cloudsec 2021 learning path v4

1

Hosted by

REIMAGINE YOUR CLOUD

16-18Novemberwww.cloudsec.com

SESSION TRACKSAvailable On Demand

Title Session Description Speakers

What is a Zero Trust security strategy?

What does Zero Trust mean? Is it a philosophy, culture, or strategy? Is Zero Trust the same as SASE or ZNTA? In this session, we'll try to demystify these and discuss the various aspects of this concept.

Greg Young,VP, Cybersecurity, Trend MicroEric Skinner,VP, Market Strategy, Trend Micro

Continuous assessment's role in Zero Trust

Is a snapshot validation/verification of identities, devices, applications and data su�cient in a Zero Trust implementation. In this session, we'll examine the concept of continuouse assessment as part of a Zero Trust strategy.

Chris Taylor, Director of Product Marketing, Trend Micro

Zero Trust for Hybrid Cloud

Although the hybrid cloud now handles much that was formerly done by the in-house IT organization several challenges remain. We begin this talk by discussing the elements of conventional I&O that must remain – although transformed – when migrating increasing portions of an organization’s workload to hybrid cloud.

William MalikVP, Infrastructure Strategies Trend Micro

Zero Trust

Zero Trust

Reimagine Zero Trust.

Insights into seamless integration and implementation of the Zero Trust model. Security Strategies across varied technologies, devices, applications, data, and infrastructure.

Cloud Infrastructure as Code

Reimagine Security-as-Code.

Revolution in the arena of designing, developing, and maintaining infrastructure. Adopt the power of agility, automation, and consistency.

Cloud Native DevOps

Reimagine DevSecOps.

The Future of Software development: an agile approach to building Adopt and empower DevSecOps culture. Best practices strategies, and team creation.

XDR

Reimagine SOC Direction & Response.

Deep Dive into the next enhancement of cybersecurity-XDR. Learn Strategies and technology to detect early, respond fast and reduce alert fatigue.

Threat Landscape

Reimagine Threat Intelligence.

Comprehend threat landscape, threat actors and attack vectors. Get insights into attack campaigns’ intent, motivations, and tactics. Build a proactive defense and agile response.

We consider the split between previously amalgamated technologies and processes that now requires clear segregation between technical operations (e.g., backing up the file) and supervisory oversight. We will delve into why the separation from technical performance of various tasks (some of which are still in-house on others of which use cloud) requires a consistent way to see what’s being done, by whom, and how it’s being verified – a problem that has challenged some cybersecurity teams for a long time.

TitleSession Description Speakers

Complexity & The Cloud: Making It All Make Sense

David Levine,VP Corporate and Information Security, RICOHGreg Young, VP Cybersecurity, Trend Micro

2

Second, the session will focus on the architectural challenge that zero trust (a successor to network access control) places on conventional information security architectures, procedures, sta�ng, and audit. We will examine why adding zero trust as an architectural principle puts similar stress on conventional tasks such as provisioning, procurement, network segmentation, IT/OT integration, encryption, key management, certificate management, and continuity of operations.

Next, we consider Zero Trust's enablement of hybrid cloud and mixed environments and why zero trust is becoming recognized as the most robust cybersecurity architecture for the heterogeneous, hybrid cloud world, with natural adaptation to industrial IoT and OT networks in general. We will outline good practices for zero trust incorporation, and some pitfalls to avoid as workloads migrate to hybrid cloud.

Finally, will close with some tips to smooth the passage to this cybersecurity approach.

Zero Trust working together with Detection & Response

Eric Skinner,VP, Market Strategy, Trend MicroThomas Griffith,

How do Zero Trust and XDR approaches help each other? What is the role of each, how do they work together to deliver faster time to detection?

Zero Trust approaches to secure connectivity: SASE and ZTNA

Kris Anderson,Product Manager, Trend Micro

The way employees connect to company resources have changed dramatically over the last few years. Organizations are struggling to adapt, as the traditional boundaries of the corporate network are no longer su�cient. Discover how a Zero Trust strategy can provide the coverage needed to address these concerns.

TitleSession Description Speakers

3

Identity-Focused Security for Your Zero Trust Journey - An APAC Lens

Karunanand Menon,Senior Sales Engineer, Asia, Okta

With increasingly distributed workforces and the rise in identity-based attacks, identity has become the de facto perimeter for organisations today. Identity is the foundation of a zero-trust architecture, as you need to ensure the right people have the right level of access, on the right device, to the right resource, in the right context. We will deep dive into APAC and view the adoption of zero-trust across organisations within Asia-pacific and how it compares to its global counterparts. Learn how a comprehensive, identity-first security strategy can tie the complexities of protecting people and assets together in a seamless experience.

Remote workforce challenges: a CISO's perspective

Mick McCluney,Technical Leader, Trend MicroGreg Young,

CISO-level conversation about the shift to remote work, and all the security and visibility challenges that came with it.

Best practices in implementing Zero-Trust in OT/ICS environment

Steven Hsu,Marketing Director, TXOne Networks

Gartner predicts that, by 2024, 75% of CEOs will be held personally liable for cyber-physical security incidents. In this session, we'll review recent changes in the OT threat landscape, recommendations and best practices for IT and OT cyber defense - how best to implement Zero-Trust in an OT environment.

Zero Trust: A risk-focused approach

Nitin R Patil,Principal Sales Engineer, Trend Micro

Zero Trust is one of the most talked topic across the industry and most organizations are trying to define their journey. In this talk, we examine one of the approaches and how it may enhance this journey by design.

