Name: How to use eBPF telemetry for Linux security detections
Start: 2023-08-14T21:56:00Z
End: 2023-08-14T21:56:50.000Z
Location: BrightTALK
Rating: 0

Secure cloud, containers, and endpoints with one unified solution. Find and remove critical risks in your modern attack surface—from laptops to containers—all from a single UI and data model.

“Devoutly agentless” cloud security vendors are reversing course and touting agent-based security — what’s really going on?

In an Enterprise Strategy Group (ESG) survey about the challenges of marrying security tools from multiple vendors, 46% of respondents cited a “strain on their organization’s resources.”

Watch ESG’s leading endpoint and cloud security analysts, Melinda Marks and Dave Gruber, along with Kevin Paige, Uptycs’ CISO and 3X customer, as we dive into market dynamics, challenges, and solutions for securing your modern attack surface.

Less Drama, Better Security Data: Unifying Your Cloud and EDR Solutions

Cloud computing delivers the benefits of accelerated development without the hardware costs. But the dynamic nature of cloud services and the proprietary security features offered by different cloud service providers make it challenging for customers to manage the risks and to be sure they are meeting security and compliance obligations. Most organizations need some form of guardrails and ways to respond to suspicious behavior.

Join cloud security experts from KuppingerCole Analysts and Uptycs as they discuss the challenges of the shared responsibility model for cloud security and compliance, examine the range of ways available for dealing with the problem, and consider the benefits of cloud security posture management (CSPM) and cloud-native application protection platform.

Mike Small, Senior Analyst at KuppingerCole will describe the major risks in the way organizations use cloud services. He will also explain why cloud services need dynamic rather than static controls, list the tools that aim to manage these risks, and outline what to expect from a CSPM solution.

Andre Rall, Director of Cloud Security at Uptycs will describe the benefits of integrating security insights, of standardizing controls and policies, of taking charge of third-party code and resources, and of removing silos by using a single platform, data model, and user interface.

Cloud Security Early Warning Systems: From CSPM to CNAPP

Want to defend your cloud and connected assets from threat actors? Then start thinking like one.

But the knowledge of what attackers are doing—plus what their targets are and how to secure them—is hard without a unified view.

Join the Uptycs team of cybersecurity experts as they teach you how to think like a threat actor in the cloud. In this session, we'll share real examples of malicious activity detected and why it's so easy for attackers to exploit your infrastructure.

Attendees will walk away with knowledge on how to:

Identify misconfigurations, discover permissions gaps, and minimize potential privilege exploitation
Gain better insight into your data and API logs to detect suspicious activity
Develop a cloud security strategy that extends into your container environment 

Ready to learn how to think like a threat actor in the cloud?

How (and why) to think like a threat actor in the cloud

Zach Wasserman shows how osquery data can enable vulnerability detection when combined with public data from NIST’s NVD and OVAL repositories.

In this session, Zach Wasserman, Co-Founder & CTO of Fleet, talks about how osquery data can enable vulnerability detection when combined with public data from NIST’s NVD and OVAL repositories. Zach demonstrates the deep potential for osquery when applied to vulnerability management at scale. He outlines two key approaches to the problem of vulnerability management–inventory and investigation. Consolidating agents has long been a promise of osquery. Learn how osquery becomes a more fully-featured replacement for the traditional vulnerability scanner.
Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.

Vulnerability Management at Scale with Osquery

In this session, Uma Unni will explain how Stripe uses osquery to validate the secure configurations on developers' machines in real time before granting them access to sensitive resources.

Your application developers work with your company's most valuable intellectual property and have access to your most sensitive systems. What's the expectation of how their laptops are configured, and how can you ensure that your developers' machines are securely configured before they access critical resources? In this session, Uma Unni will explain how Stripe uses osquery to validate the secure configurations on developers' machines in real time before granting them access to sensitive resources.

Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.

