Make a Difference in the Cyber Community
This year, SANS is fortunate enough to partner with the Blind Institute of Technology to make a difference in the cyber community. Currently, 81% of people with disabilities are unemployed. The Blind Institute of Technology (BIT) Academy is committed to changing these statistics by working diligently with their candidates and their corporate partners to place people with disabilities in meaningful careers with a clear path for growth. The services offered through the BIT Academy are complimentary for all of their candidates with disabilities. However, it costs BIT $5,400 for each candidate to go through their 16 week Salesforce and Cisco certification classes. As a 501(c)(3) non-profit organization, they are highly dependent on corporate donations, individual donations, and grants. With a retention rate of 93% of its candidates that are placed in meaningful careers, every $5,400 raised enables them to change a person's life forever.
SANS and BIT would greatly welcome and appreciate your financial support to help them continue to change the lives of people with disabilities.
Rub virtual shoulders with professionals in your field and zero-in on the most relevant cyber solutions by registering for one of our four topic tracks. This event will bring together cyber security professionals of all experience levels from around the world for this two-day immersion into the latest cyber solutions, tools, and techniques to combat today’s threats.
Take a sneak peek of what you can expect from the experts themselves, when you join us to elevate your cyber skills and solutions know-how.
Continuing Professional Education (CPE) Credits are earned by participation in the event!
- 6 CPEs are earned each day for attending Cyber Solutions Fest 2022
- Yes, that's correct. You will earn 12 CPEs total for spending October 13th and 14th with us!
Agenda | October 13, 2022 | 8:30 AM - 5:00 PM EDT
Kickoff & Welcome
Jake Williams, Senior Instructor, SANS Institute
Utilizing Intelligence-Driven XDR for Pro-Active Threat Hunting
Security teams are constantly on the lookout for the next hack or vulnerability. With today’s adversaries and attacks becoming more sophisticated, the need for a more proactive approach has never been greater. The problem is that most security teams are stretched thin and overwhelmed, chasing alerts and false positives.
Threat hunting is one of the key activities organizations can utilize to proactively identify threats and look for traces of attackers, past and present, within their environment. Unfortunately, most struggle with visibility and collaboration across silos and the prioritization of threat hunting activities. In addition, they often employ a manual, analyst-centric approach that can be time-consuming and bring fewer results.
In this session, Mark Alba, Anomali Chief Product Officer, will introduce how a threat intelligence-driven XDR solution can help accelerate threat-hunting activities as well as demonstrate how The Anomali Platform can help organizations develop an automated threat-hunting workflow in minutes, enabling them to:
Join the session and start proactively hunting threats with threat intel-driven detection and response.
Mark Alba, Chief Product Officer, Anomali
Syns of Omission
There are twenty different definitions of threat hunting and ten different ways to do it. Organizations vary from having no presence in their threat hunting framework to multiple full-time hunters, but often many critical pieces are being missed. Threat hunting is a challenge to get right, with many potential pitfalls. There are plenty of things you can do to start a threat hunting program or be inspired to take a fresh look at your current hunting framework.
James Pope, Director of Customer Training, Corelight
Pentera 101: Changing the Game of Offensive Security
This session is to walk through a demonstration of Pentera: The Automated Security Validation solution. Organizations over the years have been following a defense in depth model to protect their critical assets. While this strategy makes sense; the tools, processes, and procedures surrounding this initiative have grown significantly. How confident can organizations be that each layer and the enormous effort undertaken is working effectively? Jay Mar-Tang will take the time to walk through how Pentera can validate which risks are present, which mitigative efforts are working efficiently, and how security practitioners of all expertise can leverage Pentera both internally and externally to know with certainty how strong the security posture actually is.
Dan Blankership, Sales Engineer, Pentera
All That is Gold Does Not Glitter: Cross Data Source Detection of Golden SAML
The Golden SAML attack takes place through a complex set of steps and allows an actor to abuse the trust between on-premise and cloud components. We will deep dive into the internals of ADFS and the unique properties associated with the attack, while sharing how to efficiently detect it today through cross-correlation of different data sources over enterprise, SaaS and Cloud surfaces in addition to raising research questions about the difficulties of traditional single-surface solutions to detect it.
Yonatan Khanashvili, Threat Hunting Expert, Hunters
ZTA and Threat Actors; Where Do We Go from Here
NIST SP 800-207 lays out what a Zero Trust Architecture should be like within an enterprise. While doing this they have put clear guidance for the network as place of mistrust. This places the endpoint and the use of IDAM as a source of truth and trust within the infrastructure, as a result EDR has become the main advocated tool for effectiveness to ensure compliance. Does this make EDR the next AV? What about the devices that I cannot run EDR on? Did NIST fail to properly provide guidance for the next generation of network design? All of this and more will be discussed on how the Threat Actors will continue to engage and win in this environment.
