Name: Catch Me If You Can: Uncovering Malicious Behavior in Container Images
Start: 2024-05-30T16:00:00Z
End: 2024-05-30T16:00:23.000Z
Location: BrightTALK
Rating: 5

Your home for everything cloud native! Learn how you can see and stop threats across every phase of your software development lifecycle, from code to cloud and back. Here you'll find video content on topics, including but not limited to: Cloud Native Application Protection Platform (CNAPP) Security, Cloud Security Posture Management (CSPM), Software Supply Chain Security, Vulnerability and Risk Scanning, Advanced Malware Protection, Cloud Workload Protection (CWPP)
Kubernetes Security Posture Management (KSPM) & more! 

In the realm of cloud native security, myths and misconceptions often lead organizations astray, jeopardizing the integrity of their cloud environments. Join us for an informative webinar as we uncover the truth behind some of the most prevalent cloud native security myths and unveil strategies for fortifying your cloud infrastructure.

From debunking the misconception that a specific cloud native security strategy isn't necessary to shedding light on the limitations of traditional security tools, this webinar will challenge common assumptions and provide practical insights to enhance your cloud security posture.

Join us for an expert discussion filled with real-world examples and expert insights. Don't miss out on this opportunity to separate fact from fiction and empower your organization with the knowledge to navigate the cloud native landscape securely.

Register now to secure your spot!

Top 7 Cloud Native Security Myths Debunked

HeadCrab is a highly elusive and sophisticated malware created by an advanced threat actor who utilized custom-made Redis Modules and APIs to build a full-scale malicious framework. Since 2021, the highly advanced malware has deployed several highly technical novel techniques which allowed it to infiltrate servers worldwide. It was evident that the threat actor made operational security a top priority, with several hiding techniques including specifically bypassing security solutions.

In this session, we will share with you a rare and fascinating story of the attack, the tactics we employed to communicate with the attacker, and our technical analysis of both the malware and the persistent tool. We will delve into the malware's 50+ malicious capabilities, including its use of custom Redis commands as communication methods, overwriting Redis commands to avoid detection and fileless attacks to remain hidden. We will also disclose never-before-seen information about a new variant of the malware and the changes the threat actor made to avoid detection.

Furthermore, we will walk you through our investigation of the command-and-control infrastructure of both variants, which led to the discovery that over 2,000 compromised servers were being used as a botnet to help the attacker stay anonymous.

Join us for a captivating and insightful session, getting a glimpse into this advanced operation and the mind behind it.

Key Takeaways:

HeadCrab Sophistication: How this advanced malware was crafted with custom tools for stealthy operations. Evasion Techniques: Insights into the unique methods used to evade detection and maintain a low profile on infected servers. Global Impact: Learn about the extensive reach of HeadCrab malware, which commandeered a botnet of over 2,000 servers, showcasing its capacity as a pervasive cybersecurity threat.

REDIScovering Headcrab - Analysis of a Novel Malware and the Mind Behind It

The second part of our series shifts focus to the detection of threats within the cloud native runtime environment. In this session, we’ll explore advanced methodologies essential for real-time threat detection, with a focus on minimizing time to detection.  

You will learn about the unique architecture of containerized environments and why they require a different level of advanced security. We’ll provide insights into the latest advancements and best practices in monitoring and detecting cloud native threats without impacting system performance. The session will dive into the importance of understanding what signs and signals to look for in a potential breach and how to tailor detection capabilities effectively to cloud native architectures.  

By attending, you will be equipped with the knowledge to implement state-of-the-art threat detection systems in your cloud native environment.

Blinders Off: Synergetic Security in Cloud Native Applications

In this opening session, we establish the foundation of runtime security within cloud native environments. Together, we’ll discuss key concepts, including the architecture of cloud native systems and the unique security challenges they pose.  

The session will provide a detailed overview of the current threat landscape, focusing on the types of threats that are specific to cloud native, such as HeadCrab, Kinsing and others. We will discuss the role of runtime security in this context and introduce the work of Nautilus, Aqua Security’s dedicated cloud native research team, a pivotal force in creating a more secure digital universe for all. 

Join us to gain essential knowledge on building a robust security posture at runtime, how to build proactive measures and the importance of well-architected security strategies.

Unbreakable Cloud: Building the Foundation for Runtime Security

Join Assaf and Moshe as they explore the intersection of CISO expertise and research in the realm of cloud native environments. Moshe, a CISO at a leading cloud native company, discusses the unique challenges and solutions in cloud native security, highlighting the synergy between his team and world-class researchers.

