The evil Professor Moriarty is hunting for a hiding Sherlock Holmes, whose whereabouts are only known to Sherlock’s brother, Mycroft. In this webinar, we will discuss how Moriarty and his gang hacked into Mycroft’s web environment to search for clues, and how Sherlock turned the tables and detected their every step. This webinar is based on a newly released SANS poster that focuses on Cloud Threat Detection, set in the world of mod...

Hands-On Cyber Security Training Taught by Real-World Practitioners Attend in Orlando, FL or Live Online Learn real-world cyber security skills from top industry experts during SANS 2023 (April 2-7). Join us in Orlando, FL or Live Online to experience interactive training with hands-on labs, practice your skills during one of our NetWars Tournaments, and network with your peers in real time. Choose your course and register now! SANS 2023 Featu...

As outsourcing and external management of MDR becomes more common, organizations need to know and understand what best practices look like. They also need to understand how to keep the human analysts engaged at the organization and within the MSSP. It’s enough of a challenge to establish then sustain technical interchange between two organizations. How will you maintain trusted professional interchange in a 24x7 operational environment?...

Over the course of his career, SEC497: Practical Open-Source Intelligence (OSINT) Course Author Matt Edmondson has started up multiple OSINT teams within the U.S. government and worked with private sector cyber threat intelligence teams ranging from Fortune 100 businesses to small startups. In this talk, Matt will explain how the OSINT landscape is changing and most importantly, he’ll discuss some crucial decisions that organizations can...

ChatGPT and other GAN technologies are dominating the news, but can you tell what’s hype and what’s not? How do these AI tools work? Are there security applications or concerns? How difficult is it to use these tools for red/blue/purple team accelerators? In our Featured Keynote, SANS Fellow David Hoelzer will discuss potential risks that advanced AI poses to cybersecurity, and what steps are being taken to address these challenges...

Times are changing as we continue to innovate. We have moved from monolithic applications to microservices, APIs, serverless functions, and cloud services that are continuously changing and thus making them harder to secure.Traditional security solutions of the past have failed us and will not work with the latest technologies. During this solutions track, we will learn and focus on how to protect the next generation of applications. Presentat...

As more organizations today struggle to keep up with the threat landscape, detection and response capabilities can suffer, too. This is often due to a lack of expertise on-staff, or a lack of staff altogether. Increasingly, many security teams are turning to managed detection and response (MDR) providers to help shore up their defenses. In the past several years, the breadth and capabilities of MDR providers have expanded considerably, often i...

The pace of IT change has become difficult to keep up with for SOCs. The SOC team should use the SOAR platform to gain insight on what the SOC does and perform it with greater speed, precision, and consistency. The challenge is SOAR tools are frequently bought to avoid the one thing that most organizations don't seem to be able to do on their own: figuring out the sequence of actions that need to be automated and bringing together the mass of...

The intelligence cycle is a six-step process to gather, analyze, and disseminate intelligence information. During the webinar, we will discuss how ChatGPT, an AI-based language model, can assist in each phase of this process. We’ll provide real-world examples of ChatGPT being used to drastically reduce the time it takes to go from concept to functionality and to help us learn while we’re using it.

Most companies with cloud infrastructure have implemented multiple security posture tools, along with compliance management and identity access management – but breaches still happen. A recent IBM study found that organizations take an average of 207 days to uncover breaches and another 70 days to remediate. Configuration and vulnerability management are important for compliance reporting but not enough to intercept cloud breaches. In th...