Ew, don’t touch me with that laptop! Implementing zero-trust controls

In this session Uma Reddy, Chief Product Officer and Anadi Sharma, Principal Software Engineer, from Uptycs, explain how Uptycs extended osquery functionality by adding Java software information for finding vulnerabilities in their fleet. They demonstrate how Uptycs responded to some recent vulnerabilities in libraries like Log4j and the Spring Framework using these osquery extensions to sleuth out the vulnerabilities in their own environment and share the extended functionality with the community.
Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.

Using Osquery Extension to Detect Java Vulnerabilities at Scale

Threat actors quantify the time and expense required to attack your organization. Security Operations teams ought to be able to do the same through threat modeling and appropriate controls. Thanks to osquery-powered visibility, SEI was able to quantify the value of its security operations. The SEI team uses osquery at scale to assess what threats they have faced in the past, are facing, and are likely to face in the future. Osquery also plays an important role in helping the SEI team to develop controls for those threats.
Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.

Using Endpoint Telemetry to Quantify Your Security Operations Risk

In this session Raja Jasper, SOC Manager at a financial institution and Saurabh Wadhwa, a Senior Solutions Engineer at Uptycs, discuss how to use osquery and MITRE ATT&CK to build sophisticated detections based on behavior, rather than IOCs. Detections based on behaviors tell a story and provide analysts a lot more context, plus they are more troublesome for attackers to avoid. Osquery gathers the endpoint telemetry needed to build these types of detections. Raja and Saurabh demonstrate how to use osquery to build a behavior-based detection using Emotet malware as an example.

Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.

The Scientific Method to Picking Apart a Detection

In this session Nabil Schear, Staff Security Engineer at Netflix, talks about how Netflix uses osquery. Netflix operates one of the largest AWS deployments in the world to power their streaming service, studio, and other business operations. This complex deployment spans thousands of microservice and data processing applications running on a mix of EC2 instances and containers running on the Titus platform. Since 2019, Netflix has used osquery to understand their large environment, respond to security incidents, and unlock cost savings. Nabil explains how Netflix deployed Osquery while minimizing the burden of operating it on a large scale. He wraps up with some examples of the breadth of different challenges that they have been able to solve using osquery and how they are thinking about it in the future.
Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.

Netflix and Not-So-Chill: Monitoring Millions of Workloads

In this session Ben Pruce, Engineering Manager from HashiCorp, describes how the open-source osquery project helped his security team gain visibility across the business’ diverse infrastructure and simplify some of their threat detection. Using osquery and other open-source software, Hashicorp was able to standardize images across teams, minimize instance lifespans, and set up centralized log collection. The combination of these strategies made it easier to spot anomalous activity and more difficult for attackers to hide their behavior.
Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.

Build Fast and Die Young: A strategy for pushing attackers to get loud

Watch the video to see Andrew Mease, Senior Principal Security Engineer at Comcast discuss their response to big vulnerabilities like Log4Shell and Spring4Shell.

In this session Andrew Mease, Senior Principal Security Engineer at Comcast, talks about how osquery has helped the Comcast security team solve some key issues in recent months by enhancing visibility. Learn how Comcast responded to big vulnerabilities like Log4Shell and Spring4Shell. You know that visibility is key; now see if osquery can help you improve, no matter what your current posture might be.

Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.

Visibility is Key:  Comcast Talk on Vulnerabilities like Log4Shell

In the era of rapid technological advancement, artificial intelligence (AI) is reshaping our world. But what about the biases hidden within AI systems? 

Are we aware of the implications they have on our lives? How does bias get encoded in AI in the first place?

Join us for a discussion with George Kamide, host of the thought-provoking Bare Knuckles & Brass Tacks Podcast, for a captivating discussion on bias in AI.

Bias in AI

The golden thread ties rich security data across your developer laptops, source code repositories, identity providers, and into your cloud infrastructure - all within a single platform and data model. This correlation across attack surfaces serves as an early warning system to protect your environment before it’s too late. 

