SlideShare a Scribd company logo

Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx

•
•
lior mazor
lior mazor

Nowadays data-driven products in the cloud are delivered faster, IT resources become more responsive and productive with lower costs and higher performance for data operations. Causing Cyber Security risks involved in accessing sensitive data and regulatory compliance requirements. Join us virtually for our upcoming "Why 2024 will become the Year of SaaS Security" Meetup to learn how to resolve SaaS security posture management with AI tools and how to secure your cloud attack surface. Agenda: 17:00 - 17:10 - 'Opening Words' - by Gidi Farkash (Pipl Security) 17:10 - 17:50 - 'How to Resolve SaaS Security Posture Management with GEN AI' - by Ofer Klein (Reco) 17:50 - 18:20 - 'Foundation of Cloud Monitoring' - by Moshe Ferber (Cloud Security Alliance Israel) 18:20 - 19:00 - 'AI in the Hands of the Cyber Protectors' - by Tal Shapira, P.h.D (Reco)

Technology
1 of 81
Join Us: https://www.linkedin.com/company/ application-security-virtual-meetups QR Link:
Leveraging AI for SaaS Security Ofer Klein CEO & Cofounder, Reco
Reco SaaS Security (SSPM)
GenAI App 95% Of new SW will be cloud-based. >300 SaaS apps Productivity vs. Risk
March, 2023 April, 2023 May, 2023 June, 2023 July, 2023 September, 2023 October, 2023 How do you ensure the configuration of your SaaS apps is secured and compliant? “+90% of breaches in 2023 were the result of an unsecured SaaS app. >55% of orgs experienced at least one SaaS breach in the past two years, with 12% unsure of their security status.” 2023 SaaS Security Survey Report by Cloud Security Alliance December, 2023 Confidential
More and more apps use GenAI Confidential Reference: AI Multiple, “Top 100+ Generative AI Applications”
SaaS is the fastest growing attack surface GenAI App SaaS Ecosystem Cloud Ecosystem, End-User Devices, Data Center Confidential
The MGM Resorts Breach techniques attackers used to gain highly privileged access to Okta Confidential
AI-powered SaaS security (SSPM) solution Protect From Exposure Discover Apps, Identities, Data Control Access & Permissions Confidential
Anomaly Detection App Discovery & Consolidation Reco: Harnessing AI to seamlessly secure SaaS Mapping Misalignment of User Permission & Role Identities Interaction Graph Detecting Risky Users Detecting Personal Email Accounts
Applications Service Accounts Users: Admins, employees, contractors Unified identity across SaaS apps Identity consolidation with the Reco Identities Interaction Graph Identities in the SaaS world Confidential
AI-based identities & access governance Confidential
Identity-First SaaS Security SaaS Detection & Response Identity & Access Governance Posture Management & Continuous Compliance App Discovery & Governance Confidential
Improve your SaaS security posture Posture Score Without Reco High Risk, Manual Maintenance, High Cost of Ownership Posture Score With Reco Low Risk, Automatic Maintenance, Low Cost of Ownership 1 month Confidential
Identity-first SaaS security SIEM / EDR SOAR TICKETING COMMUNICATION SaaS Applications Productivity Tools API-Based, Agentless Integration Reco Core Platform App Discovery & Governance Posture Management & Continuous Compliance Identity & Access Governance SaaS Detection & Response POWERED BY THE RECO KNOWLEDGE GRAPH Confidential
We monitor a large data set across SaaS apps and identities 100B+ Interactions analyzed 10k+ 3rd-party apps discovered 1K+ Violations detected 2M+ SaaS users protected 12M+ Insights generated
Thank You! Stay connected at reco.ai
23 www.onlinecloudsec.com Foundations of Cloud monitoring When the winds of change blow, some people build walls and others build windmills. Chinese Proverb Moshe Ferber CCSK, CCSP, CCAK, ACSP “ ”
24 www.onlinecloudsec.com Foundations of Cloud monitoring Moshe Ferber CCSK, CCSP, CCAK, ACSP When the winds of change blow, some people build walls and others build windmills. Chinese Proverb “ ”
25 www.onlinecloudsec.com About myself Cloud Security Course Schedule can be found at: http://www.onlinecloudsec.com/course-schedule Founder, partner and investor at various cyber initiatives and startups Popular industry speaker & lecturer (DEFCON, RSA, BLACKHAT, INFOSEC and more) Co-hosting the Silverlining IL podcast – security engineering Founding committee member for ISC2 CCSP , CSA CCSK, ISACA CCAK certifications Member of the board at Macshava Tova – Narrowing societal gaps Chairman of the Board, Cloud Security Alliance, Israeli Chapter Information security professional for over 20 years
26 www.onlinecloudsec.com 01 Global, not-for-profit organization 02 Building security best practices for next generation IT 03 Research and Educational Programs 04 Cloud providers & security professionals Certifications 05 Awareness and Marketing 06 The globally authoritative source for Trust in the Cloud 26 www.onlinecloudsec.com About the Cloud Security Alliance To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing “ ” CSA Israel: Community of security professional promoting responsible cloud adoption.
27 www.onlinecloudsec.com CSA relevant publications
28 www.onlinecloudsec.com Monitoring Tool set CSPM Cloud Security Posture Management • Protect management dashboard • Monitor for Compliance breachs, misconfiguration, Identity permissions CWPP - Cloud Workload Protection Platform • Protect Workloads (VM’s, Containers, serverless • Traditional end-point security (AV, VA ) ASPM - Application Security Posture Management • Orchestration the SDLC process, from development to deployment and testing CIEM - Cloud Identity & entitlement management • Monitor Identity information • Identity is more then humans - include services, workloads and more DSPM – Data Security Posture management • Govern and monitor of data silos across organizations • Support multiple services SSPM / CASB– SaaS security posture management • Evaluating SaaS providers • Focus on posture and compliance Cloud native application protection platform (CNAPP) IaaS/PaaS SaaS
