Top 13 Cloud and SaaS Security Talks at RSA 2022

Adaptive Shield Team

Every year the leaders and entrepreneurs of the cybersecurity world come together for four days for the annual RSA Conference. During these four days, visitors gain insight, join conversations, and experience solutions that could make an impact on their businesses and careers.

Finally, after many years of the event being virtual, RSA is back in its physical form. This year’s conference will feature numerous presentations from industry leaders offering unique insights and fresh perspectives on the world of cloud and SaaS security. We have gathered a list of the 13 top talks taking place at RSA 2022.

Security Industry Call-to-Action: We Need a Cloud Vulnerability Database

Pete Chronis, SVP,CISO, ViacomCBS

Ami Luttwak, Chief Technology Officer & Co-Founder, Wiz

John Yeoh, Global Vice President of Research, Cloud Security Alliance

Tuesday, Jun. 7, 2022 9:40 AM – 10:30 AM PT

The shared responsibility model is broken. As companies fail to keep up with cloud complexity, vendors and cloud providers each continue to maintain inconsistent sets of cloud misconfigurations to track. This panel of experts will debate the need for extending the current CVE model to become more cloud friendly and discuss how CSA is leading the charge.

The SaaS RootKit: A New Attack Vector for Hidden Forwarding Rules in O365

Maor Bin, CEO and co-founder of Adaptive Shield

Wednesday, Jun. 8, 2022 1:15 PM – 2:05 PM PT

Adaptive Shield security experts found a new SaaS vulnerability within Microsoft’s OAuth application registration. This vulnerability allows anyone to leverage the Exchange’s legacy API to create hidden forwarding rules in O365 mailboxes. This talk will demo the OAuth registration process in Microsoft as well as the use of the new vulnerability.

BoF: Do You Really Know What Your Attack Surface Looks Like?

Mary Yang, Chief Marketing Officer, LookingGlass Cyber Solutions

Monday, Jun. 6, 2022 10:50 AM – 11:40 AM PT

For many organizations, reducing their attack surface has become a critical goal. Yet vulnerabilities and vectors continue to be exploited. Organizations are left asking themselves what they can do to get a better handle on their attack surface? This Birds of a Feather will dive into not only the growing challenges but also the best practices for managing one’s attack surface.

Network Based Threat Hunting: Lessons Learned, Techniques to Share

Tal Darsan, Manager, Managed Cybersecurity Services, Cato Networks

Etay Maor, Sr. Director Security Strategy, Cato Networks

Monday, Jun. 6, 2022 2:20 PM – 3:10 PM PT

Network based threats have evolved and are finding new ways to evade security solutions. This session will take a look at different case studies and techniques that organizations can use when implementing network based threat hunting and show how teams can face cloud native threats with a cloud native security approach.

Why Zero Trust Network Access is Broken, and How to Fix It

Michael Coden, Senior Advisor, Boston Consulting Group

Colin Troha, Managing Director, Boston Consulting Group

Tuesday, Jun. 7, 2022 8:30 AM – 9:20 AM PT

The concept of work has shifted from office buildings to something that can be done anywhere at any time. Point products, VPN, and “trusted” network zones no longer provide the protection they once did. In fact, now they introduce risk. Securing hybrid work requires a fundamental change that challenges traditional security approaches and exposes legacy architectures.

Shift-left! Scanning for Security Compliance from Day Zero

Rohit Joshi, SecDevOps Engineer, SAP

Joseph McCrea, DevSecOps Engineer, SAP

Wednesday, Jun. 8, 2022 8:30 AM – 9:20 AM PT

When migrating to public cloud, organizations introduce new attack surfaces which are usually the exploitation of misconfigured resources. It raises the question: how are threats detected in a cloud that contains millions of resources? This talk will discuss the journey from security policy documentation to scanning and detecting security compliance violations in product infrastructure from the start of the development life cycle.

Can A Real Security Platform Please Stand Up?

