Cybersecurity Archives - Ascent Conference
Cybersecurity

3 Step Approach To Comprehensive Runtime Application Security

Runtime security is critical for addressing the unique security and compliance challenges inherent to cloud native development. Without it, workloads are vulnerable to an extensive array of attack vectors.

Join Ivan and Hari as they discuss cloud and application security trends and risks with a closer look at steps needed to protect workloads across their lifecycle, with focus on the runtime phase. Get an overview of agentless and agent-based security architectures and gain a better understanding of what it takes to prioritize API security within your organization.


Speakers

Hari Srinivasan
Sr. Director, Product Management, Prisma Cloud
Palo Alto Networks
Ivan Melia
Head of Product Marketing, Cloud Workload Protection
Palo Alto Networks

Annual

Converting Cybersecurity From a Cost Center to a Revenue Source

Nov 15th, 2022 @3:00 pm

With great SaaS power comes great responsibility. As of 2022, SaaS is said to be worth over $170 billion and the SaaS industry has increased in size by around 500% over the past seven years. SaaS apps are ruling the world – and now it is time to rule it more securely. SaaS security is based on a shared responsibility model. While preventing DDos or Brute Force attacks may be your responsibility, what a user does with the platform once they’re in may need to be the responsibility of the customer. This shared responsibility model represents an enormous burden for most customers, as they need to manage security across numerous SaaS platforms. SaaS companies have a choice to make: either undertake expensive development to extend their internal security or partner with external cybersecurity providers that will concentrate on security for them through APIs.

In this session, Dror will discuss the financial impact of opening APIs to third party security providers, converting cybersecurity from a cost center to a new revenue stream. Effective security APIs enable 3rd party security providers to provide robust security monitoring and protection without the need to build costly security infrastructure directly into the SaaS applications being protected. As such, offering security through APIs can eliminate software bloat and provide value-added features that can drive revenue.

Dror will map out best practices for SaaS companies to construct security APIs that will ultimately enable third-party security providers to help alleviate the shared responsibility model. He will share battled-tested security API development lessons and tips he has learned from going through integrations with SaaS leaders such as Microsoft, Google, Salesforce, and Dropbox. Specifically, Dror will delve into how to create security APIs for scale across three core areas – Collaboration Controls, Activity Monitoring, and Data Loss Prevention. He will also give examples of how to address Access APIs (e.g. access requests, handshakes, and access approvals/denials), SaaS APIs spanning Collaboration and Content Control (such as file controls, file inspection (including malware, regulatory compliance), and user actions (e.g.logging, suspicious behavior).


Speakers

Dror Liwer
Co-Founder & CMO
Coro

Sponsored by

Cloud Threat Report: IAM the first line of defense

The ongoing transition to cloud platforms has meant that more sensitive data is stored in the cloud, making it more tempting for adversaries to exploit. When it comes to securing the cloud, identity is the first line of defense. Proper identity and access management (IAM) policies are the foundation of comprehensive cloud security principles. To understand how IAM policies affect organizations’ cloud security posture, Unit 42 researchers analyzed 680,000+ identities across 18,000 cloud accounts from 200 different organizations.

The results of our research were shocking – nearly all organizations we analyzed lack the proper IAM management policy controls to remain secure. Misconfigured IAM policies open the door for cloud threat actors. We define a cloud threat actor as “an individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services or embedded metadata.” Cloud threat actors merit a separate definition as they employ a fundamentally different set of tactics, techniques and procedures (TTPs) that are unique to the cloud – such as taking advantage of the ability to perform both lateral movement and privilege escalation operations simultaneously.

Join us to find out about the latest research in overprivileged IAM identities in real-world cloud environments and how cloud threat actors are zeroing in on these excessive permissions to expand their control of cloud environments. Detection and mitigation of these risks are possible, we let you know how!


Speakers

Bob West
CSO
Palo Alto Networks

Sponsored by

Cybersecurity

Mitigating Risk in the Supply Chain: A Comprehensive Approach

Oct 5th, 2022 @12:00 pm

Enterprises face a constant stream of security and resiliency threats, many of which may be attributed to your supply chain and third party ecosystem. The growing challenge of sustaining business operations in this hyper-connected world has created a need for a comprehensive approach to tackling security and risk across the supply chain. Microsoft’s Edna Conway, VP of Security, Risk & Compliance for Microsoft’s cloud infrastructure, and Marene Allison, CISO at Johnson & Johnson, will discuss the importance of public-private partnership and real-world, tangible approaches to address supply chain security and resiliency.


