Todays security operations centers (SOCs) do not have the time, energy, or resources to keep pace with the evolving threat landscape. Security teams need to be able to secure their organizations by doing more with less. This can be achieved with security orchestration, automation, and response (SOAR). Rather than being bogged down by arduous manual tasks, SOAR empowers your SOC by leveraging your existing people, processes, and technology to i...

All facts are theory generated, and "truth" depends on what people collectively believe the truth to be. The prevalence of deception in human affairs is facilitated by an innate human desire for order, predictability, structure, and control. It is this tendency that makes us vulnerable to accepting vendor truths. By perpetuating vendor "truths", vendors assert their control over buyers and beyond. And unwittingly, folks are locked into paradig...

Gartner predicts that over 40% of companies will adopt a SASE architecture in the next several years. And yet there is no single industry standard view on what constitutes SASE, or it's practical deployment. Direct-to-Cloud SASE security integrates legacy network security functions (such as VPNs, firewalls, secure web gateway appliances, standalone IdP and MFA) with cloud security (i.e. CASB). With a modern security architecture, IT teams can...

As the world continues to endure ongoing global disruption, cyber-attackers have been constantly updating their tactics in light of emerging trends. According to MIT Technology Review, 121 million ransomware attacks were recorded in the first half of 2020, each one attempting to encrypt private data and extort payment for its release. The automated elements of these attacks, malware that moves faster than security teams can respond, is one of...

All facts are theory generated, and "truth" depends on what people collectively believe the truth to be. The prevalence of deception in human affairs is facilitated by an innate human desire for order, predictability, structure, and control. It is this tendency that makes us vulnerable to accepting vendor truths. By perpetuating vendor "truths", vendors assert their control over buyers and beyond. And unwittingly, folks are locked into paradig...

In a post compromise world, SecOps personnel cannot afford to be blind to any potential threat vector. The positioning of EDR and firewalls severely limit the breadth of visibility that SecOps can provide, while the inherent limitations of older technologies like IDS fail to provide the necessary details to adequately detect and investigate modern threats. These limitations have created the need for a network detection and response platform th...

This talk reviews each of the five pillars of the Well-Architected Framework and analyzes how best practices for each of the respective pillars contribute to a more secure and operationally excellent environment. Jonathan will discuss why you should add the WAF to your RMF and your CSF, and the tools to succeed in any Cloud.

ZIP file full of CSVs. In this session, we will explore how to use data extracted from our environments to present tactical and strategic visualizations to the organization. Beginning with ad-hoc, tactical, automated import into Microsoft Excel for use in pivot tables and charts, we will then move on to using dashboard tools like Grafana to visualize trends in measurements over time. The session will focus on demonstrations of the techniques d...

Equipped with a knowledge of how to use PowerShell, the audit/compliance/security professional can start gathering measurements of systems and networks. In this session, we use PowerShell to extract data from Windows systems, Active Directory domains, VMWare infrastructure and even Linux systems. We will also explore how to extract data from APIs provided by our security tools. Demonstrations will be used to reinforce the concepts. Objectives...

Review of the top used AWS services and which security features you dont want to forget about. Highlighting applicable CIS AWS Foundations Benchmark recommendations And calling out any other security controls that should not be overlooked