Get a preview of material directly from SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. There are many stages in the attack lifecycle in which we can detect or prevent an (advanced) attacker from getting closer to their final objectives. One thing we always come across however is that the attacker likes to persist in your environment, be it for two days, two months, or two years. It is important fr...

This webinar is a preview of a new report - the updated version of the Top 20 Cyber Attacks on Industrial Control Systems. The attack "ruler" of 20 standard attacks now includes nation-state-grade ransomware, IT-targeted ransomware that triggers "abundance of caution" OT / ICS shutdowns, IT-targeted ransomware that triggers OT shutdowns when IT systems vital to OT networks are impaired, and other timely updates. Cloud-seeded ransomware / supp...

If Zero Trust, flexible deployments, customer service, or simplifying your journey to the cloud matter to you, there are 10 things you may not know about Symantec – but you should.The security landscape continues to evolve at a blistering pace, and there are so many great things going on with Symantec, it’s sometimes hard to keep track. Meanwhile, what you may have heard from the newest kids on the block is often meant to seed fea...

So you have a vulnerability management program. Great. Excellent. But are you able to let the management team know if it is being effective or not? In this final Vulnerability Management series webcast, join Jonathan (MGT516 co-author and SANS certified Instructor) as he discusses how to show your program is being effective through metrics and measures. He will discuss metrics that a new program can start creating and generating on day 1 as we...

Get a preview of material directly from SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. There are many stages in the attack lifecycle in which we can detect or prevent an (advanced) attacker from getting closer to their final objectives. One thing we always come across however is that the attacker likes to persist in your environment, be it for two days, two months, or two years. It is important fro...

Securing digital supply chains is of paramount importance to enterprises and government agencies: executive orders demand this security, boards are asking for it, and markets are reacting to it. But with today’s large, comlex, multinational, multi-threaded supply chains, where do we start? Securing the firmware in these supply chains – the embedded code that comes with nearly every device, chip, component or “thing” ...

There are many business challenges affecting Network Operations and Security teams. CIOs and CISOs alike are finding it more and more difficult to keep up with the sophistication and increasing frequency of modern-day and zero-day threats, while also building a highly collaborative and effective IT team. As businesses today focus more and more on security, there is a need to think outside the box in order to properly mitigate risks and drive n...

This webcast will provide deeper insight into the threats highlighted during the annual SANS keynote panel discussion at the RSA® Conference 2022. The webcast will include insight from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the dangerous new attacks techniques they see emerging. We will also include actionable advice on the critical skills, processes, and controls needed to protect enterprises...

Regardless of the industry you work in, all large companies have at least a few network segments that are highly sensitive to network probes and scans. Most of the time these are due to legacy systems, especially when those legacy systems are embedded devices not running Windows or Linux. This keynote session will explore the most common issues that cause legacy systems to crash/hang and provide a range of recommendations to configure your sc...

This session will walk through a demonstration of Pentera: The Automated Security Validation solution. Organizations over the years have been following a defense in depth model to protect their critical assets. While this strategy makes sense; the tools, processes, and procedures surrounding this initiative have grown significantly. How confident can organizations be that each layer and the enormous effort undertaken is working effectively? D...