The Evolution of Remote Access: VPN-ZTNA-SASE

Demetris Booth,Director of Product Marketing, APJ, Cato Networks

We are on the precipice of dynamic, ever-lasting change in the global business landscape. Digital Transformation and the general evolution towards remote working are driving demand to increase security and flexibility while reducing risk and complexity. In this session, we will to highlight the significance of Zero Trust Network Access (ZTNA) and how Secure Access Service Edge (SASE) provides additional value in this era of remote, hybrid, and cloud-based work.


4

Today’s operational and technological needs have resulted in Government agencies moving their data into the Cloud. Unlike previous legacy on-prem arrangements, the migration to Cloud has brought about a new set of risks and considerations – and organisations must take serious precautionary measures. A lack of holistic cloud security strategy is detrimental to any agencies – from lack of visibility of data types residing in the cloud, to lack of security controls and absence of monitoring of cloud workloads and applications. For some the journey of digital transformation seems daunting, yet organisations do not need to walk this journey alone

In today’s session, NCS will explore the migration of data to Cloud, key considerations for cloud security and Zero trust architecture as part of the strategy. At NCS, we believe that cyber security demands a proactive, preventive approach and not a reactive one. We think that organizations need to have a comprehensive, proactive cyber plan that enables you to protect, detect and respond e�ectively to any cyber threats. One of the grand challenges of a cloud strategy is securing the environment, thus we will discuss how Government agencies should leverage on disruptive, emerging technologies to secure and innovate operations in an everchanging cyberthreat landscape. A key approach is to adopt the Zero trust architecture in their security, and we will share NCS’s 8 zero trust principles. The guiding principle for Zero Trust is simple – “Privilege is now a justification and not an entitlement”. Organisations keen to embark on their Zero Trust journey must take into consideration the transition process. By working with the right technology partners such as NCS & Trend Micro, organisations are able to implement a robust cloud security strategy, compliant with cybersecurity standards.

NIST Approach and Know your Risks then Prevent by Zero Trust

Gultekin Bildik,Technical Account Manager, Trend Micro

NIST describes Zero Trust (ZT) as an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. This session is focusing on Risks and Prevention by using Zero Trust and mostly explore NIST's Special Publication 800-207 document for Zero Trust.

Cloud Security: A robust strategy with Zero Trust

Prasanna Venkatesh,Security Architect O�ce Team Leader, NCS


XDR

How should aan organization embark on the Zero Trust journey?

Sameer Sanisi,Business Development Leader, Digital Trust Services Portfolio, IBM

Zero Trust principles and its necessity is now well understood by security and risk professionals. The conversation is now beyond the three principles of Zero Trust and time is put these principles into practice. The Zero Trust conversation in every organization is di�erent and unique to their environment & business model. Yet there are some common practices that security professionals should consider when defining their Zero Trust roadmap. In this session, I will discuss what are these common practices that organization can leverage and benefit, without struggling with art of possibilities.


The XDR Advantage – how native XDR can help lower organization's overall cyber risk

Mick McCluney,Technical Director, Trend Micro Thomas Griffith,Sr. Sales Engineer, Trend Micro

Native XDR brings the benefits of consolidated security tooling to your detction and repsonse capability. In this sessions, we'll take you through how native XDR can simplify your security tooling, speed up time to value and reduce the noise in your SOC.

Importance of MITRE ATT&CK Framework &XDR

Ian Heritage,Cyber Security Architect, Trend Micro

Learn how the MITRE ATT&CK framework is an integral part of creating a clear story of an attack. In this session, we'll provide an ATT&CK framework overview, cover the latest MITRE Engenuity ATT&CK evaluation and demonstrate how you can quickly build a picture of your environment with XDR.

Native XDR, Hybrid XDR, Analytic Platform - What's the difference, and which one make sense for you?

Andrew Chen,Director Product Ops & Service Management, Trend Micro

Since XDR was coined several years back and is becoming a category, every security related vendor has come up with a XDR angle and pitch. In this sessin you will see how the analyst classify and demistify each of classifcation from time-to-value, and many other factors you should consider when defining your detection and response strategy.

“Trust No One” in an increasing interconnected ecosystem of digital technologies using the Zero-trust approach

Chan Kok Leong,Vice President, Engineering, Ensign InfoSecurity (Singapore) Pte Ltd

The traditional perimeter security model is broken. In the past, bad actors were always deemed to be on the outside of the organisation’s network perimeter, but this is no longer the case with the increase in adoption of remote workforce and cloud-based technologies. Organisations need to adopt a zero-trust approach to securing their digital assets. In this session, we will share our approach in adopting Zero Trust.

5


How XDR Help Drive Centralized Monitoring and Response in Government Sectors

Clarence Chan, Senior Sales Engineer, Trend Micro

Government bodies and agencies are prime targets for sophisticated attacks. These attacks typically involve multiple stages that can come from di�erent attack channels and involves using living o� the land tools. It requires to have better clarity and visibility into these growing threats by having a centralized monitoring and response platform that can help drive a coordinated discovery and response to these threats.In this session, find out more about the challenges of building a centralized monitoring and response platform within government sectors and how XDR can help.

How does playbook automate investigations and security responses, and how do you build out your playbook?

