A lot of offensive security professionals have experience weaponizing simple vulnerabilities, but may not have worked much with bug discovery. Join Jim Shewmaker and Stephen Sims as they talk through fuzzing concepts and methodology, and then jump into a demonstration on setting up a modern fuzzing harness. What should you fuzz for? What types of fuzzing is there? How do you know if a bug is weaponizable? We’ll aim to answer these questi...

In The 2021 State of Enterprise Breaches, Forrester® found that enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach. Ensure your team is prepared for advanced threat actors. Join this fireside chat with Niall Browne, CISO at Palo Alto Networks, and guest speaker Allie Mellen, senior analyst at Forrester. They’ll candidly discuss digital transformation, SOC automation and tactical securit...

Times are changing as we continue to innovate. We have moved from monolithic applications to microservices, APIs, serverless functions, and cloud services that are continuously changing and thus making them harder to secure.Traditional security solutions of the past have failed us and will not work with the latest technologies. During this solutions track, we will learn and focus on how to protect the next generation of applications. Presentat...

Year after year successful phishing attacks on end users and system administrators are found to be the factor that enables over 80% damaging security incidents. This points out the need for two key security initiatives: replacing reusable passwords with multifactor authentication and making users less likely to fall for fraudulent messages. During this SANS What Works webcast,SANS Director of Emerging Security Trends John Pescatore interviews...

Security practitioners love to hear about cool new technologies, best practices, and things that work. But we often learn much more from failure than from success. With that in mind, this talk will cover my ten favorite “learning moments” from over 21 years of defending enterprise networks. I’ll cover epic fails in my time as a SOC analyst defending Pentagon networks, a project manager building 24/7 operations at the White Ho...

Now more than ever, decision makers need actionable and contextualized threat intelligence to increase cyber resilience and to enable mission or business objectives. How can contextual threat intelligence (CTI) allow heads of cybersecurity departments, security strategists, CISOs, SOC managers, threat detection engineers, analysts, hunters, and responders, to make better strategic, operational, and tactical decisions? How can CTI allow organiz...

Cloud changes everything, including how we do threat detection and incident response in the SOC. As we continue to transform our attack surfaces – with expanding cloud environments, multi-cloud, public and private cloud, and the proliferation of SaaS -- how do we make sure our security strategies are keeping pace? In this thought-provoking webinar with Anton Chuvakin, sponsored by CardinalOps, we’ll examine critical questions such...

It's easy to feel overwhelmed as part of a security team. Every day, analysts have to stare down the perils hidden at the center of the SOC ' too much noise, too much manual remediation and too many missed threats. It's time to integrate automation and machine learning into every step of your security voyage. Join us for a live, thrill-packed, Journey to the Modern SOC and learn how to: Stop wasting effort on small tasks a smart security platf...

In 2021 I did a SANS Tech Tuesday Workshop on Cloud Attacks and Incident Response. In the past year, we've seen attacks against the cloud grow at an alarming rate, notably against Software as a Service (SaaS) platforms and hybrid application-to-cloud privilege escalation attacks. It's hard to stay current and to keep up with attack trends. In this SANS Workshop, I want to help get you up to speed on attacks against cloud applications including...

Save your SOC team hundreds of hours on daily tasks. What does an ideal day in the SOC look like? It certainly wouldn’t include what you’re facing now with an endless stream of alerts, user requests and ad hoc fire drills. But you’re not alone. According to USNews, security analyst jobs rank in the top 25 most stressful jobs. It’s time to step back from the daily fray to focus on critical threat hunting and proactive pl...