29 www.onlinecloudsec.com CNAPP CSPM Cloud Security Posture Management • Protect management dashboard • Monitor for Compliance breaks, misconfiguration, Identity permissions CWPP - Cloud Workload Protection Platform • Protect Workloads (VM’s, Containers, serverless • Traditional end-point security (AV, VA ) • Should support new workloads (K8’s, FaaS) Cloud native application protection platform (CNAPP) Focus on IaaS/PaaS All cloud providers got internal solutions A must have solution How compliant I am with IS27001? Do I have misconfiguration issues? Which Workload has critical vulnerability ?
30 www.onlinecloudsec.com ASPM Application Security Posture Management • Orchestration of the SDLC process, from development to deployment & testing and ongoing operations • Integrates with CI/CD , testing tools and workflow tools for developers' friendly integration Focus on IaaS/PaaS Foundation for devsecops The newest solution What are my most vulnerable applications? Which sensitive data is exposed? What is the status of CI/CD security testing ?
31 www.onlinecloudsec.com CIEM Cloud Identity & entitlement management • Monitor Identity information • Identity is more then humans - include services, workloads and more Oriented at multicloud Considered to be a niche Identity is most challenging aspect in cloud Which users don’t have MFA? Which user has over privileges? Which user has hidden privileges?
32 www.onlinecloudsec.com DSPM Data Security Posture Management • Govern and monitor of data silos across organizations • From discovery & classification to realtime monitoring • Support multiple cloud platforms IaaS/PaaS/SaaS Considered to be a niche Has similar aspects to CIEM Do I have public PII? Where are my sensitive files? Who can access project X files?
33 www.onlinecloudsec.com SSPM SaaS Security Posture Management • Detect misconfiguration , excessive permission, compliance risks • A mixture of posture + online monitoring • Need to support multiple services Focus on SaaS GRC Mostly identity and compliance We used to call it CASB DO I have misconfigurations? Which 3rd party apps connected? Which SaaS application do we use?
34 www.onlinecloudsec.com SSPM – important capabilities SaaS Security Posture Management • Directly integrated to the SaaS service • Provide additional visibility, analysis and automation • Required features: • eDiscovery and classification • Logs analysis • Integration with SASE / SSE/ Secure browsing DO I have misconfigurations? Which 3rd party apps connected? Which SaaS application do we use?
35 www.onlinecloudsec.com SaaS Security Architecture SaaS service Organization Network Home Office SSE SASE/ZTNA Secure Browser SIEM/CDR SSPM Access Layer Conditional Access IDP MFA End Point Managment
39 www.onlinecloudsec.com Keep in touch Cloud Security Course Schedule can be found at: http://www.onlinecloudsec.com/course-schedule Moshe Ferber www.onlinecloudsec.com @FerberMoshe http://il.linkedin.com/in/MosheFerber 39 www.onlinecloudsec.com
40 www.onlinecloudsec.com Questions?
AI in the Hands of the Cyber Protectors 41 January 24, 2024 Tal Shapira, PhD CTO & Co-founder, Reco AI
About me Researching GenAI in the context of cybersecurity for over a decade Tal Shapira Academia Industry/Business
My Research Focus - CyberSec & AI GEN-AI NLP Knowledge Graph Learning Encrypted Internet Traffic Classification
How Malicious Actors Can use GenAI? • Data/intel. collection - e.g. "list all the System Admins in Acme” • Advanced social engineering attacks - e.g. leveraging GenAI for phishing campaign - scale & dynamic • Dynamic malwares - e.g. generating polymorphic shellcode using GenAI And many more…
GenAI & Cybersecurity Opportunities • Improve cybersecurity programs • Data enrichment (threat intel) • Discover unknown threats in real-time, • e.g. An unknown shadow app that uses GenAI in real-time • Phishing/malware detection • Policy/automation auto-generation GenAI can improve productivity & reduce the risk of data exposure Additional Reference: Jim Reavis, CEO of the CSA: “Hi ChatGPT, please help Cybersecurity”
Example: Policy Auto-Generation
Anomaly Detection App Discovery & Consolidation Reco: Harnessing AI to Seamlessly Secure SaaS Mapping Misalignment of User Permission & Role Real Time Interaction Graph Detecting Risky Users Detecting Personal Email Accounts
Leveraging AI to Detect SaaS Session Hijacking 48
SaaS Session Hijacking • Malware and phishing techniques, like man-in-the-middle (MITM) attacks, can bypass login credentials and MFA, enabling attackers to gain direct control of an active session • Hijacking a session token allow an attacker access to authorized resources and administrative permissions granted to the user, facilitating lateral movement across applications
1 How to Obtain a Session Token? User logs into the IPD with credentials and ideally MFA Server provides authentication token to verify that user has proven identity. (Session token) IDP uses authentication token for SSO logins to connected applications. 1 2 3
The attacker will attempt to insert themselves between the user and IDP, to get into the middle of the process How to Hijack a Session?