Peter Steyaert, Senior Manager, Sales Engineering, Gigamon
Technology is the Reasonable Accommodation: Panel
Join us for this one of a kind keynote session taking place at the 2022 SANS Cyber Solutions Fest where Mike Hess & Michael Patellis from the Blind Institute of Technology (BIT) and Meaghan Roper from SANS will be discussing the life-changing career opportunities that are available for blind/visually impaired (BVI) and other professionals with disabilities (PWD).
The BIT Mission & Goals: Blind Institute of Technology™ is a nonprofit organization with boots on the ground across the United States working hard to advance the professional opportunities for people with disabilities. We’re a small, passionate team with a dynamic blend of backgrounds, disabilities, experiences, and motivations, doing whatever we can to get the job done. Our message is that professionals with disabilities possess skills and abilities that corporations have overlooked or have yet to discover.
Mike Hess, Founder and Executive Director, Blind Institute of Technology
Jake Williams, Senior Instructor, SANS Institute
Threat Hunting and Intelligence Informed Decision-Making with XDR
Threat hunting has historically been a challenging activity, requiring hunters to manually prioritize potential threats, use expensive & long-running queries, and pivot between multiple tools to gather context. Anomali XDR combines proven intelligence management capabilities with innovative threat detection tools to provide rich context and insights for the SOC, ease the burden of manual prioritization, and accelerate the threat hunting process. Join the Anomali team to explore this in detail, and learn the value of intelligence-led XDR.
Richard Phillips, Product Manager Anomali
Corelight Session Details Coming Soon!
Mark Overholser, Systems Engineer, Corelight
Honeypot Investigations: Using Data to Analyze Mass Exploitation Attacks
It’s easier than ever to scan the internet and run exploits opportunistically. At GreyNoise, we run a global sensor network that helps identify mass scanning activity, to separate threats from background noise. But what happens after that? Using medium interaction honeypots can provide additional details about what an attacker is doing. For this talk, we’ve built out a small network that provides additional attack paths to see things like how an attacker operates in a more realistic environment, to better understand the next steps after mass scanning and exploitation, and to understand if an attacker is only trying to compromise the initial host or if additional reconnaissance is being performed once a foothold has been established.
Come join us for this interactive session where you will learn:
Nick Roy, Sales Engineer, Greynoise Intelligence
Threat Hunting with Network Data
In this session, Michael Morris and Cary Wright from Endace will look at why continuous packet capture provides such an invaluable resource for hunting down and analyzing network threats. With full packet data at your fingertips from all your security tools, it’s possible to investigate and analyze even advanced threats to conclusively piece together the full scope of an attack in a way that log data and metadata just cannot do. Find out what you can see with packets that you can’t see without them.
Using Intelligence to Protect a Growing Attack Surface
Organizations of all sizes and from nearly every industry are facing a never ending set of challenges when trying to protect their digital and physical assets from adversaries. The use and implementation of threat intelligence is a critical component of today’s modern security teams, and when used to its full potential, it is often the difference between preventing an incident from happening vs. being a victim of a cyber incident. Join Recorded Future to understand how you can leverage external intelligence to understand and protect your entire attack surface.
Jake Munroe, Principal Product Marketing Manager, Recorded Future
Threat Hunting 101: Best Practices for Threat Hunting and Investigations
By tricking users, compromising hosts and executing many other underhanded schemes, attackers can infiltrate any organization they set their eyes on. Even the best-protected organizations can fall victim to these skilled and stealthy attackers. So how can you find these hidden adversaries and root them out fast before the damage is done? Join our presentation to learn the latest techniques for more efficient threat hunting and accelerated investigations. You’ll learn how to: Uncover cloud and on-premises threats quickly Investigate alerts swiftly and thoroughly Assess the scope and severity of an attack accurately Turn threat hunting discoveries into automated detection You’ll also get an inside peek into the tools and techniques the Palo Alto Networks Unit 42 team leverage to discover the stealthiest threats. Save your seat now!
Palo Alto Speaker Coming Soon!
Adopting an Intelligence-Driven Security Model
Intelligence driven security is the model of the future. Too many organizations today only use cyber threat intelligence in a reactive mode (if at all). But threat intelligence can (and should) drive the way security teams create and tune their controls in the first place. In this session, our panel of industry leaders will discuss how they use threat intelligence to drive their security operations, from architecture, to operations, all the way to response. Bring your questions for our speakers and learn how to change your mindset around threat intelligence from reactive to proactive!
Jake Williams, Senior Instructor, SANS Institute