3 Step Approach To Comprehensive Runtime Application Security

Runtime security is critical for addressing the unique security and compliance challenges inherent to cloud native development. Without it, workloads are vulnerable to an extensive array of attack vectors.

Join Ivan and Hari as they discuss cloud and application security trends and risks with a closer look at steps needed to protect workloads across their lifecycle, with focus on the runtime phase. Get an overview of agentless and agent-based security architectures and gain a better understanding of what it takes to prioritize API security within your organization.

Speakers

Hari Srinivasan
Sr. Director, Product Management, Prisma Cloud
Palo Alto Networks

×

Hari Srinivasan

Sr. Director, Product Management, Prisma Cloud Palo Alto Networks

Hari Srinivasan is a Sr. Director, Product Management in the Public Cloud team at Palo Alto Networks, responsible for the Cloud Workload Protection pillar of Prisma Cloud. He joined Palo Alto Networks from Qualys, where he was head of cloud and container security products. He has over 18 years of Product Management and Marketing experience, conceptualizing and building cybersecurity, systems management, and infrastructure products at industry leaders such as Oracle. Hari lives in the bay area, and outside of work, he is passionate about volunteering for environmental projects in and around the bay area.

Ivan Melia
Head of Product Marketing, Cloud Workload Protection
Palo Alto Networks

×

Ivan Melia

Head of Product Marketing, Cloud Workload Protection Palo Alto Networks

Ivan leads product marketing for Cloud Workload Protection and Web Application and API security offers, at Palo Alto Networks. Passionate about business, marketing and technology, he focuses on product launches, pre-sales and product adoption. Previously he held product management and business development roles at Cisco.

Converting Cybersecurity From a Cost Center to a Revenue Source

With great SaaS power comes great responsibility. As of 2022, SaaS is said to be worth over $170 billion and the SaaS industry has increased in size by around 500% over the past seven years. SaaS apps are ruling the world – and now it is time to rule it more securely. SaaS security is based on a shared responsibility model. While preventing DDos or Brute Force attacks may be your responsibility, what a user does with the platform once they’re in may need to be the responsibility of the customer. This shared responsibility model represents an enormous burden for most customers, as they need to manage security across numerous SaaS platforms. SaaS companies have a choice to make: either undertake expensive development to extend their internal security or partner with external cybersecurity providers that will concentrate on security for them through APIs.

In this session, Dror will discuss the financial impact of opening APIs to third party security providers, converting cybersecurity from a cost center to a new revenue stream. Effective security APIs enable 3rd party security providers to provide robust security monitoring and protection without the need to build costly security infrastructure directly into the SaaS applications being protected. As such, offering security through APIs can eliminate software bloat and provide value-added features that can drive revenue.

Dror will map out best practices for SaaS companies to construct security APIs that will ultimately enable third-party security providers to help alleviate the shared responsibility model. He will share battled-tested security API development lessons and tips he has learned from going through integrations with SaaS leaders such as Microsoft, Google, Salesforce, and Dropbox. Specifically, Dror will delve into how to create security APIs for scale across three core areas – Collaboration Controls, Activity Monitoring, and Data Loss Prevention. He will also give examples of how to address Access APIs (e.g. access requests, handshakes, and access approvals/denials), SaaS APIs spanning Collaboration and Content Control (such as file controls, file inspection (including malware, regulatory compliance), and user actions (e.g.logging, suspicious behavior).

Speakers

Dror Liwer
Co-Founder & CMO
Coro

×

Dror Liwer

Co-Founder & CMO Coro

Dror has over 25 years of technology, security, and business development experience. Before joining Coro, Dror was the CIO of the IDF’s military police and then became the CEO of Pose, a Venture Partner at RDSeed, a GM at IXI Mobile, and a SVP at Publicis.

Cloud Threat Report: IAM the first line of defense

The ongoing transition to cloud platforms has meant that more sensitive data is stored in the cloud, making it more tempting for adversaries to exploit. When it comes to securing the cloud, identity is the first line of defense. Proper identity and access management (IAM) policies are the foundation of comprehensive cloud security principles. To understand how IAM policies affect organizations’ cloud security posture, Unit 42 researchers analyzed 680,000+ identities across 18,000 cloud accounts from 200 different organizations.

The results of our research were shocking – nearly all organizations we analyzed lack the proper IAM management policy controls to remain secure. Misconfigured IAM policies open the door for cloud threat actors. We define a cloud threat actor as “an individual or group posing a threat to organizations through directed and sustained access to cloud platform resources, services or embedded metadata.” Cloud threat actors merit a separate definition as they employ a fundamentally different set of tactics, techniques and procedures (TTPs) that are unique to the cloud – such as taking advantage of the ability to perform both lateral movement and privilege escalation operations simultaneously.

Join us to find out about the latest research in overprivileged IAM identities in real-world cloud environments and how cloud threat actors are zeroing in on these excessive permissions to expand their control of cloud environments. Detection and mitigation of these risks are possible, we let you know how!