The Trigger: Phishing In the simple MITM scenario, the attacker creates a persuasive phishing message to trick the user into clicking on a malicious link The email redirect the user to a seemingly legitimate login screen, which proxies the traffic through evilginx, allowing successful authentication and access using MS as an IDP To the user, everything appears normal
The Redirect link The actor-controlled domain uses a domain-generation algorithm (DGA) pattern and a .XYZ top-level domain The “Keep My Password” button in points to a URL with a trusted domain followed by parameters, with the actor-controlled domain (c-hi[.]xyz) hidden in plain sight
SaaS Session Hijacking in a Nutshell
The Result • The attacker intercepts a number of sensitive details, including the user’s IP address, credentials, and most importantly, the session token • This allows the attacker to authenticate into the user session without ever needing login credentials or an MFA token
Real-Life Example The MGM Cyber Attack
Why Is It So Hard to Detect? • SaaS session hijacking is often executed discreetly • It’s difficult to detect because attackers reuse legitimate tokens and can establish persistence in connected applications
Current Common Detection Methods • Impossible travel activity • Irregular time pattern • Log-in from an unrecognized device • Suspicious mail flow activity
Problem with the Existing Solutions We are living in an hybrid workforce environment • Devices /UAs - unmanaged, multiple (mobile + desktop), multiple clients (apps + browsers) • IPs - Multiple networks (ISPs, organization VPN), 3rd-party apps • Working from home, working from office, working on-the-fly • Working all the time :) As a result → lots of False Positives (Alert Fatigue)
Example CA, USA IP App to App connectivity Via OAuth2 Company AWS VPN West Europe Office Static IP NY, USA Phone ISP Home Wifi NC, USA TX, USA Desktop App Outlook via Browser Legitimate usages, but can trigger false session hijacking alerts M365 Active Directory
Identity-Focused Solution We need to build a user baseline and organization baseline How? • Building a Temporal Organization Knowledge Graph based on entities and activities from the vast core SaaS applications • Identity Consolidation - by correlating all the identities (person, services, and apps) with their related accounts, across the entire SaaS environment (multiple apps) • Using Graph Machine Learning models to correlate identities with their activities, IPs, location, devices, 3rd-party apps, build a baseline and look for major changes over time
Example - Application (Machine Identity) Consolidation 62
Two Primary Forms of Usage Human (manual) - both by employees and 3rd parties, e.g. vendors/contractors. Machine - SaaS to SaaS connectivity and shadow applications. It became very easy to connect, multiple libraries/plugins that allow the connection. Therefore, it requires an Access Control Policy and App Governance Procedures
Recap • Generative AI is a type of artificial intelligence technology that can produce various types of content, including text, imagery, audio and synthetic data • Retrieval-Augmented Generation (RAG) is an AI framework for retrieving facts from an external knowledge base to ground large language models (LLMs) on the most accurate, up-to-date information and to give users insight into LLMs' generative process Additional Reference: “What is generative AI? Everything you need to know” By George Lawton
Solution: Using GenAI to Detect GenAI Apps More specifically - using Retrieval-Augmented Generation (RAG) Reference: AI Multiple, “Reimagining Contextualized SaaS Security with Generative AI”
-0.013 ... 0.006 -0.001 Semantic Similarity Search Enriched App Name Text Embedding Model Text as vector
Results
Why Is Consolidation So Important? • Cross-App Analysis - • While on an account-level perspective an activity can be legitimate, on an identity-level perspective usually is not • E.g. a user is logged-in to multiple accounts (Google, MS, Zoom, Slack) via Israel, while a single-account (Salesforce) is suddenly being logged-in via Russia • Being able to build a baseline to remove noise - 3rd-party apps used by the identity, baselines IPs, organization's VPNs, etc.
Recap: Knowledge Graphs
Knowledge Graph (KG) Representation Learning • A process in ML where algorithms extract meaningful patterns from raw KGs to create representations that are easier to understand and process • These representations can be designed for interpretability, reveal hidden features, or be used for transfer learning
Graph Neural Networks (GNN)
Deep Learning with Knowledge Graphs
Intuition
Baseline Representation • Identity representation observed at time t - • Organization baseline measured at time t - • Looking for major changes (using dynamic threshold)- three approaches: • Via Graph Representation Learning • Via Knowledge Graph Representation Learning
Third Approach: Dynamic Unlink Prediction
Example
Results
Mitigate the “MGM” Risk with Reco
Key Takeaways • Attackers cleverly insert themselves between users and IDPs through persuasive phishing tactics, as a result they can bypass login credentials and MFA, and gain control on active sessions • This discreet method is hard to detect, as attackers reuse legitimate tokens, compromising entire SaaS environments. • Due to the dynamic nature of current organizations and hybrid workflows, current solutions result with many False Positives • Using AI technology and in-particular (knowledge) graph representation learning can help detect SaaS Session Hijacking and other sophisticated attacks in near real-time
Thank You! Confidential Tal Shapira, PhD CTO & Co-founder, Reco AI
Thank You! Questions? To be continued… https://www.linkedin.com/company/application-security-virtual-meetups

