Cloud Security Summit

In this fireside chat, SecurityWeek editor-at-large Ryan Naraine chats with Forgepoint Capital managing director William Lin about investments and innovation in the cybersecurity ecosystem. Lin will discuss the trends worth watching, the state of play with venture capital investments, and his own tips for finding successful entrepreneurs.

Most security tools battle cyber threats using the tried-and-true method of rules-based detection. But this industry standard has its limitations. What if, instead of endlessly writing (and maintaining) rules to identify bad actors and irregularities, we could base security on the normal, healthy operations of an environment? This session will explore how a new approach to anomaly-based threat detection is driving fundamentally better security outcomes while streamlining investigations.

Please visit our sponsor booths and explore the virtual conference center to compete for great prizes!

An astonishing 98% of 200 organizations recently reported a cloud data breach in the past 18 months... and 63% had their sensitive data exposed in the cloud [IDC 2021]. What’s the cause -- and who needs to fix it?

Sorry folks, but Gartner puts responsibility for cloud infrastructure security squarely at your feet, citing mismanaged identities, access and privileges as the root cause of failure.

The most effective way to reduce such risk is through an identity-first approach. We will cover:
• Shared responsibility and CSP native security tools
• Managing asset inventory with deep context
• Managing cloud security posture
• Automating risk mitigation and least privilege
• Anomaly detection across multi-cloud and more

Whether you are formally regulated or are simply looking to demonstrate your commitment to security and governance with best practice guidance, infrastructure and platform as a service offerings provide unique governance challenges. These platforms offer a wide array of services each with their own security controls that must be continuously tested against a trusted standard. At the same time public cloud platforms also host more traditional services like virtual machines, containers, and storage buckets. Here risks like old unpatched software (and hence vulnerabilities), sloppy credentials embedded in a test script, misplaced PII, or keys that facilitate lateral movement are hiding within your workloads.

Join this session as we discuss how to build fully-functional compliance guardrails at both the deep workload and broad cloud services levels with a single, simple approach.

Cloud means more services to monitor, a wider attack surface, and more tools, leading to blindspots. In fact, lack of visibility in a cloud environment is what contributed to the infamous Capital One AWS breach in 2019.

You’ll learn practical tips you can apply to your cloud security strategy to combat rising threats, including:

• What log sources are most important to monitor to identify indicators of attacker techniques early and respond quickly to contain a breach
• Why misconfigurations occur, how they can lead to data breaches, and what you should do to detect them
• How cloud monitoring differs from monitoring on-premises environments like Microsoft Active Directory

Please visit our sponsor booths and explore the virtual conference center to compete for great prizes!

We invite you to join Lacework's Field CTO Chris Pedigo as he discusses security in the cloud and how Lacework solves some of the cybersecurity challenges facing companies today.

Everyone is moving to the cloud, faster than planned. Most organizations have their sights on adopting a multi and/or hybrid cloud strategy this year. Yet, 75% of cloud security breaches are expected to result from inadequate management of identities, access, and privileges by 2023, according to Gartner.

So how do you protect your growing multi cloud infrastructure? AWS alone currently offers some 258 services and involves 9,286 total permissions. Remote work is adding to identities and permissions explosion -- increasing access risk. Securing and governing access is further compounded by the fact that each public cloud has its own way of managing permissions and privileges.

Join Ermetic’s Or Priel, VP Product Management, for a better understanding of managing identities, permissions and privileges in AWS and Azure.

We will explore:
• AWS IAM roles and policies and Azure RBAC
• Strategies for enforcing least privilege with confidence
• Governing access and protecting sensitive resources
• Mitigating multi cloud risk using automation and analytics

While the modern security program is framed through the lens of the NIST (National Institute of Standards and Technology) framework -- Identify, Protect, Detect, Respond and Recover -- the dramatic migration to the cloud has greatly expanded attack surfaces and introduced a new set of priorities for enterprise CISOs.

In this session, a distinguished panel of enterprise defenders will look closely at how digital transformation (work-from home during the pandemic) introduced new risks and forced significant changes to budgets and resources to manage multi-cloud deployments at scale.

The panel will examine a broad range of topics, including cloud asset discovery and management, identity management and multi-factor authentication, the ‘shift-left’ world of DevSecOps, expanding zero-trust concepts for cloud data, and managing things like alert and dashboard fatigue.

Attendees can expect an engaging conversation with actionable guidance for modernizing the enterprise security program.