Building and deploying modern systems in a highly regulated cloud environment is challenging. In this session, we will explore the DoD Cloud Computing Security Requirements Guide (SRG), key FedRAMP Security Controls, and key lessons learned. Regulators impose requirements that are meant to be applied in a traditional on-premise environment, which requires unique design decisions in cloud-native environments. In this session, we will explore th...

In order to interact with a real domain controller, Mimikatz can spoof a Windows domain controller, and read information from or write information to active directory. Mimikatz's DCSync command is used to read information: typically, it is used to dump credentials from active directory. And the DCShadow command is used to write information: for example, modify the primary group of an account to a group with higher privileges. The use of these...

Adversaries are launching attacks that easily hide in plain sight, often by evading limited visibility defenses, living off the land, or finding coverage gaps in enterprise monitoring. Furthermore, adversaries are launching more and more “large scale” attacks, such as multi-million-dollar ransoms or integrity- and reputation-threatening data breaches. Defenders must constantly find ways to “level up” their defenses and...

As IT and security teams struggle to manage a complex sprawl of devices, users, cloud services, and software, there's one certainty we can rely on (thanks to the second law of thermodynamics): things will only get more complex. But there's good news! What we previously thought of as "asset management" has evolved. Today, we have “asset intelligence”, which moves from a spreadsheet approach — focused on getting an inventory of...

This year's SANS Security Operations (SOC) Survey focused on changes in budgets and the impact of the explosion of both remote work and cloud-based systems on critical SOC functions and team operations. On this webcast, sponsor representatives will join the survey authors fo

Join members of the SANS Industrial Control Systems (ICS) Team in a new ICS Webcast Series: ICS Cyber Resilience, Active Defense & Safety. Presenters will address the recent increase in attack campaigns and impacts seen across multiple sectors in the ICS space. Topics of discussion will include ransomware impacting critical infrastructure, detecting advanced adversaries inside ICS networks, and a variety of other threats and defenses. This...

Just as networks have changed, so too have packet capture solutions. Modern packet capture solutions can identify the traffic that analysts can't decrypt and stop storing additional traffic to increase retention. Some can even send traffic to other devices that can ingest packet capture data, creating the need for only a single less expensive network tap to send data to multiple systems. And they’re even less expensive than their more an...

Snyk recently released a report on the State of Cloud Native Application Security to define how cloud native adoption has transformed the way modern organizations manage security threats. After surveying over 600 respondents, the report found that high levels of deployment automation empower continuous security testing when building cloud native applications. “Nearly 70% of respondents with high levels of deployment automation were able...

In this webinar series, Jake Williams takes a hands-on approach to forensics packet analysis, using real-world examples to demonstrate how to analyze network packet data to uncover and investigate threats. The series takes a protocol-by-protocol approach. It is an ideal introduction to packet forensics for beginners and a great source of expert tips and tricks for more experienced security analysts. In this episode Jake takes a deep dive into...

This year's survey explored the explosion of both remote work and the use of cloud-based systems on critical SOC functions and team operations, as well as shifting budgets. This webcast explores the results of our 2021 SOC Survey, which included real-world commentary taken from in-depth interviews with respondents who shared specific information about how they operate, as well as what does (and does not) work for them.