used to save you time in risk analysis and improve your defenses. 


We dive into: 
- The impact of AI in cloud security - the good, bad, and ugly
- How to architect gen AI into your security stack
- Protecting your data and privacy when using Gen AI
- Discover how cloud security teams are using gen AI for today

Register now and don’t miss out on this opportunity to get ahead of this fast-moving technology trend. Take back key learnings on how to use gen AI to your advantage in securing your cloud environment in less time and wasted effort.

Generate This: Bringing AI to Cloud Security

In the cloud, two types of risk emerge static, encompassing misconfigurations and policy violations, and active, including user activity, dynamic config changes, and permissions. This tech spotlight will analyze static and active risk to prevent advanced cloud attacks, correlating events to prioritize imminent risks and mitigate real-time threats, and include a live demo showcasing strategies to combat active cloud risk.

Combat Active Cloud Risk in Your Environment

As organizations continue their digital transformation journeys, cloud security landscape is rapidly evolving. This panel discussion delves into the key changes and emerging themes in cloud security from 2023 into 2024, exploring the shifting attack and breach landscape, evolving areas of emphasis for cloud consumers, and the maturation of cloud security programs.

A central theme of the discussion is the convergence in managing cloud security posture, exemplified by the growing prominence of concepts like Cloud-Native Application Protection Platform (CNAPP), Cloud Infrastructure Entitlement Management (CIEM), and Data Security Posture Management (DSPM). Panelists will examine how this convergence is empowering DevOps, cloud engineering, and security teams to collaborate more effectively and integrate security seamlessly into the development pipeline.

Looking ahead, the discussion will explore anticipated changes in controls and services convergence, as well as the evolution of attack models and campaign strategies. Attendees will gain insights into the future direction of cloud security and strategies to navigate emerging threats, ensuring robust protection for cloud environments amidst ongoing digital transformation efforts.

Speakers: 
Anna Belak, Director, Office of Cybersecurity Strategy, Sysdig
Jamie Butler, Head of Runtime Protec. & Resp. Strategy, Sysdig
Microsoft’s Yuri Diogenes and  Preetham Naik

Moderated by Dave Shackleford, SANS Fellow

SANS CyberFest 2024 Keynote Panel: Cloud Security with Sysdig and Microsoft

Threat actors can execute modern cloud attacks in under 10 minutes. This is faster than it takes some SIEM queries to return results. Meanwhile, legacy EDR/XDR tooling lacks the  visibility and cloud context required to investigate and respond to attacks with the speed and precision the cloud demands.  

Rest assured, it's not all doom and gloom. Sysdig is changing the Cloud Detection and Response (CDR) game. Powered by Falco, anchored in runtime insights and purpose built for the cloud, Sysdig empowers security teams to efficiently investigate and combat both known and unknown cloud threats. 

But don’t take our word for it. Join us for an interactive deminar experience where we’ll showcase how Sysdig accelerates investigations for security and platform teams. Effectively combating modern cloud attacks at cloud speed is now well within reach.

5-Minute Cloud Security Investigations in Action

Cloud Security

Active risk

Threat Detection

AIOps

Investigations

Containers

Forensics

Kubernetes

Are you an IT service management professional interested in developing your knowledge and improving your job performance? Join the IT service management community to access the latest updates from industry experts. Learn and share insights related to IT service management (ITSM) including topics such as the service desk, service catalog, problem and incident management, ITIL v4 and more. Engage with industry experts on current best practices and participate in active discussions that address the needs and challenges of the ITSM community.

IT Service Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Practicing business intelligence allows your company to transform raw data into sets of insights for targeted business growth. The business intelligence and analytics community on BrightTALK is made up of thousands of data scientists, database administrators, business analysts and other data professionals. Find relevant webinars and videos on business analytics, business intelligence, data analysis and more presented by recognized thought leaders. Join the conversation by participating in live webinars and round table discussions.

Business Intelligence and Analytics

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

Network infrastructure professionals understand that a reliable and secure infrastructure is crucial to enabling business execution. Join the network infrastructure community to interact with thousands of IT professionals. Browse hundreds of on-demand and live webinars and videos to learn about the latest trends in network computing, SDN, WAN optimization and more.

Network Infrastructure

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

5-Minute Cloud Security Investigations in Action

Presented by

About this talk

More from this channel