Continuing the Cloud Security Flight Simulator series, join SEC540 Cloud Security & DevSecOps Automation author Ben Allen for a webcast on Kubernetes admission control. Kubernetes admission controllers play a critical role in enhancing the security of a Kubernetes cluster. They act as gatekeepers, intercepting requests to the Kubernetes API server before requests are processed and stored by the cluster. Learn how admission control policies...

Before you can help DevOps teams solve security problems and improve their security programs, you need to understand how they think, how they work, and the tools that they use. Join SEC540: Cloud Security & DevSecOps Automation authors and instructors Ben Allen, Eric Johnson, and Jon Zeolla to start the new year for a 4 Part Cloud Security Flight Simulator series. In Part 1, join SEC540 lead author and instructor Eric Johnson for a discuss...

According to market data, more businesses than ever before are utilizing several cloud service providers. The first SANS Multicloud Survey, performed in 2022, indicated that the forces behind the tendency to adopt multiple cloud solutions was driven by a variety of factors, including mergers and acquisitions and concerns around ensuring business continuity. It is also clear that the major cloud service providers continue to innovate and differ...

It seems that every day cyber attackers come up with a new technique or tactic to breach victim organizations. It can seem daunting for security teams to keep up with the constant barrage of the latest threats and capabilities. Despite the best-laid plans, adversaries can still find a way in if security teams don’t prioritize their investments against the tech that protects against the threats targeting them. In this First Look, we look...

The evolution of cloud technologies has ushered in a new era of opportunities, but with it comes a unique set of challenges, particularly in the realms of configuration and network security. This talk will shed light on the modern practices and strategies essential for safeguarding cloud environments against configuration missteps and network vulnerabilities. We'll dissect real-world scenarios where configuration errors led to breaches and del...

As more organizations shift application access to the cloud, which minimizes the need for the data center to act as a hub for access and controls, they are realizing the benefits of cloud-brokering solutions that offer strong security capabilities. Nowhere is this more true than application protection, ranging from traditional WAF controls to API protection, bot detection and prevention, and more. In this webcast, Senior SANS Instructor Dave S...

The evolution of hybrid cloud environments demands innovative solutions to unify on-premise and cloud-based resources seamlessly. This talk, titled "Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes," illuminates the integration challenges and visibility capabilities provided by Entra ID for reconciling identity and access management in hybrid cloud landscapes. Learning Objectives: To enlighten the audience on the import...

The Cloud is enabling businesses to quickly adopt and use technology in ways that we've never imagined before. Security teams need to find ways to keep up; automation is the solution. By using Policy as Code tools we can define and enforce security guardrails. This allows developers and cloud engineers to continue shipping features while bringing the confidence to everybody that security requirements are being met. Learning Objectives: Examine...

Today, most security professionals are actively architecting and implementing cloud security controls across SaaS, PaaS, and IaaS environments. We’ve learned that what once worked on-premises may not work quite the same in the cloud, and a wide range of new and innovative security platforms and services have emerged and evolved in recent years to address critical cloud security use cases and categories, including: Cloud security monitori...

Whether you are just getting started in cloud security, or overseeing a team of technical cloud practitioners, you likely have questions about the process, journey, technology, and career path of cloud security professionals. In this talk, we’ll discuss the myriad responsibilities of people working in cloud security from viewpoints such as: Privacy, compliance, data protection, engineering, offensive security, as well as leadership. We...