Recently we published a roundup of Threat Stack audio resources to give you quick and easy access to information on cloud security and compliance topics. Judging by your response, you’re finding these useful. So today we’re offering another selection, focusing on recorded webinars that shine a light on security and compliance in action — whether it’s from the point of view of Security Analysts in Threat Stack’s SOC, Threat Stack’s security and compliance experts, or the business, technical, and operational leaders at some of our most innovative customers.
Today’s resources touch on a host of topics including customer success stories (Stratasan strategic health care technologies), security best practices, full stack security observability, best practices for designing and deploying secure container environments, compliance, automation, and more. As you know, we’re always interested in your suggestions, so if there’s something else you’d like to hear about or see, let us know on Twitter. For a complete list of available webinars, take a look at our Resources page.
1. Attack Simulation: Deconstructing an Attack in a Containerized Application
Tim Buntel, Threat Stack VP of AppSec Products, and Miguel De Los Santos, Threat Stack Senior Security Engineer, demonstrate and deconstruct a full stack attack in a containerized application — from the application layer, to the EC2 layer, to the cloud management console. They then provide remediation guidance for developers along with ways to proactively identify risk and reduce an organization’s attack surface.
2. How Cloud-Native has Changed Application Security
As organizations shift towards more complex, ephemeral, cloud-native software development, they need to adapt their security mindset and best practices. In this webinar, Doug Cahill, Senior Analyst at ESG, and Threat Stack’s Tim Buntel discuss the key findings from ESG’s recent “Leverage DevSecOps to Secure Cloud-Native Applications” report. The report covers the current state of security for cloud-native applications, and how organizations can automate security throughout the entire CI/CD pipeline, using a real-world example of a build-time attack.
3. Automated Activity or Insider Threat: Can you Tell the Difference?
In this demonstration, Ethan Hansen, Threat Stack Security Analyst, takes an in-depth look at how the Threat Stack Security Operations Center (SOC) Analysts investigate the downstream actions of automation tools when conducting forensics that require user attribution. Included is a description of the Threat Stack SecOps Program℠, which includes the Threat Stack Oversight℠ service (monitoring and alert triage) and the Threat Stack Insight℠ service (curated analytics).
4. Anatomy of a Build Server Attack
Build servers are typically not top-of-the-list for environments that security teams choose to monitor and secure. The perception is that they do not actually hold sensitive data like a production environment would. In reality, however, they have unique access and functionality that makes them a common target for attackers
Chris Ford, Threat Stack VP of Product, walks through the impact of a build system breach. This example highlights how the attacker leveraged a build server to wage an insidious attack that has a larger blast radius than a similar attack targeting a production environment directly.
5. Secure by Design
Security automation has become the only solution possible for addressing the constant risks of scaling cloud deployments. Making sure every new AWS instance that is spun up is configured correctly would not only be painful, but would also be unrealistic. In this webinar, Threat Stack, AWS, and SessionM give a hands-on review for security professionals, DevOps teams, and others responsible for securing workloads in the cloud to explain how to leverage “Security by Design” techniques and solutions. The webinar covers how to:
- Design and automate your AWS environment with reliably coded security and governance
- Deploy security compliant processes for IT elements
- Operationalize reporting through the use of cloud security services (e.g., Config/Config Rules, CloudTrail)
- Extend security capabilities for real-time governance, risk, and compliance reporting
6. Inside an Active Shellbot Cryptomining Malware Campaign
In this Threat Briefing, Threat Stack SOC Analyst Ethan Hansen walks through details of the newly discovered cryptomining campaign, including the malware components, actual observed attack path, and future investigations.
7. Automating Cloud Security and Compliance
Whether you’re gearing up for a cloud migration, building a new product in the cloud, or have already migrated, have you decided how your cloud workloads will be secured? Do you have your compliance checklists ready? If your answer is “maybe” for cloud infrastructure security, this webinar is designed for you and covers:
- Why and how to get visibility and intrusion detection in your cloud environment
- PCI, HIPAA, SOC 2, and other compliance best practices unique to the cloud
- Low-cost security practices with big payoffs
8. How to Achieve Continuous Compliance in Cloud Native DevOps
Threat Stack’s Tim Buntel presents a case study on how a cloud-native DevOps organization automates security to protect PHI and meets HIPAA requirements. Brian Dailey, co-founder and CTO of Healthcare Information Technology & Services firm Stratasan, shares how his team manages compliance requirements as they continue to scale their cloud infrastructure with a focus on increasing the usage of microservices and containers.
9. How to Achieve Type 2 SOC 2 With Zero Exceptions
Achieving Type 2 SOC 2 compliance with zero exceptions was no easy feat for us. However, rather than implementing stringent security protocols at every point of production, we made SOC 2 work for us – the Threat Stack way.
Final Words . . .
In addition to delivering the outstanding Threat Stack Cloud Security Platform® along with our Insight℠ and Oversight℠ services, we want to make sure we’re keeping you informed about cybersecurity and compliance issues so you can make the best decisions about strengthening your organization’s security posture and competitive advantage. Stay tuned as we continue to deliver the best information — and once again, make sure you let us know on Twitter if there’s any aspect of security or compliance that you want to know more about.