Dive into an overview of cloud native technology, its adoption benefits, and the expanded threat landscape it introduces. Assaf, from Team Nautilus, Aqua Security’s research team, will share insights into unknown cloud threats, vulnerabilities in developer tools, and the role of honeypots in detecting attacks.

The session concludes with Moshe applying these research findings to practical security strategies, emphasizing the role of DevSecOps and the importance of learning from real-world incidents. This webinar offers a blend of expert insights and actionable strategies for enhancing security in cloud-native technology.

A Symbiotic Journey of CISO Expertise and Researcher Insight in Cloud Native

In December 2021, the Log4j vulnerability crashed onto the scene, spoiling the holiday mood for security pros around the globe. Its profound impact on IT environments has called for a fundamental shift in how organizations think about their security strategies. Two years later, it is still on CISOs’ minds. This begs the question, “Have organizations fortified their defenses against the next potential Log4j?” 

Amid the escalating cat-and-mouse game with attackers, Log4j has put the spotlight on the significance of robust runtime security. In this fireside chat with Jake Meloche, Solution Architect at Aqua and Erin Stephan, Principal Product Marketer at Aqua, we’ll delve into the invaluable lessons organizations can learn from the Log4j incident. We will show how Aqua successfully guided its customers through the storm and why prioritizing runtime security is absolutely critical for protecting against similar zero-day threats that are yet to hit.  

Key takeaways you can expect: 
• Ongoing concerns of CISOs worldwide: Understand why CISOs across the globe remain vigilant about the persistent threat of the Log4j vulnerability. 

• Real-life enterprise experience: Uncover how some of the world’s largest organizations handled the Log4 incident and what they learned along the way. 

• Prioritizing runtime security: In the ever-evolving landscape of zero-day vulnerabilities, learn why runtime controls play a pivotal role in a zero-day defense strategy.  

•Actionable advice: Gain insights into protecting your organization from zero-day threats and explore how drift prevention can elevate your runtime security game.

Log4j Lessons Learned: A Blueprint for Zero-Day Defense

As organizations increasingly migrate their workloads to the cloud, the question of security becomes paramount. Many are left wondering how to effectively protect their multi-cloud workloads from ever evolving and prominent cybersecurity threats. "Mastering Cloud Security: An Introduction to Workload Protection" will discuss the key components of a cloud workload protection solution, focusing on the unique capabilities needed to safeguard workloads against current and emerging threats.

Key Takeaways:
• Understanding the unique challenges of cloud workload security
• A breakdown of critical workload protection capabilities
• Learn about effective protection strategies including behavioral detection techniques, drift prevention, and malware protection
• Practical guidelines for implementing a robust cloud workload protection strategy

Join us for this in-depth look into cloud workload protection and arm yourself with the knowledge and tools needed to safeguard your organization's multi and hybrid cloud environments. Whether you are a seasoned security professional or new to the field, this webinar will offer valuable insights for anyone invested in securing their cloud native applications.

Fortify Your Cloud Journey: Mastering Workload Protection

Containers as a service, like AWS Fargate, have proven to be a valuable mechanism for DevOps teams to build and deploy complex applications at scale. By removing the need for infrastructure management and security, customers can also reduce development costs using AWS Fargate with Amazon EKS.

However, customers are still responsible for runtime security, and ensuring that the code and applications that run on the containers are secured.

In this webinar, we will cover how customers can more easily automate and take advantage of AWS Fargate services to speed the delivery cycle, while still ensuring that security teams could enforce risk mitigation controls that would not disrupt the application’s availability, including.

•Integrating security and assurance into the Fargate container build process 
•Automating assurance policies that prevent non-compliant and unregistered images running 
•Monitoring processes that Fargate containers run, assessing them against policies, and enforcing networking segmentation to prevent container breakouts 
•Blocking unauthorized activities and zero day attacks without stopping all container processes

Security and Assurance for AWS Fargate Containers - A How-To Session

In this session, we'll explore the growing challenges faced by security and risk professionals in managing and securing cloud workloads and discuss effective strategies to mitigate these risks.

Managing cloud security risk has become increasingly complex, with security professionals struggling to keep up with the never-ending list of security alerts and siloed tools across their multi-cloud environments. Traditional CSPM approaches often fall short in providing real-time visibility and context necessary to understand and address cloud security risks effectively.