Biswajit De,Sr. Technical Consultant, Trend Micro

An incident response playbook empowers teams with standard procedures and steps for responding and resolving incidents in real time.Playbooks are a key component of SecOps incident management. They set the organization’s policies and practices for responding to unplanned outages, help teams bring order to chaos and make sure everyone’s responding to incidents and security threats consistently. An incident management handbook gives your team a set of processes for responding to, resolving, and learning from every incident, whether it’s a security issue or another emerging vulnerability. The content can include everything from runbooks and checklists to templates, training exercises, security attack scenarios and simulation drills.

XDR - Building Visibility and Response Framework Across Enterprise using Hybrid or Native XDR strategy

Vaibhav Pathak,Sales Engineer, Trend Micro

XDR is a complete threat detection and response tool in to the enterprises SOC arsenal for e�ective threat and risk management. Lets learn and evaluate the best XDR strategy for the enterprises.

XDR - Integration with the ecosystem

Nitin R Patil,Prinicial Sales Engineer, Trend Micro

As the industry is talking about EDR being dead, XDR will be long lived. Integration with the existing ecosystem is one of the critical aspects in the journey from prevention to Endpoint Detection and Response to Extended Detection and Response. Let’s see the best fitment of XDR in our ecosystem - Integration and Automation.

6


Outsource or in-house XDR Implementation: One-stop shop with MSSP or federated?

Biswajit De,Sr. Technical Consultant, Trend Micro

Most of the Large Enterprise have native Security Operations. It has been seen that mostly Mid Enterprise are an attractive target for cybercriminals because they often don't have the financial resources nor the required knowledge to create robust security strategies. Most thus, lack the resources to build and manage a security operation center (SOC), and are ill equipped to implement, manage, and maintain a security information and event management (SIEM) solution. With the adoption of necessary technologies like XDR Choosing the right SOCaaS and technology Partner becomes important.

MSSP: What should you look for in a SOCaaS partner?

Jessica Bernardo,Pre-Sales Consultant, Trend Micro

MSSPs continue to evaluate and/or adopt SOCaaS (Security Operations Center as a Service) to automate alert management, and to manage security analyst workloads. Learn more about the key considerations in choosing the right and e�ective SOCaaS partner to complement the MSSP o�ering as we delve deep and answer the question : What should MSSP look for in SOCaaS partner?

Native XDR as effective data source for point of trigger in reponse cycle

Sage Khor, Sr Presales Consultant, Trend Micro

Learn how can Native XDR can provide better actionable insight to SOC for better response cycle, eliminating time to response on critical incident with high fidelity correlated data.

Cyber Security vs. Cyber resilience : Why both are essential?

Lionel Orishane,Senior Sales Engineer, Trend Micro

In today's evolving threat landscape, both Cyber Security & Resilience respectively are methodologies to enable collaboration between IT Risks and IT Security team in most organisations today. The Cyber Security controls (Process & Technologies combined) are relevant to keep the bag guys out as much as possible, while the Cyber resilience practice and strategy prepares the organisation to been able to withstand or recover quickly when the bad guys are able to breach the organisation. In this session, we'd be looking at quick wins to enable organisation today, conveniently adopt some recommendations that would harness combining the essentials of Cyber Security & Resilience in mitigating damages and risks.

7


How is XDR affecting the partner communities: MSSP, SOCaaS, outsourced SOC operation?

Christina Tee-Bautista,Solutions Consultant, Trend Micro

The managed security services ecosystem has changed the past few years. Due to the continuous change in threat landscape, it has forced the security strategies of organizations to move from a solution-centric to a services-centric SOC arrangement. In this session, learn the challenges of a traditional SOC and how new MSSPs adapt XDR to be able to keep us with the demands of the market.

Trends in XDR: Leveling the playing field against threat actors

Yossi Attia,Sr. SE Manager, Trend Micro

A key challenge to the security analyst and CISO's is the ability to monitor events and activities across the organization, that includes di�erent control points, 3rd party integrations and up & down the supply chain. While the challenge for the security team has sky rocketed, so has been the number of attack surfaces. Explore how XDR helps security teams address these challenges.

How best to integrate threat intelligence into your SOC operations?

Biswajit De, Sr. Technical Consultant, Trend Micro

Most (SOC) teams must deal with huge volumes of alerts generated by the networks they monitor. Triaging these alerts takes too long, and many are never investigated at all. “Alert fatigue” leads analysts to take alerts less seriously than they should. Threat intelligence solves many of these problems — helping gather information about threats more quickly and accurately, filter out false alarms, speed up triage, and simplify incident analysis. As well as accelerating triage, threat intelligence can help SOC teams simplify incident analysis and containment.

Mistakes were made, lessons were learned from incident response cases in 2020

Andrew George, Technical Presales Consultant, Trend Micro

As Robert Miller said : "There are 2 types of companies; companies that have been breached & companies that will be"This session will give a statistical overview from incident response cases of companies mistakes that lead to breaches & lessons learnt that will help you detect & respond faster when you are breached.

8


Multi-tenancy Platform: Enabling managed XDR, MSSP and centralized analysis of multiple XDR environments

Multi-tenancy is typically defined as the ability to deploy multiple independent instances of a solution that are managed in a single, shared environment. According to analyst firm ESG, more than two-thirds of organizations expect to make XDR investments in the next 6 to 12 months.Multi-tenancy essentially allows MSSPs to have full visibility and manage multiple client XDR Solution environments from a single pane of glass. As an MSSP scales and manages more clients with more diverse Integrations, the need for multi-tenant solutions becomes more critical.

