Become more effective at your job with hands-on cyber security training in Anaheim. Save $300 thru 11/27.

SANS Security Insights

Active Directory Password Policies & NIST Password Standards

by Josh Horwitz,Chief Operating Officer, Enzoic

NIST password standards balance employee-friendly password policies with improved security. While NIST introduced these password standards in 2017, many organizations are just now getting around to adopting them in Active Directory. As they do so, organizations are embracing tools to automate screening of exposed passwords and password policy enforcement to simplify their AD implementations without creating a lot of additional burden on the IT team.


The Dark Side of Threat Research

White hat threat researchers, security pros and cyber investigators share tips for protecting their personal lives from bad guys they encounter online.

By Deb Radcliff, Creative Director,SANS Analyst Program

Before starting any cyber investigation into the dark web, Bryan Seely scrubs his social media profiles, creates a fake identity, opens an anonymous Google voice account and buys a new burner phone. These are just a few safeguards he takes to protect himself from being attacked by some of the shadowy characters he interacts with online during his dark-web research.


Three Cloud Security Best Practices for 2020

By Matt Cauthorn, VP of Cyber Security Engineering, ExtraHop Cloud security attacks are on the rise-and a lot of the blame can be placed on one factor: hackers are exploiting misconfigurations to access sensitive data. Whether customers fail to properly configure Amazon Web Services (AWS) settings for unrestricted external access or elastic block store (EBS) … Continue reading Three Cloud Security Best Practices for 2020


Protecting the Mental Health of Cyber Warriors

The mental health of white hats, intelligence gatherers, investigators and other cyber researchers is at risk, and they have few resources to turn to.

By Deb Radcliff, Creative Director,SANS Analyst Program

This story will forever haunt me: One of my sources (a malware researcher for a respected antivirus company) sent a rambling email claiming anonymous and the Church of Scientology were after him, to please tell his wife he's sorry, and that he was going to jump off a building.


VMware and Carbon Black: Cloud Heaven or Customer Hell?

Embedding Carbon Black capabilities with VMware core technologies could be a game changer for embedded security. It could also lead to the degradation of a top security product over time.

By Deb Radcliff, Creative Director, SANS Analyst Program

VMware's $2.1B purchase of Carbon Black, completed October 8, represents an opportunity to revolutionize the security industry with embedded, in-stack endpoint and network security. Or, the acquisition could end up diluting innovation around a known and trusted endpoint protection platform.