We’ll explore the key pain points associated with cloud security and highlight actionable solutions to overcome these challenges. Discover how real-time visibility provides the context, clarity and confidence you need to accurately identify cloud security risks, prioritize remediation efforts, and reduce noise by aggregating findings. 

By attending this session, you'll:

• Understand the evolving challenges in managing and securing cloud workloads
• Explore strategies to achieve real-time visibility and effective risk management
• Learn how to prioritize and remediate critical cloud security issues efficiently
• Discover techniques to unify cloud security across the application lifecycle
• Gain insights into achieving regulatory compliance in cloud environments

Cloud Security Explained | Code-To-Cloud and Back Webinar Series

As cloud computing continues to reshape the modern IT landscape, the approach to cloud security must also undergo a seismic shift. Over the years, cloud security posture management (CSPM) has undergone a remarkable transformation, adapting to the ever-changing needs of cloud-native environments.

Join us as we embark on a journey to trace the evolution of CSPM from inception to its cutting-edge state today. In this webinar, we will dive into the evolution of CSPM, exploring the beginnings of the solution, the challenges it aimed to address, and why agentless-only scanning no longer provides real cloud security. Throughout this session, we will analyze the pivotal milestones that have shaped the evolution of CSPM, from basic configuration checks to sophisticated behavioral threat detection and beyond. Then, we'll speculate on what the future holds and how CSPM can keep evolving to address future cloud and cloud-native security challenges.
Key highlights of the webinar:
• The genesis of CSPM: Understanding its origins and initial motivations.
• Evolutionary stages: A comprehensive overview of CSPM's development over the years
• Key challenges and solutions: Examining the pain points CSPM has tackled along the way
• Advanced CSPM capabilities: Understanding the latest innovations driving CSPM effectiveness
• The future of CSPM: Predicting the trajectory and upcoming trends in cloud and cloud-native security

The Evolution of Cloud Security Posture Management (CSPM)

In this session, we'll address the critical pain points and challenges faced by developers and DevOps professionals in ensuring the security of their software development practices. 

Learn how to fortify your software supply chain and effectively manage third-party risks and open-source vulnerabilities. Gain insights into integrating security practices seamlessly into your CI/CD pipeline, enabling you to identify and remediate vulnerabilities in container images early in the development lifecycle. Elevate your container security through advanced container analysis, ensuring compliance and detecting embedded vulnerabilities in your deployments.

By attending this session, you will learn how to:
• Strengthen your software development practices with industry-leading approaches
• Secure your software supply chain and mitigate third-party risks
• Integrate security seamlessly into your CI/CD pipeline for continuous protection
• Enhance container security through advanced analysis and compliance enforcement

Dev Security Explained | Code-to-Cloud and Back Webinar Series

In today's dynamic and ever-evolving technology landscape, organizations are rapidly embracing cloud-native architectures to drive innovation and scalability. However, this shift introduces new security challenges that need to be addressed.

During this session, our expert speakers will guide you through the fundamentals of CNAPP and its crucial role in securing your cloud-native applications. We will explore the unique security requirements and pain points that arise when deploying applications in a cloud-native environment. From containerization to microservices, we will discuss the key vulnerabilities and risks that need to be mitigated.

You will gain insights into how a CNAPP enables seamless collaboration across teams, eliminates cloud native blind spots with true holistic visibility, and prevents successful attacks using one source of truth across the entire software development lifecycle (SDLC) that is only available from a platform solution.

CNAPP Explained | Code-to-Cloud and Back Webinar Series

Cloud attacks happen in seconds and are designed specifically to evade agentless detection. Traditional CSPM solutions can only provide partial visibility and fail to alert security professionals of their true cloud security risks. In this event, you’ll see first-hand how Aqua’s unique approach goes beyond point-in-time snapshot scanning to provide real-time visibility for a complete risk assessment of your multi-cloud environments. With complete visibility and high-fidelity risk detection, you have better context to prioritize what’s most important, without the manual task of sifting through the noise of ever-mounting alerts.

A few main takeaways:

How 52% of cloud native attacks evade agentless detection
Real-time risk visibility into fileless and in-memory attacks
Cloud Service Provider cost control (snapshot scanning adds up)

This industry-first solution delivers on the promise of real-time cloud security, outperforming traditional CSPM solutions and providing 100% visibility into 100% of the problem, eliminating the frustration that comes with legacy CSPM.