How is data sovereignty and compliance shaping XDR

Suthinand Tannil, Security Consultant, Trend Micro

Biswajit De, Sr. Technical Consultant, Trend Micro

Trend Micro is committed to the security, privacy, transparency and compliance of our customers and their data. With XDR, customers can choose to have their account and security data hosted to meet their data sovereignty requirements and compliance. In this session, you will learn all the concerns for data sovereignt & compliance and how they shape Trend Micro XDR.

Building future ready SOC with XDR

Rathnamala Rajaram, Head of Cyber Vigilance Platform Services, Tata Consultancy Services, Trend Micro

Enterprises need advanced SOC team delivering business agile, proactive and holistic security incident monitoring and detection leveraging the right technology stack for extended detection and response (XDR). Join to know how we can build a future-ready SOC with multi-cloud capabilities.

Explore how role-based access control (RBAC) plays a critical role in separating access and functions in your SOC team

Ankit Guglani, Pre-Sales Consultant, Trend Micro

For Cyber Security Hygiene, Authentication & Authorization of applications & security devices is of prime importance, to ensure right people has the right level of access.

A National Goverment's Journey in Centralizing its Cybersecurity Montionring and Response Platform

Jenny Chen, Sr. Product Manager, Trend Micro

In this talk, we'll share a recent initiative driven by the Abu Dhabi government to centralize its cybersecurity platform to e�ectively identify threats in real-time, proactively act to contain and mitigate damages, and strengthen its security posture.

9


All-in on XDR: Where do you start?

Bhavin Gandhi,Sr. Sales Engineer, Trend Micro

eXtended Detection and Response (XDR) has gone from concept to mainstream, and security leaders across industries have prioritized XDR to the top of their security strategy. But there are some basic questions which need answers. In this sessions, we'll address these, to help you better plan for a XDR strategy.

Overcoming traditional methods of threat detection and response with AI

Steven Ng,Chief Information O�ce and EVP, Managed Security Services, Ensign InfoSecurity (Singapore) Pte Ltd

In the ever-changing threat landscape, people and processes must evolve to new levels of cyber detection and response capabilities. Traditional processes which rely on people writing rules are no longer su�cient. Organisations with such systems must shift gear toward adopting defences against more advanced cyberattacks lest their weaknesses become more significantly exposed and exploited. In this session, Ensign will share how you can leverage on state-of-the-art AI-powered Cyber Analytics to keep your organisation secure.

XDR - Addressing SOC Pains and Challenges

Mayar Gomaa, Sales Engineer, Trend Micro

SOC tooling has proliferated. With the emergence of XDR, how is this impacting SOC teams?

Secure your hybrid environment with cloud-native SIEM

Jeremy Tan, Program Manager/Azure Sentinel Engineering, Microsoft

Digital transformation has driven the need to collect data at cloud scale, detect uncovered threats with AI, and rapidly respond to security incidents. Join Jeremy Tan, a Program Manager with the Microsoft Azure Sentinel team to discuss cloud-native security information and event management (SIEM) solution that provides limitless cloud speed and scale, integration with XDR, and faster threat protection with AI capabilities.

Is SIEM and XDR on a collision course?

Chris Tee Chee Toh, Presales Consultant, Trend Micro

With the emerging technology of XDR, SIEM, once synonymous to centralized visibility in enterprise security was frequently mentioned and compared to XDR. The session will focus on this frequently asked question and explain how do both of these technologies di�er from each other, and how do they complement one another if possible.

10


Redefine your detection and response strategy with XDR

Zaheer Ebrahim,Senior Sales Engineer, Trend Micro

Explore how your organisation can go beyond typical detective controls by providing a holistic and simpler view of threats across the entire technology landscape. Join Zaheer Ebrahim, Senior Sales Engineer for Trend Micro South Africa as he discusses how you can redefine your detection and response strategy with XDR to deliver threats to business operations for better, faster outcomes.

Understanding the new kid on the block: XDR

Jeroen de Wit, Associate Partner, EMEA Threat Management COC, IBM

The talk-of-the-town is XDR - is this yet another acronym for an already known technology, or an actual di�erentiator for your approach to detection & response? In this presentation we will touch on the concept of XDR, where it fits in between existing technologies and acronyms (such as SIEM, SOAR, EDR, NDR, IPS/IDS), as well as a look forward to potential synergy in this technological landscape.

Building Future-Ready Security Operating Center with Nutanix

Cam Ogilvie, Channel Systems Engineer Manager, APJ, Nutanix

Prevent cyber attacks and data loss by applying a “zero trust” philosophy. The Nutanix Enterprise Cloud provides native platform hardening, security auditing and reporting, and protection from network threats.In this session, we will take you on a short journey exploring how enterprises rethink future-ready Security Operating Center and how security in the hybrid cloud begins with a robust infrastructure foundation with Nutanix.

How MITRE ATT&CK Framework Benefits XDR to map with today's attack methodologies

Krishanth Kutty, Sales Engineer, Trend Micro

MITRE ATT&CK Evaluations emulations are built to mimic an adversary’s known TTPs and it aims to put together a complete attack that moves through all the stages of a attack from initial compromise to persistence, lateral movement, data exfiltration, and so on.

11


Evolving Threat Landscape: From attacking users and applications to something subtle yet complex.

David Sancho,Senior Threat Researcher, Trend Micro Research

David Sancho will share insights on how the threat landscape has evolved from a simpler “attack the user, attack the software” model to a set of more complex and subtle attacker strategies. The session covers the diversification of possible entryways to victim networks as well as more sophisticated monetization models in the criminal underground. These changes make for a dynamic threat landscape, and it is what defenders need to understand if we want to have a chance at stopping modern cyberattacks.

