This session will walk through a demonstration of Pentera: The Automated Security Validation solution. Organizations over the years have been following a defense in depth model to protect their critical assets. While this strategy makes sense; the tools, processes, and procedures surrounding this initiative have grown significantly. How confident can organizations be that each layer and the enormous effort undertaken is working effectively? D...

The Zero Trust framework is based on the principle of "never trust, always verify." Join us to learn about Zero Trust, how to adopt it for applications, and the technologies you need to take control of your environment in the fight against ransomware.

The “cat-and-mouse” game between Attackers and Defenders is as old as the LoveLetter virus. While script-kiddies have matured to become cybercriminals, hacktivists, and state-sponsored adversaries, sometimes it feels like the Defenders are stuck in 1999. We deploy anti-virus solutions, monitor the perimeter, and wait and see. Yes, today’s security technology is “Next Gen,” “2.0,” and “Meta,...

This webcast will showcase the newly developed Mandiant Cyber Threat Intelligence (CTI) Analyst Core Competencies framework; discuss how FOR578 is one of the seminal trainings available in the market for analysts to develop knowledge, skills, and abilities defined within the framework, and highlight the exact parity via the recently produced SANS blog on the topic. We then speak with a panel of CTI directors on their experience growing up in...

Software supply chain attacks have become a go-to technique for threat actors. But today, most software supply chain attacks target dependencies where threat actors get higher return on investment. After all, why compromise one piece of software when you can compromise every piece of software that uses a given library? Software dependency attacks have been used to deploy Cobalt Strike, steal API keys to compromise assets deployed in AWS, and...

As we celebrate the 15th anniversary of the SANS DFIR Summit & Training, we're feeling nostalgic and having some fun looking back on the great strides we've made since our first DFIR Summit. It feels like just yesterday when a group of DFIR superheroes gathered for the first time to share ideas, learn new techniques, and have a little bit of fun. The DFIR community has come a long way since then, and we can’t wait to see what’s...

Join us for the 9th annual SANS Security Awareness Summit to learn, connect, and share with thousands of fellow security awareness and culture professionals from around the world. For this year’s event you have the choice of attending live online or in-person*. The focus for this year is “Managing Human Risk”. Traditionally security awareness events have focused only on topics such as engagement, interaction, and gamification...

Implementing a continuous monitoring strategy is critical for improving system visibility and security. However, there are challenges in achieving visibility with widely diverse environments and endpoints. Additionally, using a disparate set of tools – in on-premises and cloud environments and with remote clients – has proven enormously difficult in the past several years. Fortunately, there are many more options available today th...

Don't miss the opportunity to attend the 2022 Government Security Solutions Forum! SANS, in partnership with Carahsoft, is proud to host an exciting line up of speakers. Led by SANS Instructor Matt Bromiley, along with a number of SANS instructors and industry experts. We will explore concepts and technologies to help defend against adversaries of all shapes and sizes. With a wide range of experts and topics, this forum will provide opportunit...

Do you ever run into problems with your vulnerability management program that you wished you had at your fingertips just one more little piece of information? To help conduct some prioritization, or to know who the business owner is, or to inform people this was an end of life system… All valuable and great to have readily available. But alas, we often are missing information, or it is not easy to access. Join Jonathan (MGT516 co-author...