Cloud security best practices for multi-cloud: Beyond native tools

Today it is almost considered negligent to wait for an alert from IDS/IPS, firewalls, NAC, and endpoint security products before taking action. For years some of us who ha e been in the industry for a while have engaged in operations where we go out into the environment and actively look for threats to hand off to the IR team to eradicate. Enter the world of threat hunting. We will side step any product marketing and dig deep into what threat hunting actually is. The second half of this webinar will consist of demo of some technical threat hunting operations that anyone can practice sharpening their hunt skills.

Kubernetes is fundamentally a complex system with lots of different potential attack vectors aimed at data theft, currency mining and other threats. Liz Rice, a renowned technology evangelist, will take us through an overview of the current state of security-related features in Kubernetes, and offer directional starting points on how to secure Kubernetes components and the applications that run on top of these Kubernetes components. Brice Fernandes, software engineer and entrepreneur at Weaveworks, will then demonstrate how you can build a secure and reliable Kubernetes deployment pipeline with GitOps best practices, separating the responsibility between packaging software and releasing it to a production environment.

According to Gartner, the application layer contains 90% of all vulnerabilities. However, do security experts and developers know what’s happening underneath the application layer? Organizations are aware they cannot afford to let potential system flaws or weaknesses in applications be exploited, but knowing the distinctions between these weaknesses can make all the difference in removing them successfully. During this webinar, Jim Jastrzebski of CA Veracode will discuss how to identify risk factors within your application landscape and share his approach to helping security and development teams address them efficiently. Learn about the methods and solutions attackers typically rely on to perform application vulnerability discovery and compromise, and hear how organizations rely on application security technology and services to gain visibility into their overall landscape—and act upon it in the right way.

The MITRE ATT&CK framework is quickly growing in popularity as an effective method to get on the offense of threat detection and response. In this webinar, presenters go beyond definitions and demonstrate how to apply the MITRE ATT&CK framework to your security monitoring. Paul Asadoorian and Matt Alderman of Security Weekly provide an overview of the MITRE ATT&CK framework, discuss how to prioritize the capabilities of the framework, and review some of the existing open source tools for testing/mapping to MITRE.