Recommended

Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Cloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsCloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsMoshe Ferber
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityIndonesia Honeynet Chapter
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 

Recommended

Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Cloud security for banks - the central bank of Israel regulations for cloud s...
Cloud security for banks - the central bank of Israel regulations for cloud s...Moshe Ferber
 
Cloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsCloud Security - the egregious 11 cloud security threats
Cloud Security - the egregious 11 cloud security threatsMoshe Ferber
 
Aligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsAligning Risk with Growth - Cloud Security for startups
Aligning Risk with Growth - Cloud Security for startupsMoshe Ferber
 
Cloud security for financial services
Cloud security for financial servicesCloud security for financial services
Cloud security for financial servicesMoshe Ferber
 
Hogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityHogan Kusnadi - Cloud Computing Secutity
Hogan Kusnadi - Cloud Computing SecutityIndonesia Honeynet Chapter
 
Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14Lss implementing cyber security in the cloud, and from the cloud-feb14
Lss implementing cyber security in the cloud, and from the cloud-feb14L S Subramanian
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewValdez Ladd MBA, CISSP, CISA,
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and auditMarc Vael
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
WP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdfWP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdfChristopher Doman
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Amazon Web Services
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...ijcnes
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfInfosec Train
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfinfosec train
 
Agenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraAgenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraZeleno d.o.o.
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the CloudRochester Security Summit
 
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationFive Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationChristopher Doman
 
The Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdfThe Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdflior mazor
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 

More Related Content

Similar to Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx

CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudSafeNet
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and auditMarc Vael
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Ulf Mattsson
 
WP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdfWP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdfChristopher Doman
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Moshe Ferber
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Amazon Web Services
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XPrime Infoserv
 
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...ijcnes
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfInfosec Train
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfinfosec train
 
Agenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraAgenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraZeleno d.o.o.
 
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationFive Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationChristopher Doman
 

Similar to Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx (20)

CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORKCYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
CYBERSECURITY MESH - DIGITAL TRUST FRAMEWORK
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Whose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the CloudWhose Cloud is It Anyway - Data Security in the Cloud
Whose Cloud is It Anyway - Data Security in the Cloud
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
 
Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...Practical advice for cloud data protection ulf mattsson - bright talk webin...
Practical advice for cloud data protection ulf mattsson - bright talk webin...
 