When a threat actor compromises a laptop or source code repository as an entry point, reducing time to detection is vital to carving out malicious files and blocking further lateral movement. With Uptycs support for SaaS (Github) and identity (Okta) providers, coverage is extended across the entire development lifecycle to provide end to end detection from laptop to cloud. 

Join Crystal Poenisch, Senior PMM for Cloud Security, and Andre Rall, Director of Cloud Security, to learn how to weave the golden thread throughout your environment and identify malicious activity early. Together, we’ll walk through a golden thread that correlates a hacker's activity from a developer's laptop as they enumerate credentials and continue hunting for crown jewels through Github, Okta, and eventually AWS.

Threat Correlation from Laptop to Cloud

Modern cyber attacks are on the rise, and attackers are targeting the development process itself. The reason: developer laptops often operate in an insecure environment, and their repositories and templates are inadequately protected.

So… how can we continue to unify #DevSecOps teams, and protect the entire app dev pipeline?

Join us for an exclusive live panel discussion featuring cloud expert and author, Lee Atchison, an authority in securing the pipeline.

Secure Your App Dev Pipelines From Laptop to Cloud

Cybersecurity is a requirement for every company in the world regardless of size or industry. And that’s a fact! 

But… if you’re looking to get your own business off the group, where do you start with cybersecurity? 

This week on Cybersecurity Standup we’re talking to Chris Castaldo, CISO at Crossbeam and author of “Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit.” 

Chris has written a book that covers “everything a founder, entrepreneur and venture capitalist should know when building a secure company.” Whether you’re brainstorming, in your first round of funding, or looking to level up your whole company–we’ll show you how baking in a strong security posture can transform your startup and drive the value proposition for your target market. 

Stay tuned for more… because there’s something very special about this episode of Cybersecurity Standup!

Cybersecurity for Startups

Ever feel like it’s a constant crisis in cybersecurity? 

Or like the work is never done, and burnout is always on the horizon? 

Cybersecurity is a field full of breaches, threats, and high-stakes situations. That feeling of constant crisis can seep into our everyday lives and impact our mental health in a deep and ongoing way.

Talking about the issue is step one, but help is also available! 

This week, we’re speaking with two experts. Catherine Moore, the founder and CEO of RISE Directory, is a licensed clinical social worker with valuable insights on pursuing career development without burning out. Katrice Gerald is the Head of People at Uptycs and has brilliant perspectives into company culture and authenticity.

Breaches and Burnout: How Cybersecurity Pros Can Prioritize Mental Health

Whew–the superbowl of the cybersecurity world is behind us! Let’s recap, shall we? 

Whether you’re recovering from RSA or still reeling from the FOMO, join us for a lively discussion about key takeaways from RSA Conference 2023 from marketing initiatives to major announcements.

We’ll cover generative AI and speculate on what the industry can expect to see in this area in the near future. We’ll also talk about compliance and the impact of regulations on the industry. And has anyone else been noticing the juxtaposed demand for talent, coupled with the ongoing pattern of layoffs? Let’s discuss what’s happening there, too.

RSA Key Takeaways

Osquery@scale

Security monitoring for containers is tricky. Organizations need to balance the need to detect malicious behavior at the container runtime with the need for efficiency and operational reliability. Enter eBPF. This talk will cover how to use eBPF to extract kernel-level telemetry for security monitoring purposes, along with real-world applications and best practices.
Check out the other sessions from Osquery@scale, an annual event hosted by Uptycs for the osquery community. This event was held in San Francisco at the Exploratorium in September, 2022. Join us at future events to learn how security leaders and practitioners from Financial Services, Telco, SaaS, Hi-Tech, and other industries use osquery to manage security risks at scale.

How to use eBPF telemetry for Linux security detections

osquery

eBPF

Cyber Security

Cloud Security

Endpoint Security

Security

SecOps

Information Security

Monitoring

Security Management

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

How to use eBPF telemetry for Linux security detections

Presented by

About this talk

More from this channel