Cloud Security Summit
Thursday, April 6, 2017 8 CPEs
9:00 AM – 5:00 PM
Cloud computing has had a huge impact on IT, but in many ways security has fallen behind IT. While we were busy watching our network IDS, technology moved out of the datacenter and to cloud providers. Companies have hundreds—if not thousands—of connected cloud services where organizational data resides. Just because the data isn’t hosted internally, security can’t shirk responsibility for its protection.
This interactive summit will help attendees work through common cloud-based challenges and offer expert insights for managing operations, provider relationship, testing the security of your data in the cloud, and more.
9:00 AM – 9:30 AM
Opening & Sponsor Spotlight
9:30 AM – 10:30 AM
1 Cloud Security Ops: Adapting Your Operations for the Cloud
Cloud computing has had a huge impact on IT, but in many ways security has fallen behind. While we were busy watching our network IDS, technology has moved out of the datacenter to cloud providers. The ability to spin up new environments, services and systems has never been able to move so fast. Tools we are used to having no longer work well for us. Security needs to adapt to this new reality, learn a raft of new terms and get operations moving at higher operating tempo. This talk will discuss the challenges we face, opportunities we have for improvement and what we can do to get on board before we get completely left behind.
10:45 AM – 12:15 PM
2 Tabletop Exercise: Migrating Business Data to the Cloud
Welcome to your first day as the CISO for Widget Corp., an international manufacturer and distributor of custom widgets. Your CFO has just returned from a peer conference and can’t stop talking about how much the company is going to save by going “all in” with regards to cloud. Your CEO has chosen your team to lead the project. Your team must identify how quickly the company can consolidate all on-premesis data in the Chicago and Berlin data centers to cloud-hosted infrastructure.
This exercise will help the team identify any perceived issues with the CFO’s “all in” plan including, but not limited to, the tactical approach to moving data, regulatory compliance and data privacy issues, and the definition of a realistic implementation timeline.
· Discuss and create a data migration plan from a fictional datacenter to two cloud providers
· Identify business concerns, geographic data issues, and regulatory compliance challenges
· Build a realistic timeline for the CFO’s “all in” data migration plan
1:15 PM – 2:15 PM
3 Incident Response in the Cloud
Your company has moved a significant amount of systems and applications to the cloud and things seem to be running smoothly. However, a recent review of the incident response (IR) plan has pointed out that it does nothing to address how IR will be done in the cloud. The company had an incident two years ago which it was unprepared for and as a result the incident resulted in large costs in time, money and wear on employees. The CEO does not want this to happen again. Your team has been tasked with updating the IR plan to address this deficiency. This exercise will walk through an hypothetical incident to address how response will be conducted and what shortcomings there are in regards to evidence collection, performing analysis and ultimately resolving the incident.
· Review the description of a security incident and determine the initial response steps
· Create a list of services that will need to be reviewed for evidence of intrusion
· Discuss options available to collect evidence, analyze security data, and events
· Create a list of viable options to use during an incident to pass along to engineers to evaluate for technical implementation
3:00 PM – 4:00 PM
4 Making Lemonade with (Data) Lemons
Everyone talks about deriving cyber threat intelligence (CTI) from freely available internet-based usage telemetry such as DNS, websites, and forums, but few people look inwards toward their own data. This talk will highlight the benefits of generating your own file-based CTI and showcase a newly created open source tool (Cazador) to extract important data elements (e.g., IP addresses, SSNs, part numbers, etc.) from your unstructured files, hosted locally and within cloud environments like Box, Dropbox, and Office365, to securely fold them into your overall CTI initiatives.
· Generate threat intelligence from your own files
· Locate sensitive/important files in multiple hosted cloud environments
· Freely available open source tool named Cazador will be discussed
4:00 PM – 5:00 PM
5 Purple Team at Cloud Scale
Companies and organizations are increasingly combining red and blue team activities to improve cyber response posture. The problem is penetration and controls assurance testing in cloud services is hard. Harder yet is responding to cloud security incidents. Then porting over on-premises techniques at cloud scale with machine response times will eventually fail.
In this session, John Menerick will lead attendees through red/blue/purple team lessons learned, relevant key performance indicators, metrics, and techniques which take security, compliance, and regulatory obligations into account as essential success criteria. This session is focused on managers who will be called on to make repeatable, predictable decisions in various scenarios.
• Red/blue/purple team lessons learned
• Relevant key performance indicators, metrics, and techniques
• Regulatory obligations to be considered