This talk delves into the pervasive integration of Artificial Intelligence (AI), specifically Language Models (LMs), within the current OSINT landscape. Jeff will discuss the art of uncovering the deployment of Large Language Models (LLMs) across social media posts, product reviews, and academic settings by examining linguistic patterns and using multiple tools to uncover TTP's used by threat actors. Attendees will gain insights into effective...

Love it or loathe it, the fact remains cybersecurity constantly changes. Adversary techniques evolve, and our cyber defenses must likewise. In this talk, SANS Fellow Seth Misenar explores the current state of threat detection and highlights opportunities to mature security operations to achieve better cyber protection, detection, and response.

Have you ever wondered about the security of your cloud environment and how to enhance the posture? In this session, we will guide you through the eight fundamental domains of cloud security in today's organizations. Our aim is to help you comprehend the key areas that need to be secured in the cloud. We'll cover topics such as Identity & Access Management and cloud security governance, and provide an overview of essential capabilities in...

The ICS threat landscape has changed significantly in the last few years with the discovery of more ICS-specific scalable attack frameworks. In the 2023 SANS ICS/OT Cybersecurity Survey, Certified Instructor Dean Parsons will ask key questions and analyze answers to explore how critical infrastructure defenders across all sectors are constantly adapting to address new challenges and threats in ICS/OT security. Join us for this webcast event as...

Organizations are becoming multicloud by choice or by chance. Many of them integrate their multiple clouds with one another to improve Availability, support Disaster Recovery, and leverage the services from each provider that best fits their needs. These integrations are usually supported with long-lived credentials. These credentials are much more valuable to attackers than those that are short-lived. Even following best practices will leave...

In the 1990s, government agencies, industry groups, and cybersecurity researchers started creating cybersecurity standards, and these standards led to cybersecurity regulations and laws that dictate to organizations what they must do to protect their data. Today, there are dozens of standards dictating thousands of cybersecurity controls that organizations can consider when building their cybersecurity plans. Every year more standards are rele...

The financial services industry continues to be a popular attack target, in large part due to the sensitive data and personal information financial institutions safeguard. These institutions are subjected to data scraping, credential stuffing, network intrusion attempts, and more — all while needing to provide fast, reliable service for their end-users and remain compliant with the strictest possible privacy and security regulations. Q2...

Adversaries get to hone and change their tradecraft whenever it suits them. If they notice a subtle difference in an environment, they pivot to avoid and/or delay detection. Who says defenders cannot do the same, pivoting with technology to enable smarter defenses? With the detection and investigation, automation, and integration capabilities available in today’s security solutions, this should be a no brainer! In the 2023 XDR/EDR forum,...

Incident response (IR) capabilities play a major role in an organization’s security posture. IR teams’ capabilities determine how well organizations respond to an event when a threat actor strikes. The SANS 2023 Incident Response survey examined the tools, processes, and people involved in IR. This webcast will explore rising technologies, response and recovery times, and employment trends in the industry. In addition, gathered dat...

How often do you practice or exercise your major cyber incident plans? How often do involve your execs? Most people when asked said they'd love to cyber exercise more but don't know how. The problem with major incident response plans is that they are largely untested. The SOC and IR team may work together to test some aspects but for most organisations, the inherited critical incident plans are largely untested and, more importantly, so are t...