Cloud & DevOps related risks and their active exploitation during 2020-2021

David Fiser,Senior Cyber Threat Researcher, Trend Micro

During this talk, we will describe two major security risks inside Cloud & DevOps world - misconfiguration and secrets storage.This will be linked with real world examples and code snippets from malware exploiting these weaknesses which we have seen during the course of 2020-2021 including creative usage of IaC tools by threat actors.

ATT&CKing the Cloud - An analysis of MITRE ATT&CK and TeamTNT

Magno Logan,Senior Threat Researcher, Trend Micro

This presentation discusses di�erent attacks the threat group known as TeamTNT is doing to compromise and leverage Cloud, Containers, and Kubernetes. First, we will cover who TeamTNT is and how they operate. Then, we will dig deeper into di�erent ways these attackers are using to exploit these environments. Next, we’ll focus more on the MITRE ATT&CK for Cloud and Containers to discuss the TTPs used by this threat group. Next, we will demonstrate di�erent forms of Reconnaissance, Initial Access, Execution, Persistence, Privilege Escalation, Impact, and other Tactics used by TeamTNT to automate and compromise multiple cloud providers and clusters worldwide. Finally, we will provide actionable best practices and guidance for securing your environment based on these attacks and the CIS Benchmarks.

Threat Landscape

12


Cloud Miners: They just want us to leave them alone

Stephen Hilt,Senior Threat Researcher, Trend Micro Research

Since 2019, there has been a rise in crypto-mining groups attacking cloud services looking to profit o� purely secured services. This talk will dive into the personas as well as the motives behind some of the more notable groups such as TeamTNT and Outlaw. We will learn why these groups target cloud infrastructures and why mining is their top priority. Our team worked closely with Oracle to disrupt their processes by understanding the attackers and their intensions. It was found in our previous work with IoT malware that these actors clean other infections for their victims - but leave their own malware running.

Past and Future: The ICS Threat Terrain

Mars Cheng,Threat Researcher, TXOne Networks

This talk will use recent threat intelligence and ICS cybersecurity incidents to give listeners a picture of the current ICS threat terrain and create predictions for future ICS threats. We’ll finish with ideal defensive strategies for the ICS environment.

How cyberattacks are changing – from the new Microsoft Digital Defense Report

Judy Ng,Senior Intelligence Analyst/Digital Crime Unit, Microsoft

In 2021, cybercrime has become more sophisticated, widespread, and relentless. Criminals have targeted critical infrastructure—healthcare, information technology, financial services, energy sectors—with headline-grabbing attacks that crippled businesses and harmed consumers. In this session, we will provide our latest insights from 2021 annual Microsoft Digital Defense Report (MDDR), drawing upon over 24 trillion daily security signals across the cloud & endpoints.

Security Resilience for Ever-Evolving Digital Transformation on Cloud

Arunkumar Selvaraj,TCS

While digital transformation has picked up across industries and cloud has been a key driver, it is imperative to understand the complexities involved. On the one hand, cloud o�ers greater flexibility, agility, resilience and scalability, but on the other it poses risks and challenges in terms of regulatory compliance, increased exposure, distributed data and identity, misconfigurations and consistent enforcement of enterprise security policy.

13


“Collapsing Fences” remote working as the new norm, increasing cloud adoption, IoT, and outdated OT systems are continuously elevating cyber risk profile for modern digital enterprises. Furthermore, the laws governing data storage di�er, and at times enterprises expect data sovereignty. Complying with the security and regulatory laws as laid down by a state or nation is of utmost importance. Hence, enterprises need to factor in the security and privacy laws governing a state or nation while entrusting their data management to a cloud service provider. For Hackers, high-value data is the primary target; phishing and access compromise remains the most common cyber-attack vector; reputation for ransom is the new normal.

Securing a cloud-based enterprise IT requires a robust cloud security strategy to unlock the potential value of digitalization, fuel innovation in business models and prevent financial and reputational losses. Moreover, the cloud security strategy needs to be integrated into the larger business strategy as the digital footprint expands.

Minding the Gaps: The State of Vulnerabilities in Cloud Native Applications

Magno Logan,Senior Threat Researcher, Trend Micro

This session aims to present the research results analyzing all the vulnerabilities reported from previous cloud native tools security audits and publicly known vulnerabilities reported by third-party directly to the project maintainers. We’ve bundled and analyzed all these vulnerabilities from di�erent projects such as Kubernetes, Helm, etcd, gRPC, CodeDNS, and many others until July 2021. The goal was to understand the most common issues and most critical risks found in those tools. Furthermore, we wanted to know why they happen, try to prevent them from happening in the future, and at the same time raise awareness for users and organizations using those projects about the risks associated with using these tools in their environment.

14


In the first half of the year, threats from all angles permeated the cybersecurity landscape as a variety of security issues such as ransomware, campaigns, scams, and vulnerabilities plagued organizations across the globe. Being informed about all these issues can be one of the first methods of protection.

Attack Campaigns in 2021 - How they impact your security strategy?

Mert Pacacioglu,Technical Account Manager, Trend Micro

In this presentation, the team will discuss the details of techniques, tactics and procedures of Water Roc, a particular group of Ransomware as a Service (RaaS). We will talk about ways how this group gains initial access to a network, the lateral movement phase, data exfiltration of sensitive data, and other extortion methods used in the attack. We will also compare the particual RaaS of Water Roc with a dozen other Ransomware-as-a-Service groups. We will point out that several of these RaaS groups have weak points in their operational security that may lead to clues for researchers and law enforcement to take action against them.