WP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdfWP_ Five Reasons Why_Jan_2023.pdf
WP_ Five Reasons Why_Jan_2023.pdf
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
 
Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...Surviving the lions den - how to sell SaaS services to security oriented cust...
Surviving the lions den - how to sell SaaS services to security oriented cust...
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
 
Crush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield XCrush Cloud Complexity, Simplify Security - Shield X
Crush Cloud Complexity, Simplify Security - Shield X
 
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
Investigation on Challenges in Cloud Security to Provide Effective Cloud Comp...
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdf
 
Cloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdfCloud Security Engineer Interview Questions.pdf
Cloud Security Engineer Interview Questions.pdf
 
Agenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembraAgenda EuroCloud dogodka 14.septembra
Agenda EuroCloud dogodka 14.septembra
 
Losing Control to the Cloud
Losing Control to the CloudLosing Control to the Cloud
Losing Control to the Cloud
 
Five Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response AutomationFive Reasons Why You Need Cloud Investigation & Response Automation
Five Reasons Why You Need Cloud Investigation & Response Automation
 

More from lior mazor

The Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdfThe Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdflior mazor
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...lior mazor
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...lior mazor
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxlior mazor
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxlior mazor
 
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdfVulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdflior mazor
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxlior mazor
 
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptxSailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptxlior mazor
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxlior mazor
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxlior mazor
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119lior mazor
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022lior mazor
 
Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022lior mazor
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...lior mazor
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022lior mazor
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 blior mazor
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021lior mazor
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021lior mazor
 
Application security meetup 02032021
Application security meetup 02032021Application security meetup 02032021
Application security meetup 02032021lior mazor
 

More from lior mazor (20)

The Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdfThe Power of Malware Analysis and Development.pdf
The Power of Malware Analysis and Development.pdf
 
The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...The CISO Problems Risk Compliance Management in a Software Development 030420...
The CISO Problems Risk Compliance Management in a Software Development 030420...
 
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
Reveal the Security Risks in the software Development Lifecycle Meetup 060320...
 
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptxThe Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
The Hacking Games - A Road to Post Exploitation Meetup - 20240222.pptx
 
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptxSecure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
 
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdfVulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
Vulnerability Alert Fatigue and Malicious Code Attacks Meetup 11012024.pdf
 
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptxThe Hacking Game - Think Like a Hacker Meetup 12072023.pptx
The Hacking Game - Think Like a Hacker Meetup 12072023.pptx
 
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptxSailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
 
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptxEmphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
Emphasizing Value of Prioritizing AppSec Meetup 11052023.pptx
 
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptxThe Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
The Hacking Games - Cloud Vulnerabilities Meetup 22032023.pptx
 
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
The Hacking Games - Security vs Productivity and Operational Efficiency 20230119
 
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022The Hacking Games - Operation System Vulnerabilities Meetup 29112022
The Hacking Games - Operation System Vulnerabilities Meetup 29112022
 
Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022Software Supply Chain Security Meetup 21062022
Software Supply Chain Security Meetup 21062022
 
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...Application Security - Dont leave your AppSec for the last moment Meetup 2104...
Application Security - Dont leave your AppSec for the last moment Meetup 2104...
 
User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022User management - the next-gen of authentication meetup 27012022
User management - the next-gen of authentication meetup 27012022
 
Securing and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 bSecuring and automating your application infrastructure meetup 23112021 b
Securing and automating your application infrastructure meetup 23112021 b
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
Application security meetup data privacy_27052021
Application security meetup data privacy_27052021Application security meetup data privacy_27052021
Application security meetup data privacy_27052021
 
Application security meetup 02032021
Application security meetup 02032021Application security meetup 02032021
Application security meetup 02032021
 

Recently uploaded

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 

Recently uploaded (20)

FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 

Why 2024 will become the Year of SaaS Security Meetup 24012024.pptx

  • 2. Leveraging AI for SaaS Security Ofer Klein CEO & Cofounder, Reco
  • 4. GenAI App 95% Of new SW will be cloud-based. >300 SaaS apps Productivity vs. Risk
  • 5. March, 2023 April, 2023 May, 2023 June, 2023 July, 2023 September, 2023 October, 2023 How do you ensure the configuration of your SaaS apps is secured and compliant? “+90% of breaches in 2023 were the result of an unsecured SaaS app. >55% of orgs experienced at least one SaaS breach in the past two years, with 12% unsure of their security status.” 2023 SaaS Security Survey Report by Cloud Security Alliance December, 2023 Confidential
  • 6. More and more apps use GenAI Confidential Reference: AI Multiple, “Top 100+ Generative AI Applications”
  • 7. SaaS is the fastest growing attack surface GenAI App SaaS Ecosystem Cloud Ecosystem, End-User Devices, Data Center Confidential
  • 8. The MGM Resorts Breach techniques attackers used to gain highly privileged access to Okta Confidential
  • 9. AI-powered SaaS security (SSPM) solution Protect From Exposure Discover Apps, Identities, Data Control Access & Permissions Confidential
  • 10. Anomaly Detection App Discovery & Consolidation Reco: Harnessing AI to seamlessly secure SaaS Mapping Misalignment of User Permission & Role Identities Interaction Graph Detecting Risky Users Detecting Personal Email Accounts
  • 11. Applications Service Accounts Users: Admins, employees, contractors Unified identity across SaaS apps Identity consolidation with the Reco Identities Interaction Graph Identities in the SaaS world Confidential
  • 12. AI-based identities & access governance Confidential
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Identity-First SaaS Security SaaS Detection & Response Identity & Access Governance Posture Management & Continuous Compliance App Discovery & Governance Confidential
  • 18. Improve your SaaS security posture Posture Score Without Reco High Risk, Manual Maintenance, High Cost of Ownership Posture Score With Reco Low Risk, Automatic Maintenance, Low Cost of Ownership 1 month Confidential
  • 19. Identity-first SaaS security SIEM / EDR SOAR TICKETING COMMUNICATION SaaS Applications Productivity Tools API-Based, Agentless Integration Reco Core Platform App Discovery & Governance Posture Management & Continuous Compliance Identity & Access Governance SaaS Detection & Response POWERED BY THE RECO KNOWLEDGE GRAPH Confidential
  • 20. We monitor a large data set across SaaS apps and identities 100B+ Interactions analyzed 10k+ 3rd-party apps discovered 1K+ Violations detected 2M+ SaaS users protected 12M+ Insights generated
  • 21.
  • 23. 23 www.onlinecloudsec.com Foundations of Cloud monitoring When the winds of change blow, some people build walls and others build windmills. Chinese Proverb Moshe Ferber CCSK, CCSP, CCAK, ACSP “ ”
  • 24. 24 www.onlinecloudsec.com Foundations of Cloud monitoring Moshe Ferber CCSK, CCSP, CCAK, ACSP When the winds of change blow, some people build walls and others build windmills. Chinese Proverb “ ”
  • 25. 25 www.onlinecloudsec.com About myself Cloud Security Course Schedule can be found at: http://www.onlinecloudsec.com/course-schedule Founder, partner and investor at various cyber initiatives and startups Popular industry speaker & lecturer (DEFCON, RSA, BLACKHAT, INFOSEC and more) Co-hosting the Silverlining IL podcast – security engineering Founding committee member for ISC2 CCSP , CSA CCSK, ISACA CCAK certifications Member of the board at Macshava Tova – Narrowing societal gaps Chairman of the Board, Cloud Security Alliance, Israeli Chapter Information security professional for over 20 years
  • 26. 26 www.onlinecloudsec.com 01 Global, not-for-profit organization 02 Building security best practices for next generation IT 03 Research and Educational Programs 04 Cloud providers & security professionals Certifications 05 Awareness and Marketing 06 The globally authoritative source for Trust in the Cloud 26 www.onlinecloudsec.com About the Cloud Security Alliance To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing “ ” CSA Israel: Community of security professional promoting responsible cloud adoption.
  • 28. 28 www.onlinecloudsec.com Monitoring Tool set CSPM Cloud Security Posture Management • Protect management dashboard • Monitor for Compliance breachs, misconfiguration, Identity permissions CWPP - Cloud Workload Protection Platform • Protect Workloads (VM’s, Containers, serverless • Traditional end-point security (AV, VA ) ASPM - Application Security Posture Management • Orchestration the SDLC process, from development to deployment and testing CIEM - Cloud Identity & entitlement management • Monitor Identity information • Identity is more then humans - include services, workloads and more DSPM – Data Security Posture management • Govern and monitor of data silos across organizations • Support multiple services SSPM / CASB– SaaS security posture management • Evaluating SaaS providers • Focus on posture and compliance Cloud native application protection platform (CNAPP) IaaS/PaaS SaaS
