As more organizations today struggle to keep up with the threat landscape, detection and response capabilities can suffer, too. This is often due to a lack of expertise on-staff, or a lack of staff altogether. Increasingly, many security teams are turning to managed detection and response (MDR) providers to help shore up their defenses. In the past several years, the breadth and capabilities of MDR providers have expanded considerably, often i...

The pace of IT change has become difficult to keep up with for SOCs. The SOC team should use the SOAR platform to gain insight on what the SOC does and perform it with greater speed, precision, and consistency. The challenge is SOAR tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of...

The intelligence cycle is a six-step process to gather, analyze, and disseminate intelligence information. During the webinar, we will discuss how ChatGPT, an AI-based language model, can assist in each phase of this process. We’ll provide real-world examples of ChatGPT being used to drastically reduce the time it takes to go from concept to functionality and to help us learn while we’re using it.

Most companies with cloud infrastructure have implemented multiple security posture tools, along with compliance management and identity access management – but breaches still happen. A recent IBM study found that organizations take an average of 207 days to uncover breaches and another 70 days to remediate. Configuration and vulnerability management are important for compliance reporting but not enough to intercept cloud breaches. In th...

The hard skills required to be successful in the cyber security industry are constantly evolving. The evolution of technology and the ever-evolving threat landscape have contributed to a new world of hard skills cyber security professions need to be well versed. Acquiring additional skills will not only help you better protect your organization, but also help grow your successful career in this dynamic industry. Knowing what skills to acquire...

This workshop is structured around teaching students how to construct access to shared datasets in S3 and more broadly, cementing in their minds the threats to consider when using cloud-native storage. Students will dive headlong into a case study where they will serve as the Cloud Security Architect Consultant for a fictional company undergoing the growing pains of a nascent cloud migration. Tasks in this workshop challenge the student to fir...

As with any enterprise environment, we can (and should) focus on hardening our defenses to keep the adversaries out, but these defenses may some day be evaded via a variety of methods. Cloud is no different. We will discuss the process of creating a detection that we can use as defenders to spot an adversary performing attack techniques against our AWS environments. The overall process and takeaways will be: Establish proper logging to detect...

Performing audits on organizations of any size is no easy task. Successful audits require communication amongst various functions and auditors; all of whom may be operating on different timetables, with different requirements and defined areas of responsibility. Each moment wasted on trying to “gather” audit information is time spent not performing the audit. In this SANS First Look, we examined Drata’s Audit Hub, a part of t...

Learn how to apply the European Cybersecurity Skills Framework (ECSF) to your talent needs within your organization. Developed by The European Union Agency for Cybersecurity (ENISA) we will discuss how to use the framework along with how it can be applied to meet the standardization of the work roles within your security teams. The ECSF helps to build a common language in the workforce that allows you to work with other cross-sectors to build...

Designed for security leaders tasked with managing a growing attack surface, the SANS Attack Surface Management Solutions Forum will take place on March 8, 2023 as a virtual event. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the operational challenges associated with organizations’ ever-growing attack surfaces. Contributing...