Real-Time CSPM: Cloud Security Starts with Complete Visibility

Despite having robust code scanning, software supply chains are being compromised through attacks targeting developer tools. How do these attacks evade traditional security checks, and what’s the impact downstream in production?

In this session, you’ll learn how to apply security throughout the entire application lifecycle. This will enable you with the ability to catch and remediate zero-day threats and prevent your development teams from creating attack surface in runtime while maintaining compliance with industry frameworks such as SLSA, NIST SSDF, and CIS Software Supply Chain Benchmark.

You’ll also see eBPF-based pipeline integrity scanning in action. This will allow your development teams can connect with real time context and block suspicious behavior or malware in environments. Providing comprehensive protection against advanced supply chain attacks all within one tool.

Context from Code-Cloud and Back with eBPF powered pipeline integrity scanning

Software supply chain attacks are dramatically on the rise, and data shows a 300% increase year-over-year. Although threats to the software supply chain continue to increase, studies show that security across development environments remains low. So, what can you do?

Join 451 Research and Aqua Security as we discuss the findings of an in-depth end-user study from senior security leaders in large enterprises across the world, share perspectives on the general state of affairs as they relate to application security testing, more specifically the software supply chain and dive into the new capabilities of the Aqua supply chain solution.

In this webinar, you’ll learn:

-The present state of secure application development -Conditions driving change -Current areas of focus for enterprises -How to prevent the next software supply chain attack

Extending the focus of AppSec to securing the Software Supply Chain

Ensuring software integrity is harder than ever given the increasing assembly line complexity of open source dependencies, CI/CD toolchains, infrastructure-as-code and containers that now factor into the software development process. Successful high-profile software supply chain attacks on enterprises along with the new U.S. executive order mandating the use of software bills of materials (SBOMs) are driving organizations to expand security efforts around software development and better secure the software supply chain.

To prevent these attacks, modern development must intelligently leverage SBOMs and the secure software development framework for control of the development process that empowers teams to go faster with inherent security.

Join Aqua, IBM & AWS to learn:

-Compliance for the US Executive Order -Adopting the new guidance from NIST to implement secure development practices -Preventing software supply chain attacks by securing code, enabling shift left security, proactively leveraging SBOMS and ensuring open-source health -The impact of well-implemented supply chain security on process improvements and their financial outcomes

Moving Beyond SBOMS To Secure The Software Supply Chain

The heavy reliance on third-party components in modern software development has significantly escalated the risk of supply chain attacks. Threat actors frequently exploit public container images to infiltrate organizations and distribute malware, tricking developers into downloading them. While vulnerability scanning provides a strong foundation for robust container security, alone it’s not enough to safeguard your organization against advanced threats.

In this video, we'll be showcasing how patented Dynamic Threat Analysis (DTA) empowers DevSecOps teams to check runtime behavior of their container images before deployment, preventing malicious threats from infecting running applications. During this session, Ali Mokhtari, Solution Architect at Aqua, and Lena Fuks, Product Marketing Manager at Aqua, will discuss the evolving container threat landscape and demonstrate how DTA can help organizations proactively prevent malware incidents and strengthen their defenses.

Key takeaways you can expect:

• Rising software supply chain threats: Learn how public container images can provide a springboard for launching sophisticated supply chain attacks.

• Real-life enterprise use cases: Hear first-hand from a cloud security expert how DTA, trusted by security teams all over the world, helps leading organizations reduce supply chain risk, simplify forensics and investigation, and improve their overall security posture.

• Unique patented technology: See a live demo to uncover why DTA stands out among container security tools and how it goes beyond traditional malware scanners to catch unknown malicious behavior.

• Practical tips for robust container security: Gain actionable insights based on our experience in helping hundreds of organizations develop and implement effective container security programs.

Catch Me If You Can: Uncovering Malicious Behavior in Container Images

Digital Transformation

Cloud Adoption

Containerization

Containers

Application Security

Application Modernization

Risk Management

Cyber Defense

Cyber Incident Response

Cloud Native

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Join this new, vibrant community to learn and connect with top thought leaders, startups and banks who are disrupting the financial services industry. Keep up with the latest news and trends in Fintech and take part in lively debates on topical issues and challenges.

Fintech

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

Catch Me If You Can: Uncovering Malicious Behavior in Container Images

Presented by

About this talk

More from this channel