Ransoming Muli-billion Dollar Companies - A Deep Dive into Water ROC

Feike Hacquebord,Senior Threat Researcher, Trend Micro Research

Ransomware has been the top malware of concern in the cybersecurity industry. Amon these ransomware families is BlackMatter, a ransomware that incorporated the strengths of Revil, LockBit and Darkside. Its notoriety among the cybersecurity space also inspired other criminal groups in mimicking its strategy.In this talk, the team will take a deep dive into BlackMatter operations and expose its trade secrets - from recruitment to deployment. The session will demonstrate how to track its activities and reveal the capabilities of this ransomware. Finally, we will provide insights on waht could be this ransomware's future strategies.

Diving Deep into RaaS: Featuring BlackMatter Ransomware Operations

Monte de Jesus,Senior Threat Researcher and Threat Hunter, Trend Micro Research

The topic of Threat Intelligence and its curation is a popular topic, but its usefulness and applicability is always a question. Most organizations are still struggling to ingest Threat Intelligence, but is in fact more of a necessity nowadays than a luxury. In this talk, we would go through a typical implementations, have some ideas to incorporate its perceived usefulness and utilize it into a threat intelligence engine that would hopefully improve an organization's security posture.

Pitfalls of Threat Intelligence, and how to avoid them.

Jay Yaneza,Director of Global Operations, Trend Micro Managed XDR, Trend Micro

15


Targeted ransomware attacks have been on the rise in recent years with many victims paying thousands of dollars to ransomware operators. This presentation examines the ecosystem of targeted ransomware attacks from an underground perspective. It will discuss the tools and techniques the attackers use, from intimidation to robo-call attacks. We will also examine a potential structure of a ransomware group, discuss the cost of operations, and what keeps the ransom requests at the current levels. Finally, we will project the future trends of ransomware.

Goods, Services, and Business Relationships in Ransomware Ecosystem

Dr. Fyodor Yarochkin,Senior Threat Researcher, Trend Micro Research

In this talk, we put a cyber mercenary into the spotlight. This cyber mercenary does not have a shiny brochure or o�ce, but it advertises services in underground forums like Probiv. We will detail campaigns of this actor we track as "Void Balaur" spanning 2016-2021.

Void Balaur: a Cyber Mercenary from the Underground

Feike Hacquebord,Senior Threat Researcher, Trend Micro Research

With ransomware attacks become more serious and ransom demands rising, businesses are facing challenges (including large premium increases) when seeking or renewing cyber-insurance. Why are insurers having trouble predicting cyber risk? What new demands are they making at policy renewal time? And what is the likely evolution of cyber-insurance?

Cyber-insurance: getting insured in a challenging market

Eric Skinner,VP, Market Strategy, Trend Micro

Trend Micro Research’s analysis of victim support chats will give you a behind-the-scenes peak at what is really happening during ransomware negotiations. Gain tips on preventing an attack. Discover ways to plan for one. And understand what to expect if you end up in a ransomware negotiation.

Ransomware Response & Negotiation: Best Practices from the Trenches

Erin Sindelar,Senior Threat Researcher, Trend Micro Research

A practitioner's view on Defensive Technologies and their maturity to meet the needs of the ever-changing Cyber Threat landscape. This session will focus on the shift of threat actors’ modus operandi, how they orchestrate coordinated attacks and how an organization can prepare for cyber resiliency.

Plugging the gaps in Cyber Defense

Sangamesh S,Group Manager – Information Security, Infosys

16


With the implementation of COVID Vaccination Travel Certificates, many government and private sectors are using this common identity attribute (vaccination status) as a common identity (an error). By "bolting" information on education, employment, travel status, and the like, all of the associated systems can be compromised through undetectable methods. In this presentation, our speaker's perspective as a member of the UN-WHO Steering Committee for Vaccination Travel Certificates, will be shared and discussed extensively. The Zero Trust Architecture, a solution that was proposed to UN-WHO, will be explained in this talk.

Zero Trust: Vulnerabilities in COVID Vaccination Certificates and National Identity

Craig Gibson,Principal Threat Defense Architect, Trend Micro Research

The world has changed and it will continue to change faster than we can imagine. What will the landscape look like for the 2032 Games and the development of the security think tank leading the way?

Cybersecurity - Paving the way to the 2032 Olympics

Professor Neil Curtis,Senior Executive, Cybersecurity, DXC Technology

Ransomware continues to be a significant threat to enterprises and government organizations. In this talk, we'll examine the various types and techniques of ransomware attacks, and how to protect against one.

How to deal with Ransomware

Mazhar Yurdakul,Customer Service Engineer,DXC Technology

XDR is a complete threat detection and response tool in to the enterprises SOC arsenal for e�ective threat and risk management. Lets learn and evaluate the best XDR strategy for the enterprises.

17


Who's doing what in the cloud - A CISO view of how to keep taps across your cloud security risks.

Fiona Griffin,Cloud Solution Architect, Trend MicroMick McCluney,Technical Director, Trend Micro

A CISO's job is increasingly di�cult with a mixed bag of technologies they have to look after, while making sure they don't inadvertently expose the organisation to security risks. In this session, we look at the preventive, corrective, detective controls CISOs can use to ensure cloud services are built and maintained securely. We also highlight the urgent cloud risks a CISO should be aware of, such as how to gain visibility across the cloud footprint, track compliance evolution and shift security to the left.