  • 29. 29 www.onlinecloudsec.com CNAPP CSPM Cloud Security Posture Management • Protect management dashboard • Monitor for Compliance breaks, misconfiguration, Identity permissions CWPP - Cloud Workload Protection Platform • Protect Workloads (VM’s, Containers, serverless • Traditional end-point security (AV, VA ) • Should support new workloads (K8’s, FaaS) Cloud native application protection platform (CNAPP) Focus on IaaS/PaaS All cloud providers got internal solutions A must have solution How compliant I am with IS27001? Do I have misconfiguration issues? Which Workload has critical vulnerability ?
  • 30. 30 www.onlinecloudsec.com ASPM Application Security Posture Management • Orchestration of the SDLC process, from development to deployment & testing and ongoing operations • Integrates with CI/CD , testing tools and workflow tools for developers' friendly integration Focus on IaaS/PaaS Foundation for devsecops The newest solution What are my most vulnerable applications? Which sensitive data is exposed? What is the status of CI/CD security testing ?
  • 31. 31 www.onlinecloudsec.com CIEM Cloud Identity & entitlement management • Monitor Identity information • Identity is more then humans - include services, workloads and more Oriented at multicloud Considered to be a niche Identity is most challenging aspect in cloud Which users don’t have MFA? Which user has over privileges? Which user has hidden privileges?
  • 32. 32 www.onlinecloudsec.com DSPM Data Security Posture Management • Govern and monitor of data silos across organizations • From discovery & classification to realtime monitoring • Support multiple cloud platforms IaaS/PaaS/SaaS Considered to be a niche Has similar aspects to CIEM Do I have public PII? Where are my sensitive files? Who can access project X files?
  • 33. 33 www.onlinecloudsec.com SSPM SaaS Security Posture Management • Detect misconfiguration , excessive permission, compliance risks • A mixture of posture + online monitoring • Need to support multiple services Focus on SaaS GRC Mostly identity and compliance We used to call it CASB DO I have misconfigurations? Which 3rd party apps connected? Which SaaS application do we use?
  • 34. 34 www.onlinecloudsec.com SSPM – important capabilities SaaS Security Posture Management • Directly integrated to the SaaS service • Provide additional visibility, analysis and automation • Required features: • eDiscovery and classification • Logs analysis • Integration with SASE / SSE/ Secure browsing DO I have misconfigurations? Which 3rd party apps connected? Which SaaS application do we use?
  • 35. 35 www.onlinecloudsec.com SaaS Security Architecture SaaS service Organization Network Home Office SSE SASE/ZTNA Secure Browser SIEM/CDR SSPM Access Layer Conditional Access IDP MFA End Point Managment
  • 36. 39 www.onlinecloudsec.com Keep in touch Cloud Security Course Schedule can be found at: http://www.onlinecloudsec.com/course-schedule Moshe Ferber www.onlinecloudsec.com @FerberMoshe http://il.linkedin.com/in/MosheFerber 39 www.onlinecloudsec.com
  • 38. AI in the Hands of the Cyber Protectors 41 January 24, 2024 Tal Shapira, PhD CTO & Co-founder, Reco AI
  • 39. About me Researching GenAI in the context of cybersecurity for over a decade Tal Shapira Academia Industry/Business
  • 40. My Research Focus - CyberSec & AI GEN-AI NLP Knowledge Graph Learning Encrypted Internet Traffic Classification
  • 41. How Malicious Actors Can use GenAI? • Data/intel. collection - e.g. "list all the System Admins in Acme” • Advanced social engineering attacks - e.g. leveraging GenAI for phishing campaign - scale & dynamic • Dynamic malwares - e.g. generating polymorphic shellcode using GenAI And many more…
  • 42. GenAI & Cybersecurity Opportunities • Improve cybersecurity programs • Data enrichment (threat intel) • Discover unknown threats in real-time, • e.g. An unknown shadow app that uses GenAI in real-time • Phishing/malware detection • Policy/automation auto-generation GenAI can improve productivity & reduce the risk of data exposure Additional Reference: Jim Reavis, CEO of the CSA: “Hi ChatGPT, please help Cybersecurity”
  • 44. Anomaly Detection App Discovery & Consolidation Reco: Harnessing AI to Seamlessly Secure SaaS Mapping Misalignment of User Permission & Role Real Time Interaction Graph Detecting Risky Users Detecting Personal Email Accounts
  • 45. Leveraging AI to Detect SaaS Session Hijacking 48
  • 46. SaaS Session Hijacking • Malware and phishing techniques, like man-in-the-middle (MITM) attacks, can bypass login credentials and MFA, enabling attackers to gain direct control of an active session • Hijacking a session token allow an attacker access to authorized resources and administrative permissions granted to the user, facilitating lateral movement across applications
  • 47. 1 How to Obtain a Session Token? User logs into the IPD with credentials and ideally MFA Server provides authentication token to verify that user has proven identity. (Session token) IDP uses authentication token for SSO logins to connected applications. 1 2 3
  • 48. The attacker will attempt to insert themselves between the user and IDP, to get into the middle of the process How to Hijack a Session?
  • 49. The Trigger: Phishing In the simple MITM scenario, the attacker creates a persuasive phishing message to trick the user into clicking on a malicious link The email redirect the user to a seemingly legitimate login screen, which proxies the traffic through evilginx, allowing successful authentication and access using MS as an IDP To the user, everything appears normal
