Bits of Security | Datadog

Bits of Security

Datadog invites you to participate in our multi-day security conference. We'll explore security across a variety of defensive topics. Learn from industry leaders in key areas like supply chain, vulnerability assessment, and appsec.

The past year introduced a plethora of challenges for security practitioners. While the range of cyber attacks has been vast, these attacks have been confronted with creative defense tactics and techniques. Join Datadog for a practitioner-focused event where we will examine the “Art of Defense,” which will include a range of topics from social problems to engineering challenges around supply chain attacks.

Attendees will receive practitioner level guidance across a variety of security topics and walk away with actionable insights that can be applied within their own organizations. They will also have the opportunity to attend talks led by security industry experts as well as Datadog’s internal security team. To wrap up the event, attendees can participate in a hands-on Capture-the-Flag workshop held on day three. Don’t miss this opportunity to learn more about Datadog’s security approaches and how to strengthen your organization’s defense tactics and techniques.

March 30 - 11:15 a.m. EDT
Security talks from technologists at Twitter, Fastly, Snyk.io, Expel.io, PedidosYa

March 31 - 11:30 a.m. EDT
Datadog on Security and Compliance

April 1 - 11:00 a.m. EDT
Datadog x Hack The Box: Capture the Flag

Speakers

laura_thomson_200x200.png
Laura Thomson Fastly
Read full bio
liran_tai_200x200.png
Liran Tal Snyk.io
Read full bio
kelly_kaoudis_200x200.png
Kelly Kaoudis Twitter
Read full bio
santiago_rosenblatt_200x200.png
Santiago Rosenblatt PedidosYa
Read full bio
peter_silberman_200x200.png
Peter Silberman Expel.io
Read full bio
dan_whalen_200x200.png
Dan Whalen Expel.io
Read full bio
hackthebox_logo_200x200.png
Hack The Box
Read full bio
emilio_escobar_200x200.png
Emilio Escobar Datadog
Read full bio
andrewkrug.png
Andrew Krug Datadog
Read full bio
kirk_kaiser_200x200.png
Kirk Kaiser Datadog
Read full bio
andrew_spangler_200x200.png
Andrew Spangler Datadog
Read full bio

Tuesday, March 30

11:15–11:30
11:15–11:30
Introductions
11:30–12:00
11:30–12:00
Hell Is Other People’s Code: Supply Chain Security (and what it means for you) (Fastly)
12:00–12:30
12:00–12:30
Stranger Danger: Finding Security Vulnerabilities Before They Find You! (Snyk.io)
12:30–13:00
12:30–13:00
Fraud Detection using Datadog and Sherlock (PedidosYa)
13:00–13:30
13:00–13:30
"db.topics.insertOne({name:"Database observability for security purposes"})"
13:30–14:00
13:30–14:00
Application Security at Scale (Twitter)
14:00–14:30
14:00–14:30
Security Panel with Industry Leaders
14:30–15:00
14:30–15:00
Datadog Product Demo

Wednesday, March 31

11:30 EDT
11:30 EDT
Datadog on Security and Compliance

Thursday, April 1

11:00 EDT
11:00 EDT
Datadog x Hack The Box: Capture the Flag

Session Details

Hell Is Other People’s Code: Supply Chain Security (and what it means for you)
Laura Thomson, Vice President of Engineering
Fastly

Millions of lines of other people’s code runs in your environment. Today, a new vulnerability is reported in a third party library. Are you affected? What systems are at risk? How would you even know the answers to these questions? In this talk I’ll discuss why supply chain security matters, how problems occur, and how you can improve your visibility into and response to these risks.

Fraud Detection using Datadog and Sherlock
Santiago Rosenblatt, Head of Information Security, Application Security
PedidosYa

From day one, most organizations,especially the big ones, are targeted with a broad range of attacks. These range from information exfiltration attempts to fraud. Although a great majority of them can be addressed with the help of a Web Application Firewall, there are some that require more extensive tooling.

Join me as I show you how we use Sherlock and Datadog to block 30,000+ fraudulent users per week in seconds. We will also discuss other applications and how you can implement similar solutions.

Security Panel
Have a question you’ve been wanting to ask about security at scale, supply chain, or managing great security teams? Join our speakers, industry experts, and Datadog’s very own CISO for an AMA on the “Art of Defense.” We’ll explore all of the topics from the conference speaking sessions and open the door to questions on what we may see from attack and defense in 2021 and beyond.

