In this 90-min session you will play to win the Cyber42 Vulnerability Management Simulation as you try to improve the state of a fictional organization and more effectively handle the vulnerability management. During the game, as developed for MGT516: Managing Security Vulnerabilities: Enterprise and Cloud, you will see that the actions you choose can have uncertain and even unintended consequences. This interactive simulation puts you in real...

As IT workloads transition to the cloud, there's a shift in how organizations develop and deliver systems - and how security must be practiced. This year's SANS survey explores what this shift means for the modern enterprise and its security program. On this webcast, survey authors Jim Bird and Eric Johnson will explore how security professionals must adapt to this new world. Key questions from the survey include: What must they understand abo...

Security Orchestration, Automation and Response (SOAR) tooling is intended to increase efficiency and consistency. These tools also promise to diminish the cost of operating a Security Operations Center (SOC) for most organizations. If used properly, these tools can do all of these things. The challenge is that the tools are frequently bought to avoid the one thing that most organizations do not seem to be able to do on their own: figuring out...

This session will describe the differences between version 7.1 and version 8 of the Center for Internet Security Twenty Critical Security Controls. This major rewrite of the twenty CSCs reflects core changes in today\'s computing and infrastructure environments.

Time spent testing, monitoring, reporting, and updating controls is a resource-intensive practice for most enterprises regardless of your program\'s maturity. While Artificial Intelligence (AI) cannot analyze risk with the same judgment and interpretation as a human, there are several specific use cases where AI and automation can help augment and maximize your efforts to consolidate, coordinate, and communicate risk insights. In this session,...

In our age of digital transformation, an expanding attack surface and sophisticated threat actors have increased cyber risk exponentially. With more technology and data assets to secure, more telemetry data to analyze, more security tools to manage, more alerts to sort, and more threats to defend against, and fewer security analysts to handle this. Detecting and responding to threats became harder for many organizations. How can a modern appro...

Business Email Compromise (BEC) costs organizations like yours $9 billion every year. These hard-to-detect phishing schemes drive more than 40% of all cybercrime losses. But threat intelligence and fraud prevention teams have had little visibility into the scope of their risk, the BEC attack cycle, or threat actors objectives and methods. That is about to change. Agari Active Defense leverages an unparalleled global data footprint, innovative...

Business damages from ransomware and phishing attacks have made it clear that sensitive business information and application must be better protected. Increased enforcement of national- and state-level privacy laws, as well as the need to secure data across multiple cloud environments, has highlighted the need for reliable and transparent data encryption services to protect information while enabling business access. During this SANS WhatWorks...

With the advent of modern applications based on apis and micro services, a whole new attack surface and range of threats has evolved as is defined in the OWASP API top 10 project. This webinar will focus on the specific new threats our applications are facing and outline specific tasks band steps security professionals can take to improve awareness and reduce the business exposure to API based threats and attacks.

In Part 1 of this series, MGT516 course author Jonathan Risto discussed what makes a good metric and provided 5 metrics to start measuring within your vulnerability management program, regardless of your program maturity. In this second part of the Vulnerability Management series, MGT516 course author Jonathan Risto will discuss the following metrics: Mean Time to Resolve Average Exposure Window Vulnerability Reopen Rate and why these advanced...