With the advent of modern applications based on apis and micro services, a whole new attack surface and range of threats has evolved as is defined in the OWASP API top 10 project. This webinar will focus on the specific new threats our applications are facing and outline specific tasks band steps security professionals can take to improve awareness and reduce the business exposure to API based threats and attacks.

In Part 1 of this series, MGT516 course author Jonathan Risto discussed what makes a good metric and provided 5 metrics to start measuring within your vulnerability management program, regardless of your program maturity. In this second part of the Vulnerability Management series, MGT516 course author Jonathan Risto will discuss the following metrics: Mean Time to Resolve Average Exposure Window Vulnerability Reopen Rate and why these advanced...

The practice of running Adversary Emulation engagement exercises is becoming more widely adopted within modern security teams. The collaborative effort of Purple Teaming can help security professionals improve their skills as they leverage emulation tactics and detection/prevention methods to better understand how threat actors might successfully compromise hosts, networks and other enterprise services. Adversary Emulation goes well beyond tes...

In the event of a ransomware attack, security managers must be able to give business-relevant risk recommendations to CEOs and boards of directors. Most of the thought and effort required to do so must take place well before the attack. On this webcast, John Pescatore, SANS Director of Emerging Security Trends, and Benjamin Wright, lawyer and SANS Senior Instructor, will discuss key ransomware issues, including: Key security processes to avoid...

This SANS survey investigated how organizations are shifting their IT strategies to a cloud-based infrastructure - and how security teams are also evolving to use cloud security services that offer more effective controls and capabilities. In this webcast, SANS analyst and survey author Dave Shakleford will join a Gigamon representative for a deep-dive discussion and analysis of survey results. Register for this webcast to be among the first t...

Passwords are a hassle, and they're expensive to manage. They're also inherently insecure. Are organizations still required forced resets and enforcing complex passwords and other inconveniences that users tend to resist? Would organizations, if they could, get rid of passwords and use other forms of authentication (for example, multifactor options embedded in Windows 10)? This webcast will explore the results of the SANS 2021Password Survey,...

Cloud adoption was already well underway when the pandemic accelerated the need for faster adoption than anyone could have anticipated. Organizations of all sizes were forced to confront an abrupt shift to remote work for the majority of their staff. Today, cloud and DevOps leaders do not have centralized, actionable visibility into their clouds state and security, which greatly increases risk. Plain and simple, you cant afford to neglect clou...

No experience in the industry? No problem! In this webcast, we will be talking about what you can do in your current role and outside your organization to showcase yourself as a budding cyber star. Don't wait! Register now for the other webcasts in the HR + Cybersecurity! Skilling the Gap: Creative Ways to Recruit Top Cyber Talent Knowing Your Applicants: How to Stay Current to Best Assess Your Cyber Applicants Slow the Revolving Door of Talen...

This SANS survey explored the types of services organizations are using, what types of controls and tools provide the most value, and how effective cloud security brokering is for a range of use cases. In this webcast, SANS analyst and survey author Dave Shakelford will join a Fortanix representative for the deep-dive discussion and analysis of survey results. Register for this webcast and be among the first to receive the associated whitepape...

Effective data governance is integral to information security, but getting organizational buy-in is a common stumbling block for most new initiatives. For example, Security teams are usually unaccustomed to managing collaboration solutions, and their end-users can mistakenly view security protections as productivity inhibitors. Meanwhile, executive management can view data governance as a series of bureaucratic projects rather than a means to...