Review of the top used AWS services and which security features you dont want to forget about. Highlighting applicable CIS AWS Foundations Benchmark recommendations And calling out any other security controls that should not be overlooked

Organizations in every sector are increasingly adopting cloud offerings to build their online presence. However, although cloud providers are responsible for the security of the cloud, their customers are responsible for what they do in the cloud. Unfortunately, the providers have made the customer's job difficult by offering many services that are insecure by default. Worse yet, with each provider offering hundreds of different services and w...

Does your organization have penetration testers and a red team? Do they work closely with those performing defensive roles to improve the overall security? Far too often, pen tests and red team engagements are performed, leaving only a list of discovered vulnerabilities with no instructions on how to mitigate the findings. This is where purple teaming can be of great value to an organization. It's not a new team, rather, it's an organized effo...

A top-notch security platform requires a significant investment of money, time, and resources, so it's essential to know it's doing its job. Instead of waiting for an attack to test your security controls, on-demand, proactive testing allows you to validate that controls are acting as expected. That means you need a solution that enables you to emulate true threat actors within your environment, making penetration testing more effective and re...

2020 is a year we are unlikely to forget. Between the pandemic, uncertainty, and doubt, we all could use some positivity to get 2021 off to a great start. Join the SANS community of cyber defenders and blue teamers on January 8th for the The All-Around Defender: New Year, New Start event. The All-Around Defender: New Year, New Start is not a summit nor is it a webcast. This event is a special community gathering of individuals who care about o...

As the velocity of IT operations increases, automation is becoming critical for auditors and compliance professionals. In this session, we will cover the basics of using PowerShell for common infosec, compliance and audit tasks. We will make heavy use of demonstrations to explore the object-oriented nature of the shell, important commands for getting help, and how to select, sort, filter and transform results from native Windows tools. We will...

Zero trust has become one of the hottest topics in IT and cybersecurity especially in light of the global pandemic and related work-from-home (WFH) momentum. Zero trust is garnering plenty of headlines but do users really understand zero trust technologies and where they fit? And is now the time to move zero trust from a tactical to a strategic approach that aligns to business initiatives? Join us for our webinar with ESG and Cisco as we take...

Smartphone data can be confusing. There are so many locations, timestamps, and synched data that it may be more difficult than you think to put a person at the scene of a crime or behind an activity. For this Tech Tuesday Workshop we'll walk you through a scenario where the data is confusing. We'll show you how to create your own test data, extract it, and most importantly - validate it! System Requirements: A Mac or PC with permissions to ins...

Discover the most effective steps to prevent cyber-attacks and detect adversaries with actionable techniques you can apply immediately. Join us for SANS Cyber Defense Initiative® 2020 - Live Online (Dec 14-19, EST), and receive relevant cyber security training from real-world practitioners. Choose from over 35 interactive courses taught by industry experts, plus three NetWars Tournaments delivered Live Online. SANS Live Online events offer...

Traditional methods of cyber defense, like perimeter-based network security, have always emphasized the need of keeping adversaries out of our networks, building a fortress that would stop attackers while allowing secure access to legitimate users. In such a model, trust is typically binary: either the user is authenticated (trusted) or not. Once access is granted to a user, that level of trust is hardly re-evaluated, and when it is, it is usu...