Cloud environments are attractive targets for hackers due to their complexity, which can make them difficult to defend. This presentation will cover three crucial strategy cloud security that can greatly impact your cloud's security posture. We'll kick off by exposing common vulnerabilities that hackers exploit to compromise cloud environments. Then, we'll dive into effective mitigation strategies in three areas and show you how to implement t...

Attackers have been breaching the cloud for years by stealing long-lived credentials. To combat these attacks, cloud providers have been building improved authentication workflows for external identity providers. This workshop explores Workload Identity Federation and how you can replace long-lived cloud credentials with short-lived tokens signed by an OpenID Connect identity provider. Join Eric Johnson, author of the open-source Nymeria proje...

It seems like a new IT or cybersecurity acronym is born every two days, but no one wakes up saying, “I need to solve my XMPFSCLR problem.” Instead, IT and security teams have to translate acute, urgent challenges into industry category-speak just to understand what tools can solve their problems. In this webinar, we’ll deconstruct two distinct and growing categories – Cyber Asset Attack Surface Management (CAASM) and Sa...

Today’s cyberattacks use any means necessary to gain access. As enterprises continue to shift to hybrid and multi-cloud environments, embrace digital identities, digital supply chains, and ecosystems — SOC teams are continuously faced with more. More attack surface for attackers to exploit and infiltrate. More methods for attackers to evade defenses and progress laterally. More noise, complexity and hybrid cloud attacks and inciden...

This talk delves into the pervasive integration of Artificial Intelligence (AI), specifically Language Models (LMs), within the current OSINT landscape. Jeff will discuss the art of uncovering the deployment of Large Language Models (LLMs) across social media posts, product reviews, and academic settings by examining linguistic patterns and using multiple tools to uncover TTP's used by threat actors. Attendees will gain insights into effective...

Love it or loathe it, the fact remains cybersecurity constantly changes. Adversary techniques evolve, and our cyber defenses must likewise. In this talk, SANS Fellow Seth Misenar explores the current state of threat detection and highlights opportunities to mature security operations to achieve better cyber protection, detection, and response.

Have you ever wondered about the security of your cloud environment and how to enhance the posture? In this session, we will guide you through the eight fundamental domains of cloud security in today's organizations. Our aim is to help you comprehend the key areas that need to be secured in the cloud. We'll cover topics such as Identity & Access Management and cloud security governance, and provide an overview of essential capabilities in...

The ICS threat landscape has changed significantly in the last few years with the discovery of more ICS-specific scalable attack frameworks. In the 2023 SANS ICS/OT Cybersecurity Survey, Certified Instructor Dean Parsons will ask key questions and analyze answers to explore how critical infrastructure defenders across all sectors are constantly adapting to address new challenges and threats in ICS/OT security. Join us for this webcast event as...

Organizations are becoming multicloud by choice or by chance. Many of them integrate their multiple clouds with one another to improve Availability, support Disaster Recovery, and leverage the services from each provider that best fits their needs. These integrations are usually supported with long-lived credentials. These credentials are much more valuable to attackers than those that are short-lived. Even following best practices will leave...

In the 1990s, government agencies, industry groups, and cybersecurity researchers started creating cybersecurity standards, and these standards led to cybersecurity regulations and laws that dictate to organizations what they must do to protect their data. Today, there are dozens of standards dictating thousands of cybersecurity controls that organizations can consider when building their cybersecurity plans. Every year more standards are rele...