Agenda | 8:30 AM - 5:30 PM EDT
Kickoff & Welcome
Shaun McCullough, SANS Instructor
Resilient Incident Response: Effective Strategies for Blocking Ransomware Attacks
In this session, Brad Garnett (GM of Cisco Talos Incident Response) will discuss practical incident response strategies that every CISO and business leader faces with a hybrid workforce. Brad will share his insights from the front-lines in the fight against ransomware and why organizations need to re-evaluate existing incident response plans and share how Talos is fighting the good fight against evolving adversaries.
With Cisco Umbrella as the underlying framework, Garnett will touch on ways to block sophisticated ransomware attacks at the DNS level. Cisco Umbrella’s cloud-based firewall, interactive threat intel, secure web gateway and other tools protect networks from an onslaught of malware, ransomware, trojans and other attacks from unsanctioned and insecure cloud apps.
Brad Garnett, GM for Cisco Talos Incident Response, Cisco Umbrella
Data-Centric SASE: Protecting Your Data Against Threats and Breaches in the Real World
If your SASE solution isn’t protecting data… What's the point? A lot of vendors will protect you against threats but are they protecting your data? The SASE solution you choose should protect you against threats AND protect your data, avoiding a data breach.
In this session, we will discuss how an effective data-centric approach to SASE can help you continuously reduce risk and shrink the threat landscape. We’ll look at:
Henk van Achterberg, Product Manager, Symantec a Division of Broadcom
Let's Face It. Shift Happens
The emergence of the cloud has resulted in significant changes in the development process. Traditional monolithic application architectures have given way to more agile cloud-native applications. With this transformation, security teams are left wondering how to protect their ever-changing environments. In this session, attendees will learn how security teams can continuously integrate into the development lifecycle while gaining visibility into vulnerabilities, misconfigurations, and malicious code in real-time. Shift happens, however with the right approach it is possible to find solid ground.
Ell Marquez, Linux and Security Advocate, Intezer
Flying blind? - The Case for API Security and Observability
The business demanded rapid innovation. Software development and IT figured out how to provide it. But now we have a whole host of new problems. In the resulting world of cloud-native apps, microservices, and API-driven applications, what we came to rely on for keeping it all running and secure is no longer enough.
In this new fog, we are basically “flying blind”. Modern applications are complex, extremely hard to secure and protect, and on top of that they are continuously changing. Our visibility of what we have, how it is behaving, and how it is being used (and abused) has diminished tremendously. So how do we begin to see through the fog once again?
In this session you’ll learn:
John Jeremiah, Director, Traceable AI
Get in Shape to Fight Cloud Attacks - Posture Assessment and Beyond
The pandemic and digital transformation-driven accelerated cloud migration has created a new attack surface for cybercriminals. Fast-paced migration, lack of cloud skills, and the agility of DevOps have made it difficult for organizations to maintain visibility, compliance, and threat defense capabilities. Multi-cloud and multi-platform complexity has made this even harder, with each cloud having its own jargon, services, naming, and architectural differences.
Many on-premises security tools are anti-patterns in the cloud and cannot be easily shoehorned in. In response, organizations have been deploying a new suite of posture assessment tools that aim to minimize attack surface with periodic static checks on the cloud control plane and in some cases vulnerabilities. However, modern cloud threats with complex, multi-stage kill chains and supply chain code injection cannot be mitigated just by compliance and configuration checks. It is also common knowledge that vulnerabilities remain in production workload weeks and months after being known and even more so in instances that are not publicly reachable. To get in fighting-fit shape to tackle cloud attacks today’s cloud ninjas have to go beyond the basics of posture management.
In this talk, we discuss how security can be injected into the build-ship-run cloud-lifecycle with automated guardrails to maintain visibility, compliance and threat detection. How to do this despite multi-cloud complexity and without adding onerous requirements on developers and DevOps. We show how this approach that focuses not just on configuration but also runtime behavior empowers DevOps and SecOps to maximize coverage based on the MITRE ATT&CK framework for IaaS, Serverless, Containers and Linux/Windows cloud platforms.