Speakers

Bob West
CSO
Palo Alto Networks

×

Bob West

CSO Palo Alto Networks

Mitigating Risk in the Supply Chain: A Comprehensive Approach

Enterprises face a constant stream of security and resiliency threats, many of which may be attributed to your supply chain and third party ecosystem. The growing challenge of sustaining business operations in this hyper-connected world has created a need for a comprehensive approach to tackling security and risk across the supply chain. Microsoft’s Edna Conway, VP of Security, Risk & Compliance for Microsoft’s cloud infrastructure, and Marene Allison, CISO at Johnson & Johnson, will discuss the importance of public-private partnership and real-world, tangible approaches to address supply chain security and resiliency.

Speakers

Edna Conway
VP, Chief Security & Risk Officer, Azure
Microsoft

×

Edna Conway

VP, Chief Security & Risk Officer, Azure Microsoft

Edna Conway currently serves as VP, Chief Security & Risk Officer, Azure at Microsoft. She is responsible for the security, resiliency and governance of the cloud infrastructure upon which Microsoft’s Intelligent Cloud business operates. She has built new organizations delivering trust, transparency, cybersecurity, compliance, risk management, sustainability and value chain transformation. She is recognized domestically (U.S. Presidential Commissions) and globally (NATO) as the developer of architectures delivering value chain security, sustainability and resiliency. Conway was appointed to the Executive Committee of the U.S. Department of Homeland Security Task Force on ICT Supply Chain Risk Management. Her insight is featured in a range of publications, analyst reports, and case studies, including Forbes, Fortune, Bloomberg, CIO Magazine and the Wall Street Journal. Prior to joining Microsoft, Conway served as Cisco’s Chief Security Officer, Global Value Chain, driving a comprehensive security architecture across Cisco’s third-party ecosystem. Conway was a partner in an international private legal practice and served as Assistant Attorney General for the State of New Hampshire before joining Cisco. She holds an AB from Columbia University, a law degree from the University of Virginia and additional credentials from MIT and Stanford, Carnegie Mellon and New York Universities.

Marene Allison
Chief Information Security Officer
Johnson & Johnson

×

Marene Allison

Chief Information Security Officer Johnson & Johnson

Phishing and Account Compromise – Fighting the Social Engineering Threat to Your Organization

Phishing attacks have increased more than 400% in the past 12 months, resulting in organizations experiencing 12.2 incidents each month. However, did you know that a staggering 95% of cybersecurity breaches are successful due to human error?

While Microsoft data centers are protected by state-of-the-art security infrastructure, even such a robust IT infrastructure can’t protect your Microsoft 365 data from human error.

This workshop will cover:

• Understanding how common social engineering tactics have evolved in the era of remote and hybrid work

• Best practices for securing your data and building a successful BCDR (Business Continuity and Disaster Recovery) Plan across hybrid workloads

• Real world war stories from the field protecting servers, Microsoft 365, Salesforce and more to help prepare you for the next attack

Speakers

Shyam Oza
Director of Product Management
Kaseya

×

Shyam Oza

Director of Product Management Kaseya

Web App and API Security Done Right

•  Today, web apps and APIs are the most common medium for sharing and modifying data. As Web apps and APIs evolve, so does the attack surface.
• The bottom line is: If you are not adequately protecting your web apps and APIs, you are not adequately protecting your data.
• Join this session to learn how Prisma Cloud can help secure your critical web applications and APIs on ANY cloud native architecture and the data behind them.

Speakers

Mohit Bhasin
Senior Product Marketing Manager
Palo Alto Networks

×

Mohit Bhasin

Senior Product Marketing Manager Palo Alto Networks

Mohit is the Product Marketer for the Prisma Cloud team focusing on Web Application and API Security. He has a passion for understanding and solving customer problems. He has a Bachelor of Science in Computer Engineering and a Masters in Business Administration.

Geoff Sindel
Principal Web Application and API Security Architect
Palo Alto Networks

×

Geoff Sindel

Principal Web Application and API Security Architect Palo Alto Networks

Geoff Sindel is a Principal Web Application and API Security Architect with more than two decades of experience designing and implementing secure software on the web. An agilist and polyglot, I have helped organizations, from small startups to multinational enterprises, create cloud-native web applications and APIs. I am passionate about DevSecOps and eager to understand how we can help you simplify and strengthen your web application and API security.

Three Critical Factors in Building a Comprehensive Security Awareness Program

Three key elements form the foundation of a successful awareness education program: knowledge of audiences, pervasive and continuous communication and interactive education on security tactics. Security and risk management leaders should use this research to implement a comprehensive program.

Join Joanna Huisman, SVP of Strategic Insights & Research at KnowBe4, as she shares how your organization can level up your security culture and empower your last line of defense against cyber attacks – your users. She’ll go over key challenges such as:

• Why most people forget the majority of what is presented in a training program that occurs infrequently.
• Why interactive simulations produce higher levels of skills retention than the mere presentation of recommended security actions, but can be difficult to measure compared to other awareness metrics.
• Why audiences are bored by education programs that fail to leverage a variety of media and content styles.

