Expanding on some of the key findings of the SANS DevSecOps Survey, this webcast will provide example metrics that leadership can use to gauge DevSecOps maturity. Join SANS instructor Kenneth G. Hartman and Veracode’s Product Security Director Ryan O’Boyle as they discuss the role of DevSecOps metrics in determining effective objectives and key results (OKRs) and making data-driven decisions. The webcast will cover how to: Devise...

As organizations actively migrate applications and computing environments to the public cloud, it is important to integrate security throughout the cloud adoption journey. SANS has developed a Cloud Maturity Model to help organizations measure their progress in the cloud security journey. In this talk, we will discuss the content of the Cloud Maturity Model, how it is suitable for organizations like yours, and the best practices on how the mo...

Operational technology (OT)/industrial control system (ICS) security is an ever-changing and evolving field required to continually adapt defense strategies to meet new challenges and threats—all while maintaining the safety and reliability of facility operations. This event will focus on how OT/ICS defenders across all industries meet these challenges, and will highlight key areas to help defend critical infrastructure moving forward, i...

When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivalled source of evidence and visibility. Open-source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating...

In this presentation, we will explore how to set up red team scenarios in your cloud native environment with open source tooling. From there we will go through capturing high fidelity alerts for these scenarios with audit logging tools that are readily at your disposal today.

News Flash: You’re not just responsible for your own organization’s risk anymore. You need to watch out for your friendly, and sometimes not-so-secure, business partners, too. Third-party risk assessment is crucial to the defensibility of your cyber ecosystem, yet the task can be daunting. How do you know whether a third party has been the victim of a security breach? Which ones are most likely to experience a ransomware attack? W...

Today’s cloud environments are large, multi-faceted, and dispersed. They have a myriad of options for selection, configuration, security, and functionality. Add on more than one of these environments (AWS, GC, Azure, Oracle, Digital Ocean, etc) and the number of potential issues skyrocket! If you have custom applications, developers, databases, and any of the hundreds of other common items in your arena, your chances of having exposed v...

With rapidly changing computing platforms, a growing threat landscape, and a shift to a remote workforce, managing vulnerabilities is more challenging than ever. We are all looking for answers and we all want to know how our peers are doing in their fight and what we can learn from each other to make our systems, applications, and networks more secure and resilient. This webcast event will examine results from the SANS 2022 Vulnerability Manag...

The realm of cloud security is rapidly expanding and evolving. Security teams have a lot to keep up with, and need to know the latest and greatest cloud security services, controls, trends, and technology innovations that are helping to secure cloud access, services, and assets in a widely diverse set of cloud environments. In the Cloud track at Cyber Solutions Fest 2022, leading solution providers and practitioners will highlight the newest t...

One of the most prolific attacks over the past few years, that has touched nearly every industry and kept security professionals up at night, is ransomware. Ever-looming as the threat that can bring an organization to a halt, we have seen an explosive growth in ransomware and extortion attacks. Driven by never-ending vulnerabilities and automated attack tools, ransomware shows little signs of slowing down. It is time to change that pace. Join...