Petko Stoyanov, Global CTO, Forcepoint

Wednesday, Jun. 8, 2022 1:15 PM – 2:05 PM PT

The security industry has reached a breaking point. The never ending line of technologies are doing the same thing over and over. Analysts have agreed that true platforms are the new path forward. This session offers insights on what distinguishes “real” platforms and how they’re making security simpler.

The Cloud Gray Zone: Vulnerabilities Found in Azure Built-in VM Agents

Nir Ohfeld, Senior Security Researcher , Wiz

Shir Tamari, Head of Research, Wiz

Wednesday, Jun. 8, 2022 1:15 PM – 2:05 PM PT

A new risk for cloud users has arised that relates to software being run by the cloud providers within the customer cloud. A chain of critical vulnerabilities found in Azure built-in VM agents affecting almost every customer using Azure. The question addressed in this talk then becomes: who owns the fix?

The State of Application Protection 2022

Sander Vinberg, Threat Research Evangelist, F5

Wednesday, Jun. 8, 2022 1:15 PM – 2:05 PM PT

This presentation features the 5th annual Application Protection report from the F5 Labs team. The session will focus on the trends and data from multiple angles and help provide an overall picture of the application security threat landscape. The session will dive deep into application-related security breaches and cloud security with some never-before-seen data.

Panel Discussion: Aligning Cloud Risk with Business Risk

Maor Bin, CEO and Co-Founder of Adaptive Shield

John Yeah, Global Vice President of Research, CSA

Mikko Disini, Vice President of Product Management, A10 Networks

Avi Shua, Chief Executive Officer and Co-Founder, Orca Security

Jun. 6, 2022 9:45 AM – 10:30 AM PT

The last few years have shown an accelerated adoption of cloud products and services. Many organizations have moved quickly towards digital transformation in order to stay engaged with customers and employees and keep pace with the competition. What are the challenges when tracking cloud and other digital assets? Are businesses measuring the risk associated with these assets? The panel discusses the cybersecurity risks organizations face in today’s digital world and whether security teams are properly supporting business transformation decisions.

Transforming Security Champions

Tanya Janca, Founder and CEO, We Hack Purple

Monday, Jun. 6, 2022 8:30 AM – 9:20 AM PT

As security teams become vastly outnumbered, many organizations have responded with different program scaling methods, including building security champions programs. Which leads to questions: How does a security champions program work? How are champions selected? This talk outlines the path for success, touching on recruitment, engagement, teachings, recognition, reward, and more.

Elite Security Champions Build Strong Security Culture in a DevSecOps World

Christopher Romeo, CEO, Security Journey

Monday, Jun. 6, 2022 9:40 AM – 10:30 AM PT

Many people have a Security Champion program, but not all of them are effective. This session will map out the qualities of an elite Security Champion program in the DevSecOps world, for those who don’t have a program and those whose programs need a reboot.

Is a Secure Software Supply Chain Even Possible, Let Alone Feasible?

Steven Lipner, Executive Director, SAFECode

Tony Sager, Senior VP and Chief Evangelist, Center for Internet Security

Monday, Jun. 6, 2022 2:20 PM – 3:10 PM PT

Many concepts discussed in software supply chain security are derived from old-fashioned material goods supply chains. The word “chain” is a broken metaphor for security. The “web” of software supply would be more appropriate. This session will present and discuss alternative models from other industries that developers should use. These are a mix of standards, some testing, and some enforcement.

Conclusion

These 13 talks can be a great kick off, inspiring middle, or a sweet ending to your RSA experience so make sure to pencil them into your schedule.

Claim your $150 discount on a conference ticket and make sure to visit us at booth #1655 in the Moscone South Expo for great prizes and fun games. We look forward to seeing you there!

About the writer

Adaptive Shield Team

Businesses today run nearly every facet of their operations using a wide array of interconnected SaaS apps. Adaptive Shield’s team is here to keep you informed as well as help you secure your SaaS estate.