Are your building blocks secure?

Roy Lackner,Senior Cloud Architect, Trend Micro

Compute, network, storage, infrastructure, and users are the building blocks of a comprehensive cloud environment. Once a cloud environment is set up, the cloud builders invariably encounter a slew of challenges, such as misconfigurations, lack of visibility between account owners, lack of time to ensure processes are run properly, and so on. In this session, Roy discusses some of the most common challenges in securing the building blocks in the cloud.

3 types of basic tools for a secure IAC workflow

Clara Lim,Cloud Security Sales Specialist, Trend Micro

As builders start building their infrastructure using IAC tools, one of the most common questions is "Is the code we use secure?" In this session, Clara Lim and Paul Hidalgo will be discussing basic tools to put security controls while writing, testing and deploying environments.

Embedding security into IaC streams and workflow

Fernando Cardoso,Solution Architect, Trend Micro

In this session, Fernando shares how cloud architects, DevOps, developer teams can bring continuous security awareness, visibility and runtime protection to their microservices applications, helping to reduce the security risk and increasing the visibility with what is being processes by serverless and containers.

Cloud Misconfigurations: How to gain visibility into what's being built in your public cloud

Aaron Ansari,Global VP, Cloud Security, Trend Micro

Misconfigurations are a common occurrence in the cloud, simply because there are so many services to be configured properly. When misconfigured, your cloud environment may be exposed to security threats. In DevOps, if the dev side is misconfigured, it may introduce risks into the production side. In this session, Aaron shares how companies can use AWS well-architected framework and the shared responsibility model to build your environment correctly, cost e�ectively and securely.

Cloud Infrastructure as Code

18


IaC Compliance in the Cloud: Ticking all the right boxes

Mohamed Ibrahim,Business Development Manager, MENA, Trend Micro

Today, many organisations are adopting infrastructure-as-code to provision their cloud environment. It's easier, manageable, and flexible. However, compliance can crop up as a challenge for organisations as they're moving from the traditional on-premise environment to the cloud environment. In this session, we discuss how companies can ensure industry standards and regulations are properly met during the infrastructure-as-code process across multiple stages.

Key Considerations when migrating from on-prem to cloud

Jolie Pee,Cloud Security Sales Specialist & Sales Engineer, Trend MicroQing Hao

As organizations continue to move more and more of their infrastructure to the cloud, cloud security has become increasingly prevalent and plays a pivotal role driving digital transformation. In this session, Jolie and Qing Hao will discuss the key considerations users face when migrating to the cloud and the best practice to secure your cloud environment

Leveraging cloud performance and security data to accelerate DevSecOps

Chris Frost,Principal Solutions Consultant, New Relic

No surprise, every organisation is currently looking at how to shift Security to the left, and get your developers and application teams thinking about security before deploying to production. New Relic is a modern observability tool, designed to bring data from any source so that developers, operations and business leaders can understand and improve their systems. Join the session to learn how to ingest data from Trend Micro Cloud One - Conformity in New Relic, enabling developers and application owners to proactively improve their security posture earlier in the development lifecycle and ensuring higher-quality, more secure applications are available in production from day one.

Leveraging the Cloud to Mitigate and Recover from Ransomware

Christo Esterhuizen,Technical Sales Engineer , Trend Micro

Ransomware continues to wreak havoc in today's IT environment. This requires that companies develop a strategy in dealing with them. When operating in the cloud, there are a few great rules of thumb to abide by to protect your cloud environment from ransomware attacks. In this session, Christo shares his tips and insights on how you can keep ransomware at bay.

19


Ransomware in object storage - How to protect against it

Fiona Griffin,Cloud Solution Architect, Trend Micro

We know that cloud storage is a major component of creating cloud-native applications, as it affects performance, cost, scalability, availability, and security. With the increase in cloud native application development and file storage services, it also creates a new attack vector. In this session we will take a look at some common attack vectors targeting object storage services, how to secure your cloud environment from these attacks and what should security practitioners consider.

Red Teaming Your AWS Infrastructure

Matthias Loong,Associate Solutions Architect, Trend Micro

Red teaming is an essential tool in any CISO's toolkit today. Stress-testing your cloud environment to find the gaps and loopholes is a great way to improve your cybersecurity posture in the cloud. In this session, the speaker shares why red teaming your AWS infrastructure is valuable to your company and what are the basic ways to test your own environments through three demos.

How is infrastructure immutability reshaping security in the cloud?

Tejas Sheth,Cloud Security Architect, Trend Micro

Immutable infrastructure is a paradigm in which cloud services and deployments are never modified after they’re deployed. However, trends like infrastructure-as-code, auto-scaling with microservices, and serverless platforms are making infrastructure short-lived and immutable. In the session, we will be discussing immutable infrastructure risk models and mitigation techniques.

Enforce compliance across cloud infrastructure with less overheads and manual work

Juston Wong,Sales Engineering Lead, ASEAN, Puppet

Join Puppet to learn how to get a holistic view of continuous compliance status throughout cloud environments, generate reports to easily prove that systems remain in check, and enforce immutable policy as code with expert-built content and modules configured to your environment.