Application Security at Scale
Kelly Kaoudis, Sr. Software Engineer
Twitter

At Twitter, the Application Security team’s mission is to make developing secure-by-default software the easy path. Lately, we’ve been modernizing Twitter’s approach to OWASP Top 10-listed web application security risks like XSS and CSRF. This work involves scaling older mitigations, which were not initially built to protect entire distributed systems, to Twitter's scale. This talk will cover some of the challenges we encountered when adapting our work to bigger distributed systems, and how we integrated within existing Twitter-wide security systems, simplified adoption for engineers, and improved visibility of our work within Twitter.

Stranger Danger: Finding Security Vulnerabilities Before They Find You!
Liran Tal, Director of Developer Advocacy
Snyk.io

Open source modules on the NPM ecosystem are undoubtedly awesome. However, they also represent an undeniable and massive risk, since you’reintroducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce critical vulnerabilities into your application, exposing your application and your user's data. This talk will use a sample application, Goof, which uses various vulnerable dependencies, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and—most importantly—learn how to avoid or fix it.

"db.topics.insertOne({name:"Database observability for security purposes"})"
Peter Silberman, CTO
Dan Whalen, Principal Detection & Response Engineer
Expel.io

Is your database the elephant in the SOC? In this talk, we'll dive into an oft-ignored topic: database security monitoring. Using MongoDB Atlas as an example, we'll wipe the cobwebs off ‘ye olde' architecture diagram and brainstorm together about what a great monitoring strategy looks like. You'll leave this talk with a handful of detection opportunities based on data you likely already have at your disposal.

Datadog on Security and Compliance
Kirk Kaiser, Evangelism Team Lead
Andrew Spangler, Information Security Team Lead for SRC
Datadog

At Datadog, customer trust and data security are of the utmost importance.

As a high growth company, navigating the tradeoffs of security and development agility are especially critical. Our customers expect us to continually improve our platform, while providing a compliant, secure environment for their most critical data. Balance is key to rolling out features rapidly and keeping systems secure.

In this episode of “Datadog on,” join Kirk Kaiser and Andrew Spangler, Team Lead for Information Security, as they talk about how Datadog approaches compliance in a multi-cloud, multi-region, and multi-security level environment.

They’ll discuss how Andrew and his team encourage organization compliance collaboration across teams, while still giving space for teams to get their work done. They’ll also touch upon some tools enabling automated security and compliance, and discuss strategies and organizational challenges that apply to multi-cloud.

Datadog x Hack The Box: Capture the Flag
The Datadog x HTB CTF will demonstrate the value of purple teaming by showcasing both offense and defense. Players will hack into systems, then identify how those attacks were detected in the Datadog platform.

What is Capture the Flag?
Capture the Flag is the best way to challenge yourself, learn and push your limits till you lose your bits! You have to solve, aka hack, a number of challenges in a specific timespan. The one that solves more challenges first, is the ultimate winner. The Challenges vary in different categories such as Web, Crypto, Pwn, Reversing, Forensics, Cryptography and so much more and the difficulty varies. Got what it takes?

What you will experience during a Hack The Box Capture the Flag:

  • Fresh, Curated Content: Top-quality hacking content created by the Hack The Box team.
  • Gamified Hacking Experience: Hacking never felt so fun. Compete, capture all the flags, and climb up the scoreboard.
  • Team Building: CTFs empower team work. Test your leadership skills, while your team can show true collaboration spirit.
  • Refresh your Hacking Skills: Time to think outside the box, refresh your skills, practise common techniques, and explore new ones!
  • Definition of ESports: Updated live scoreboard, visible by both players and visitors, team management and awesome user interface

Registration for this event is closed.

By attending this event I acknowledge that I may be exposed to information which the Exhibitor, Datadog, Inc., considers confidential and wishes to limit the disclosure of. I hereby agree to keep such information confidential and to not disclose such information to any third parties. I further represent that I am not employed by a competitor of the Exhibitor and am not attending this Event with the intent to access any such confidential information or gain a competitive advantage for my employer. I hereby give permission to the Exhibitor to use my image, likeness, appearance, voice, and any written or spoken testimonials given by me in connection with the marketing and promotion of this Event and/or any Datadog products or Events.