Speakers

Edna Conway
VP, Chief Security & Risk Officer, Azure
Microsoft
Marene Allison
Chief Information Security Officer
Johnson & Johnson

Cybersecurity

Phishing and Account Compromise – Fighting the Social Engineering Threat to Your Organization

Phishing attacks have increased more than 400% in the past 12 months, resulting in organizations experiencing 12.2 incidents each month. However, did you know that a staggering 95% of cybersecurity breaches are successful due to human error?

While Microsoft data centers are protected by state-of-the-art security infrastructure, even such a robust IT infrastructure can’t protect your Microsoft 365 data from human error.

This workshop will cover:

• Understanding how common social engineering tactics have evolved in the era of remote and hybrid work

• Best practices for securing your data and building a successful BCDR (Business Continuity and Disaster Recovery) Plan across hybrid workloads

• Real world war stories from the field protecting servers, Microsoft 365, Salesforce and more to help prepare you for the next attack


Speakers

Shyam Oza
Director of Product Management
Kaseya

Cybersecurity

Web App and API Security Done Right

  •  Today, web apps and APIs are the most common medium for sharing and modifying data. As Web apps and APIs evolve, so does the attack surface.
  • The bottom line is: If you are not adequately protecting your web apps and APIs, you are not adequately protecting your data.
  • Join this session to learn how Prisma Cloud can help secure your critical web applications and APIs on ANY cloud native architecture and the data behind them.


Speakers

Mohit Bhasin
Senior Product Marketing Manager
Palo Alto Networks
Geoff Sindel
Principal Web Application and API Security Architect
Palo Alto Networks

Cybersecurity

Three Critical Factors in Building a Comprehensive Security Awareness Program

Apr 6th, 2022 @4:00 pm

Three key elements form the foundation of a successful awareness education program: knowledge of audiences, pervasive and continuous communication and interactive education on security tactics. Security and risk management leaders should use this research to implement a comprehensive program.

Join Joanna Huisman, SVP of Strategic Insights & Research at KnowBe4, as she shares how your organization can level up your security culture and empower your last line of defense against cyber attacks – your users. She’ll go over key challenges such as:

  • Why most people forget the majority of what is presented in a training program that occurs infrequently.
  • Why interactive simulations produce higher levels of skills retention than the mere presentation of recommended security actions, but can be difficult to measure compared to other awareness metrics.
  • Why audiences are bored by education programs that fail to leverage a variety of media and content styles.


Speakers

Joanna Huisman
SVP of Strategic Insights & Research
KnowBe4

Cybersecurity

Stop Ransomware Dead in its Tracks: Breaches Need to Move. Don’t let Them.


Speakers

Tony Lauro
Director of Security Strategy
Akamai
Ariel Zeitlin
Co-Founder & CTO
Guardicore

Cybersecurity

Why the Cloud Requires a Platform-centric Approach to Get Cloud Security Right

Apr 6th, 2022 @3:00 pm

Enterprises across the globe are expanding to the cloud to power their business in new ways at a scale never before thought possible. By leveraging cloud infrastructure services and cloud native architectures like containers, Kubernetes and serverless, teams can deploy more quickly and deliver more value to internal and external stakeholders.
At the same time, security teams need to ensure cloud infrastructure is configured properly, compliance is achieved, and vulnerabilities are remediated — a huge challenge without the right tools. In this session, join Orca Security VP of Product Marketing Keith Mokris to explore:

  • The latest trends in cloud adoption
  • Risk that security teams need to be aware of
  • How cloud native application protection platforms aka CNAPPs present an opportunity to get cloud security right 


Speakers

Keith Mokris
VP, Product Marketing, Orca Security
Orca Security

Cybersecurity

Modern Web Apps and APIs Require Modern Security

Apr 6th, 2022 @2:00 pm

The number of web applications and APIs exposed to the internet are growing exponentially. Unsecure web applications and APIs are low hanging fruit that attackers are targeting to steal sensitive data. In a recent report “State of the Web Security for H1 2020,” CDNetworks highlighted that, in particular, web application attacks rose by 800%
Legacy WAFs can no longer provide comprehensive coverage for cloud native architectures, since attackers are looking to exploit unsecured Web Apps & APIs. Application Security and infrastructure teams require a holistic solution with comprehensive protection across the full application lifecycle.
In this webinar, join our product leadership to learn more about the problems organizations face and how Prisma Cloud can secure your Web Apps and APIs on ANY cloud-native architecture.


Speakers

Elad Shuster
Product Manager
Palo Alto Networks
Mohit Bhasin
Senior Product Marketing Manager
Palo Alto Networks
Ory Segal
Cloud Security
Palo Alto Networks

Privacy Notice

This privacy notice discloses the privacy practices for (www.ascentconf.com). This privacy notice applies solely to information collected by this website. It will notify you of the following:

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:

Security

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the address of the Web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 202-256-9707 or [email protected].