Cloud Security Summit

Identity has played a role in crime throughout the history of the world and it's no surprise that identity plays a major role in cybercrime. In fact, identity-based attacks are the leading cause of breaches today. Organizations that leverage an identity-first approach to security are far more prepared to protect themselves in today's business environment. Join this session to learn how you can adopt an identity-first approach to security to protect your organization against today's identity-based attacks.

In this session, Ivan Melia, Senior Product Manager at Prisma Cloud by Palo Alto Networks, will discuss cloud and application security best practices with a closer look at most common attacks and runtime level protection. He will address risks and countermeasure techniques to protect applications in their lifecycle, covering build, deploy and run phases.

Please visit our sponsor booths and explore the virtual conference center to compete for great prizes!

With the shift to the cloud, behaviors have changed along with the lines between privileged and non-privileged activity. With the increase in pace and scale and speeds and feeds, the ability to control outcomes has become difficult. What risks do these changes pose to your business, and how can Saviynt help solve these challenges? In this session, Rob McAloon Saviynt's Director of Strategic Technology discusses with Chris Owen, the Director of Product Management, why and how the cloud transformation has changed identity strategies and what you should do to ensure the security of your environment.

As organizations invest more in cloud, a Cloud Security Posture Management platform (CSPM) becomes a critical part of security strategy. While these platforms provide the broad visibility needed to secure cloud environments, this increased volume of data often includes an overwhelming amount of alerts. Sifting through each one, every day, isn't feasible or sustainable—automation is needed to help teams stay ahead of risks and respond faster. The challenge is knowing what to automate, and how to do it right. It's easy to become lost in strategy recommendations just figuring out where to start and what tools to incorporate. Or far more daunting, determining who in the organization has the skillset to develop the automations. Torq is a no-code automation platform designed to help security teams operate at the speed and scale of cloud threats, with no need for developer support. In as little as a few hours, anyone can create powerful workflow automations to cut through CSPM alert noise and address critical issues. The secret to making it work is our template library. These pre-built elements comprise everything from individual steps and logical operators to complete workflows across multiple services.

Join us for this session as we discuss:

• Common patterns in CSPM alerts and suggested remediations
• How to plan your automation strategy and build your roadmap
• Workflow templates in Torq that offer immediate value for your existing CSPM investments

What happens when thousands of organizations start a cloud expansion journey at the same time? You would be interested to know what worked and what didn’t, right? The Prisma Cloud team at Palo Alto Networks was curious enough to survey 3,000 professionals about their cloud adoption experiences, cloud native security strategies, and best practices. Join this session as Jason Williams, a product marketing manager at Palo Alto Networks, to learn about: Key cloud adoption and risk trends Strategic and tactical decisions that worked [and did not work] during rapid cloud expansions

Hiring security professionals with the skills to keep up with evolving threats is a never-ending battle against resources and time. Although due to a global cybersecurity talent shortage, hiring for skill isn't always an option. Organizations must instead unlock their greatest resource — their people. Building a vigilant workforce starts by understanding your team's capabilities. After this assessment, you can create a plan to close skill gaps and improve the way your organization responds to threats. In this session, we explore several ways Skillsoft build's a vigilant global workforce that helps reduce risk while increasing our confidence in responding to emerging threats.

Securing your cloud infrastructure is not the same as securing your on-prem environment, and treating them the same is a fatal flaw. When securing on-prem environments, ensuring that the network perimeter is secured and that your users have the appropriate level of permissions in place was enough. With the move to the cloud, we shift our focus from simply identifying users and their permissions, to identifying the potential exploitation of these permissions in both human and resource-based identities. In this session Sonrai Security’s Principal Security Engineer, Tina Caldarone, will dive into:

• Identity: How to identify and inventory all identities, both human and resource-based identities.
• Monitoring: Why right-sizing permissions at a point in time isn’t enough, emphasizing the need to dynamically review and monitor, and right-size effective permissions.
• Context and Prioritization: Prioritizing issues to enable efficient remediation.

Email is both a necessary communication medium, and the most vulnerable area for an attack. Year after year, adversaries find success in abusing email to gain a foothold into an organization—deploying malware, leaking valuable data, or stealing millions of dollars. Unfortunately, email threats are only growing in number. Business email compromise accounts for 35% of all losses to cybercrime, and the Verizon Data Breach Investigations Report holds that phishing remains the top entry point for breaches—a position it has held for years. Does that mean email is doomed, and we should give up? Quite the opposite. But the shift to cloud email requires one major thing: a shift to cloud email security.

Attend the Abnormal Security session for answers to your most pressing questions, including:

• What are modern email threats, and how are they different from legacy attacks?
• Which email threats are most concerning, and how can we defend against them in the cloud environment?
• Which technical capabilities are required when protecting cloud email?
• How can cloud email security platforms detect the most dangerous attacks?

Join us for a compelling fireside chat with Aanchal Gupta, Corporate Vice President, Azure and M365 Security at Microsoft. In this interview with SecurityWeek Editor-at-Large Ryan Naraine, Aanchal will discuss Microsoft's security response mission and priorities, the CISO's decision-making process, and best practices for securing public and private cloud deployments.