Speakers

Joanna Huisman
SVP of Strategic Insights & Research
KnowBe4

×

Joanna Huisman

SVP of Strategic Insights & Research KnowBe4

Joanna Huisman is a marketing, training and communications professional with over 20 years of experience in strategic, internal and customer-facing engagements in the financial services/tech industries with added experience in sales, operations and organizational development. She was previously senior research director at Gartner in the areas of security awareness, education, behavior management, culture, crisis communications security and risk program managem

Stop Ransomware Dead in its Tracks: Breaches Need to Move. Don’t let Them.

Speakers

Tony Lauro
Director of Security Strategy
Akamai

×

Tony Lauro

Director of Security Strategy Akamai

Tony is currently Director of Security Strategy for Akamai Technologies. He's been involved with Information Security since the late 90's when he worked for a large US based telecom provider. Since then Tony has worked with Akamai’s top global clients to provide cyber security guidance, architectural analysis, web application and network security expertise. With over 20 years of Information Security operations experience Tony has worked and consulted in many verticals including finance, automotive, medical/healthcare, enterprise, and mobile applications. He is currently responsible for Akamai’s North / Central / South American clients advising in the areas of adversarial resiliency, security architecture, and cyber security strategy. Tony’s previous responsibilities include consulting with public sector/government clients at Akamai, managing security operations and pen testing for a mobile payments company, and overseeing security and compliance responsibilities for a global financial software services organization.

Ariel Zeitlin
Co-Founder & CTO
Guardicore

×

Ariel Zeitlin

Co-Founder & CTO Guardicore

Why the Cloud Requires a Platform-centric Approach to Get Cloud Security Right

Enterprises across the globe are expanding to the cloud to power their business in new ways at a scale never before thought possible. By leveraging cloud infrastructure services and cloud native architectures like containers, Kubernetes and serverless, teams can deploy more quickly and deliver more value to internal and external stakeholders.
At the same time, security teams need to ensure cloud infrastructure is configured properly, compliance is achieved, and vulnerabilities are remediated — a huge challenge without the right tools. In this session, join Orca Security VP of Product Marketing Keith Mokris to explore:

• The latest trends in cloud adoption
• Risk that security teams need to be aware of
• How cloud native application protection platforms aka CNAPPs present an opportunity to get cloud security right 

Speakers

Keith Mokris
VP, Product Marketing, Orca Security
Orca Security

×

Keith Mokris

VP, Product Marketing, Orca Security Orca Security

Keith Mokris leads product marketing and evangelism for Orca Security, the industry's leading agentless cloud security platform, where he is focused on helping enterprises secure their cloud environments and applications. Previously, he was Director of Product Marketing for Prisma Cloud. He also led product marketing at Twistlock, the container security company acquired by Palo Alto Networks, and NowSecure, a mobile security startup. In his free time, he enjoys playing chess and taking landscape and street photos. He lives in Portland, OR.

Modern Web Apps and APIs Require Modern Security

The number of web applications and APIs exposed to the internet are growing exponentially. Unsecure web applications and APIs are low hanging fruit that attackers are targeting to steal sensitive data. In a recent report “State of the Web Security for H1 2020,” CDNetworks highlighted that, in particular, web application attacks rose by 800%
Legacy WAFs can no longer provide comprehensive coverage for cloud native architectures, since attackers are looking to exploit unsecured Web Apps & APIs. Application Security and infrastructure teams require a holistic solution with comprehensive protection across the full application lifecycle.
In this webinar, join our product leadership to learn more about the problems organizations face and how Prisma Cloud can secure your Web Apps and APIs on ANY cloud-native architecture.

Speakers

Elad Shuster
Product Manager
Palo Alto Networks

×

Elad Shuster

Product Manager Palo Alto Networks

Elad is the Product Line Manager for Web Application and API Security - Palo Alto's cloud native application firewall. With over 10 years of experience as a cyber security practitioner, Elad has presented his work in leading security conferences such as Blackhat and OWASP's AppSec USA and Europe. Prior to joining Palo Alto Networks, Elad led a team of security researchers at Akamai, exploring new trends and emerging threats in the world of web application security.

Mohit Bhasin
Senior Product Marketing Manager
Palo Alto Networks

×

Mohit Bhasin

Senior Product Marketing Manager Palo Alto Networks

Mohit is the Product Marketer for the Prisma Cloud team focusing on Web Application and API Security. He has a passion for understanding and solving customer problems. He has a Bachelor of Science in Computer Engineering and a Masters in Business Administration.

Ory Segal
Cloud Security
Palo Alto Networks

×

Ory Segal

Cloud Security Palo Alto Networks

Ory is a world-renowned expert and veteran in application security with 20+ years of experience. Ory joined Palo Alto Networks through the acquisition of PureSec, where he was the CTO and co-founder. Ory holds numerous patents in the field of application security. Ory serves as an officer of the Web Application Security Consortium (WASC), former CSA Israel Chapter Board Member and former OWASP (IL) board member.