With Black Hat USA 2019 now in progress, we wrap up this blog series with our final two session recommendations: Attacking and Defending the Microsoft Cloud and Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale.
Attacking and Defending the Microsoft Cloud, which focuses on protecting Office 365 and Azure Active Directory, explores the most common attacks against the cloud and describes effective defenses and mitigation. While it focuses on Microsoft, some topics apply to other providers. The speakers — Trimarc CTO Sean Metcalf, and Mark Morowczynski, a Principal Program Manager at Microsoft, will cover topics including account compromise and token theft; methods to detect attack activity; and secure cloud administration.
Meanwhile, Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities at Scale, outlines how Netflix identifies and eliminates vulnerabilities in the open source software components it uses in its applications at scale. The speaker, Aladdin Almubayed, is a Senior Application Security Engineer at Netflix who will describe the stages in Netflix’s automation strategy and the tools it uses.
Why we’re recommending these sessions
As organizations robustly increase their public cloud adoption, they encounter cloud-specific security and compliance threats, which must be addressed with appropriate tools and processes.
Without the right approach, security teams often struggle with lack of visibility into their cloud assets and resources, and misunderstand cloud providers’ shared security responsibility model. This has led to many easily preventable security mishaps in public cloud deployments due to leaky storage buckets, misconfigured security groups, and erroneous user policies.
In a recent survey of 700 IT and security professionals, the Cloud Security Alliance concluded that public cloud adopters are “facing unique new security concerns,” including:
- Configuration and visibility problems
- Outages caused primarily by human error and configuration mistakes
- Compliance and legal issues
Consequently, we believe this 50-minute briefing would be a worthy one to attend for any Qualys customers interested in sharpening their public cloud security knowledge and skills, in particular for Microsoft Azure environments.
Developers of custom and commercial applications alike often use open source software components, many of which contain vulnerabilities, misconfigurations and other security problems. Thus, it’s key for enterprises to detect and address security issues in the open source software they use.
“As virtually every organization comes to rely on crowdsourced code to run their tech, they also face more potential cybersecurity risks,” wrote Jack Corrigan in NextGov. He cited a Sonatype report that found that compromised Apache Struts software, which hackers exploited in the massive Equifax data breach of 2017, was downloaded 21 million times in 2018.
In this talk, you will hear how Netflix has tackled this problem of open source security by identifying, triaging, and eliminating vulnerabilities in common software packages and their transitive dependencies. We believe it will be very valuable to hear about Netflix’s real-world experiences and best practices so you can reduce the risk of breaches stemming from the use of open source components.
Qualys at Black Hat USA 2019
A Diamond Sponsor, Qualys will again have a major presence at Black Hat USA 2019, which runs from Aug. 3-8 at the Mandalay Bay in Las Vegas. We’ll be there explaining how we can help organizations protect their hybrid IT environments without slowing down their organizations’ digital transformation.
We invite you to stop by our booth (#204), enjoy a cup of coffee from our Nespresso bar, and chat with our product managers and technical account managers. We’ll raffle hi-tech prizes and give out tote bags after each presentation, including:
- Exclusive product previews, including of our new Threat Detection and Response Platform
- Best practices presentations from leading enterprises
- An overview of how Qualys Cloud Platform, our end-to-end security and compliance solution, gives you a real-time, holistic view of your threat landscape, and comprehensive capabilities for attack prevention and incident response