20

Closing the Cloud Security Visibility Gap

Martyn Crew,Senior Product Marketing Director, Gigamon

As organizations embrace cloud and multi-cloud platforms alongside their existing infrastructure, they end up with complex, hybrid environments with inconsistent visibility and security capabilities. In this session, Gigamon will be sharing how Gigamon Hawk can help organizations gain consistent, complete visibility across their hybrid infrastructure and enable them to run fast, stay secure and innovate.


DevSecOps Analyzed – Rise to the prominence and how to do it properly

Davide Benvegnu,DevOps Architect, Microsoft

DevSecOps is something we all keep hearing, and everyone says it is important. But why is it important? And how can we adopt DevSecOps the right way without penalizing any aspect of our workflow, especially in a cloud-native scenario?Let's take a look at the best practices for DevSecOps, and the DOs and DONTs of this practice.

Essential Security for Cloud Native Deployment: 5 key things to review

Mick McCluney,Technical Leader, Trend Micro

Cloud native deployment has become the a fundemental part of the rapid digital transformation taking place across the world. In this fireside chat, Mick McCluney will be chatting with Kelly Gri�n from AWS about the 5 essential things to consider when securing such deployments, from overall visibility and posture to vulnerabilities, containers and securing the code itself.

The container supply chain effect

Roy Lackner,Senior Cloud Architect, Trend Micro

Everybody is familiar with the CI/CD infinity loop of software development. However, it is extremely di�cult to secure this entire supply chain process. In this session, Roy will discuss the concerns that exist in the CI/CD pipeline, including use of open-source tools, containers, the increasing speed of work for developers, security as an afterthought, and more. If you're facing any of these challenges, fear not. Roy also doles out tips that help you secure the entire CI/CD supply chain, such as running code reviews and security scans, dividing the pipeline into di�erent stages and assigning ownership to them, running compliance checks, and so on.

Seven things DevOps needs to know about container security

Kevin Low,Associate Security Solutions Architect, Amazon Web Services

Many businesses have adopted DevOps to increase their ability to deliver and improve applications and products at high velocity. In this session, you’ll learn practical steps to integrate security throughout the entire DevOps pipeline to improve your security posture and keep your Docker Containers secure.

Cloud Native DevOps

21


Cloud Native Application Security: Mental Model and Key Principles

Simon Maple,Simon Maple, Field CTO, Snyk

Digital Transformation, and notably Cloud and DevOps, have radically changed how we run our business and build software, and yet security practices in most companies remain largely unchanged, and so are left behind. This talk shares practices and learnings from companies with forward thinking security teams, who have transformed their security practices as well. It o�ers practical tips and tricks from these leaders, and a broader view on a di�erent approach to security - dev-first security.

Gartner Recommendations forHybrid Cloud Security in 2022

Andrew George,Technical Presales Consultant, Trend Micro

The cloud security space is getting increasingly complex, as more companies adopt more than one cloud service, and software development is becoming faster at the expense of security. With these trends in mind, security needs to evolve too. In this session, you'll learn about the Gartner-backed recommendations for getting cloud security right in 2022, how to shift security to the left of the development cycle, and making sure your cloud security posture management right.

Who's responsible for security - developer, ops pros or security team?

Tejas Sheth,Cloud Security Architect, Trend Micro

In the new era of microservices and serverless application architecture, infrastructure remains ephemeral (stateless) and short-lived. Definition of building new application is not just limited to new feature deployment but also building platform and cloud services along with application feature release. Traditional security processes and operations are facing lack of visibility and control challenges. In this session, we will be looking in to who should co-own security responsibility for microservices and serverless application.

Reducing attack surface in serverless applications with finegrained controls

Keith Rosario,Senior Solutions Architect, Amazon Web Services

Serverless applications allow for finer-grained control when compared to monolithic applications. In this session, we will see why these finer-grained controls limit the attack surface of the serverless applications, and why implementing them isn't as hard as you think.

22


How to secure containers?

Mert Unsaldi,Sales Engineer, Trend Micro

Containers are now being used widely in organizations. However, did you know that 92% of the containers you grab from public repositories contain some kind of vulnerabilities? When unchecked, these vulnerabilities can introduce security loopholes into your applications and the overall IT infrastructure. In this session, the speaker shares the A to Z of securing your containers, from host, network, application, to build pipeline.

Web application and API protection with Google Cloud

Ivon Nicolai, Customer Engineer, Google Cloud

In this session, we will learn about protecting applications and APIs against threats and fraud, to help ensure availability and compliance with Google Cloud.

Magic happens when security is built into the developer workflow, CI/CD pipeline

Amith Singh S,Sales Engineer, Trend Micro

Shifting left is the latest norm in a long line of security practices. DevOps teams around the world are implementing this practice to reduce the cost and time it takes to mitigate a threat at the later stages of application development and release. In this session, we share tips and insights on how to integrate security into your DevOps workflow.

Build solid cloud security from scratch

Mike Milner,Head of PM Cloud One, Trend Micro

Cloud is making building applications much easier than in the traditional environment. However, it's not easy to build them right. With a proliferation of cloud services, it's tricky to make sure your environment is built to best practices. In this session, Mike will show us how to build securely in the cloud with two demos, one on continuous monitoring of your cloud environment, and the other one on securing containers.

Building seamless security for microservices applications

Fernando Cardoso,Solution Architect, Trend Micro

Learn how cloud architects, DevOps, developer teams can bring continuous security awareness, visibility and runtime protection to their micro services applications, helping to reduce the security risk and increasing the visibility with what is being processed by serverless and containers.

23

cloudsec 2021 learning path v4

Documents