Cloud Security Summit

The year 2020 has disclosed an unprecedented amount of compromised data sets, most of which were made freely available to the public within the hacker underground. It is reported that over one trillion sets of usernames, email addresses, and passwords have been released and are leveraged by hacking crews for various malicious purposes. These breaches go as far back as ten years, and include household names, obscure companies, and even underground hacker resources.

Furthermore, advanced toolkits from nation-states are now public domain, whereby any script kiddie can become a shadow government hacking master. Where do these breaches come from? How did they originate? Why did it sometimes take years to discover? What have attackers been doing with the data? What can attackers still do with this data? What can companies and individuals do to protect themselves and each other during these floods of hacked data sets? How dramatically has this shifted the cyber risk landscape? This talk will explore these questions, and discuss ways for enterprises to avoid succumbing to these trending attacks.

Appropriate use of native security controls in Amazon Web Services, Microsoft Azure, and Google Cloud Platform is essential to managing cloud risk (and avoiding a costly breach). However, many organizations struggle with determining when and how to use these native security controls, doing so in a consistent fashion, and also understanding how and when to augment these to ensure continuous security and compliance. Join Thomas Martin (former GE CIO and founder of NephōSec) and Christopher Hertz (VP Cloud Security Sales at Rapid7) for a discussion on:

- How and when to use native cloud security controls
- Why and when you may want to augment these controls
- How to leverage automation to gain continuous security and compliance in public cloud

Please visit our sponsor booths and explore the virtual conference center to compete for great prizes!

The ability to remotely execute code is often the cornerstone of an attack, but bad actors also attempt to reduce their footprint by abusing legitimate credentials combined with network, application and operating system functionality, and new cloud capabilities to remotely access systems and find high risk data.

Patrick Pushor, Technical Evangelist at Orca Security, will explore modern lateral movement threats, mitigation strategies, and examine new vectors with the shift to the cloud while sharing key findings from Orca's 2020 State of Public Cloud Security Report.

Innovation, collaboration, and sharing in digital environments is now easier than ever before, thanks to cloud and SaaS platforms – but at what cost?

Join Nabil Zoldjalali, Darktrace’s Director of Cloud Security, as he uncovers the complexities of protecting cloud and SaaS applications, and find out why the rapid adoption of cloud and SaaS tools across the globe is inadvertently creating a wave of new, stealthy cyber-attacks. Learn why thousands of organizations utilize Cyber AI to safeguard their ever-evolving digital infrastructure and dynamic workforces, as well as real-world threat stories thwarted by Cyber AI.

Not unlike network segmentation today where assets are segmented by zones and regions, to reduce the environments attack surface, cloud environments need to be segmented as well to establish true security in the cloud. However, zones and regions are not concepts that translate to cloud environments, and a new approach and tools are required. This talk will cover how cloud-native security policies can be established, monitored, and managed at scale across multi and hybrid-cloud environments to achieve segmentation and zero trust security posture in public cloud and Kubernetes based workload environments.

Topics covered in this session will include:
- Gaining visibility into Cloud Security Posture (what talks to what, who talks to whom)
- Establishing security policies
- Monitor Compliance of policies continuously in the DevOps pipeline and alerting
- Cloud-native automation for security solutions – they key imperative

Please visit our sponsor booths and explore the virtual conference center to compete for great prizes!

Secure access service edge (SASE) offerings are cloud-delivered platforms that give consistent security across different applications, devices, web destinations, on-premises resources, and infrastructure. To achieve this, these platforms deliver a variety of functionality from complementary security solutions. As organizations operate in our frenetic business world, SASE becomes imperative.

In this session, you will learn:

- Why organizations need SASE
- The key components of SASE offerings
- How SASE architectures impact performance

Join this technical session and see how DivvyCloud protects cloud and container environments from misconfigurations, policy violations, threats, and IAM challenges. This demo covers a basic introduction to how DivvyCloud works and shows you how with automated prevention and real-time remediation, our customers achieve continuous security and compliance.

Join this interactive conversation with Gunter Ollmann, Chief Security Officer (CSO) of Microsoft’s Cloud and AI Security division.