Guest: Ofer Maor
Guest title: Co-Founder & CTO
The recent increase of cloud based attacks gives us an opportunity to examine new attack vectors and how attackers exploit new services. In this episode we talked with Ofer Maor, Co-Founder at Mitiga, about new attack vectors in cloud computing and how attackers exploit new services such as marketplaces, community repos and other examples.
0:00 Introducing our guest and Mitiga
3:32 Preparing for cloud incident response
7:15 Cloud attack vector - malicious AMI
11:00 More attack vectors on marketplaces
13:18 Github attack vectors
18:15 attack vector - Business email compromise on 365
25:44 how to mitigate cloud incidents
27:58 Summary and last words
Attendees Guest: Yoad Dvir Guest title: Security Lead, Central and Eastern Europe Company: Microsoft Abstract Microsoft security portfolio has been growing and diversifying in the last couple of years, adding more capabilities at various areas of information security. In order to better understand Microsoft strategy and offering, we talked with Yoad Dvir, Cyber Security Lead at Microsoft, about the Microsoft new security pillars: Monitoring, Threat Protection and Information Protection. Timing: 0:00 - Introducing our guest 5:45 - Introducing Microsoft security strategy 12:50 - Security monitoring pillars - Azure monitor, Sentinel, Azure analytics and more 21:10 - Microsoft Threat Protection family - Cloudapp, O365 ATP, Defender ATP, Azure ATP 30:50 - diving deeper into Cloudapp 35:30 - Microsoft Information Protection 44:00 - summary and last words ...
Sponsored By: Attendees Guest: Malgorzata (Gosia) SteinderGuest title: CTO of Hybrid Cloud Research. IBM researchTopic: Compliance automation and zero trust containers Abstract Continuous monitoring, containers, zero trust, confidential computing - those are all examples of technologies that will be the main focus in the upcoming years. In this episode, we hosted Malgorzata (Gosia) Steinder, CTO of Hybrid Cloud Research at IBM, who provided her vision on how all those technologies mentioned above, should be integrated into highly secure applications deployments. Links: NIST OSCAL standard: https://pages.nist.gov/OSCAL/ Automated compliance Open Source tool by IBM https://github.com/IBM/compliance-trestle Security monitoring open source tool by IBM: https://www.ibm.com/blogs/research/2020/01/sysflow/ workload identity: https://developer.ibm.com/solutions/security/articles/protecting-data-using-secret-management-trusted-service-identity/ ...
Attendees Guest: Demi Ben Ari Guest title: CTO Company: Panorays Abstract K8 is rapidly becoming the leading orchestration tool and infrastructure for many companies applications. K8 bring tremendous advantages, provide operations with flexibility and enabling multi cloud deployments. But with all that good there are also challenges. In this podcast we talk with Demi Ben Ari, Founder and R&D at Panorays, A saas company that deployed K8 as infrastructure for fleet of scanners and crawlers. Demi will share his experience with the platform and steps he took in order to utilize most benefits from K8. ...