  • 50. The Redirect link The actor-controlled domain uses a domain-generation algorithm (DGA) pattern and a .XYZ top-level domain The “Keep My Password” button in points to a URL with a trusted domain followed by parameters, with the actor-controlled domain (c-hi[.]xyz) hidden in plain sight
  • 51. SaaS Session Hijacking in a Nutshell
  • 52. The Result • The attacker intercepts a number of sensitive details, including the user’s IP address, credentials, and most importantly, the session token • This allows the attacker to authenticate into the user session without ever needing login credentials or an MFA token
  • 54. Why Is It So Hard to Detect? • SaaS session hijacking is often executed discreetly • It’s difficult to detect because attackers reuse legitimate tokens and can establish persistence in connected applications
  • 55. Current Common Detection Methods • Impossible travel activity • Irregular time pattern • Log-in from an unrecognized device • Suspicious mail flow activity
  • 56. Problem with the Existing Solutions We are living in an hybrid workforce environment • Devices /UAs - unmanaged, multiple (mobile + desktop), multiple clients (apps + browsers) • IPs - Multiple networks (ISPs, organization VPN), 3rd-party apps • Working from home, working from office, working on-the-fly • Working all the time :) As a result → lots of False Positives (Alert Fatigue)
  • 57. Example CA, USA IP App to App connectivity Via OAuth2 Company AWS VPN West Europe Office Static IP NY, USA Phone ISP Home Wifi NC, USA TX, USA Desktop App Outlook via Browser Legitimate usages, but can trigger false session hijacking alerts M365 Active Directory
  • 58. Identity-Focused Solution We need to build a user baseline and organization baseline How? • Building a Temporal Organization Knowledge Graph based on entities and activities from the vast core SaaS applications • Identity Consolidation - by correlating all the identities (person, services, and apps) with their related accounts, across the entire SaaS environment (multiple apps) • Using Graph Machine Learning models to correlate identities with their activities, IPs, location, devices, 3rd-party apps, build a baseline and look for major changes over time
  • 59. Example - Application (Machine Identity) Consolidation 62
  • 60. Two Primary Forms of Usage Human (manual) - both by employees and 3rd parties, e.g. vendors/contractors. Machine - SaaS to SaaS connectivity and shadow applications. It became very easy to connect, multiple libraries/plugins that allow the connection. Therefore, it requires an Access Control Policy and App Governance Procedures
  • 61. Recap • Generative AI is a type of artificial intelligence technology that can produce various types of content, including text, imagery, audio and synthetic data • Retrieval-Augmented Generation (RAG) is an AI framework for retrieving facts from an external knowledge base to ground large language models (LLMs) on the most accurate, up-to-date information and to give users insight into LLMs' generative process Additional Reference: “What is generative AI? Everything you need to know” By George Lawton
  • 62.
  • 63.
  • 64. Solution: Using GenAI to Detect GenAI Apps More specifically - using Retrieval-Augmented Generation (RAG) Reference: AI Multiple, “Reimagining Contextualized SaaS Security with Generative AI”
  • 65. -0.013 ... 0.006 -0.001 Semantic Similarity Search Enriched App Name Text Embedding Model Text as vector
  • 67.
  • 68. Why Is Consolidation So Important? • Cross-App Analysis - • While on an account-level perspective an activity can be legitimate, on an identity-level perspective usually is not • E.g. a user is logged-in to multiple accounts (Google, MS, Zoom, Slack) via Israel, while a single-account (Salesforce) is suddenly being logged-in via Russia • Being able to build a baseline to remove noise - 3rd-party apps used by the identity, baselines IPs, organization's VPNs, etc.
  • 70. Knowledge Graph (KG) Representation Learning • A process in ML where algorithms extract meaningful patterns from raw KGs to create representations that are easier to understand and process • These representations can be designed for interpretability, reveal hidden features, or be used for transfer learning
  • 72. Deep Learning with Knowledge Graphs
  • 74. Baseline Representation • Identity representation observed at time t - • Organization baseline measured at time t - • Looking for major changes (using dynamic threshold)- three approaches: • Via Graph Representation Learning • Via Knowledge Graph Representation Learning
  • 75. Third Approach: Dynamic Unlink Prediction
  • 79. Key Takeaways • Attackers cleverly insert themselves between users and IDPs through persuasive phishing tactics, as a result they can bypass login credentials and MFA, and gain control on active sessions • This discreet method is hard to detect, as attackers reuse legitimate tokens, compromising entire SaaS environments. • Due to the dynamic nature of current organizations and hybrid workflows, current solutions result with many False Positives • Using AI technology and in-particular (knowledge) graph representation learning can help detect SaaS Session Hijacking and other sophisticated attacks in near real-time
  • 80. Thank You! Confidential Tal Shapira, PhD CTO & Co-founder, Reco AI
  • 81. Thank You! Questions? To be continued… https://www.linkedin.com/company/application-security-virtual-meetups