Andrew Nelsen, Threat Researcher, Blue Hexagon
Diversify and Conquer: Building and Managing Successful CyberTeams
Successful organizations know it's important to build diverse teams, but how can you ensure you're hiring from the most diverse pool? And once you've developed a diverse team how can you support inclusion and respect to keep that team effective and engaged? In this panel we bring together a group of experts in the cybersecurity field who represent a wide variety of backgrounds and approaches. Together we'll talk through dimensions of diversity including educational, experiential, racial, and neuro. And we'll share examples of how you and your organization can thrive with a powerfully diverse workforce.
Afternoon KickoffShaun McCullough, SANS Instructor
Continuous Risk-Reduction With Innovative Methods
Symantec continues to invest in cyber-security focused technologies to enhance the user experience while strengthening your security posture. In this short session you will learn about two novel ways to drastically reduce the attack surface in the network with Web Browser Isolation and on the endpoint with true adaptive protection.
Manoj Sharma, Global Head of Security Strategy, Symantec a Division of Broadcom
Cloud Security Threat Defense
Built into the foundation of the internet, Cisco Umbrella is a cloud security service that provides a first line of defense against threats, wherever users access the internet — on or off the corporate network. Umbrella is deployed enterprise-wide in minutes and gives you the threat intelligence and context needed to block threats before they become attacks.
Join this live demo to learn how you can:
JT Clay, Engineer, Cisco Cloud Security
Thinking Outside the X: How to Expand the Scope of Your XDR Approach to Act on Threats with Confidence
Learn how a platform approach to Extended Detection and Response (XDR) can provide you with the threat intelligence, automation and orchestration capabilities, and context-rich insight you need to help unburden your security team and enhance your ability to find, understand, and remediate threats faster and more efficiently.
Coty Sugg, Manager, Cisco SecureX
What's Real and What's Possible with Self-Service and Developer Speed Governance
Security, Cloud, Operations, and Product/Development groups are all building out their versions of the next cloud platform and governance controls. As each considers overlapping approaches including automated enforcement, shift left, and other posture management approaches one question dominates: "How can security keep pace with delivery?"
Expect insight on how to:
Join to learn about our hands-on experience implementing security-as-code architectures and demonstrates best practices for developing security policy and controls, to automate DevSecOps and runtime cloud security.
John Steven, Chief Technology Officer, Concourse Labs
6 Cloud Security Risks Hiding Inside Your Cloud Estate
Public cloud providers like AWS, Azure, and GCP enable you to deliver new products and capabilities at breakneck speeds, but how do you balance speed to market against compliance mandates and risk – do you have to choose? Join Patrick Pushor, Technical Evangelist at Orca Security, for a fast-paced session as he takes you through best practices, and pitfalls to avoid in securing public cloud infrastructure.
6 risks hiding inside every public cloud estate - How to get instant-on, workload-level visibility across 100% of your AWS, Azure, and GCP assets - The power of addressing both the control plane and data plane at once - Pros and cons of different cloud security tools: traditional agent-based tools and scanners, CWPP (cloud workload protection platforms), and CSPM (cloud security posture management).
Patrick Pushor, Principal Technical Evangelist, Orca Security
Snyk Code: Intro to Developer Friendly Static Application Security Testing
Modern software development practices as DevOps hands the responsibility for application security to the developers. One type of tool that could help developers to cope with this is static application security testing or SAST. Problem is that traditionally SAST tools have been slow, not accurate and simply not developer friendly. Snyk Code is here to change this.
In this session, we want to briefly introduce you to the magic behind Snyk Code - the human-guided ML process based on a fast logic analyzer - and then spend the majority of time in a demo where we follow the life of a pull request. We will edit code in the IDE, test locally, do a PR, work with legacy code and more. We want to keep it practical and pepper it with best practices along the way. We want to show you that Snyk Code is fast, accurate and developer-friendly, just as SAST should be.
Frank Fischer, Developer Advocate, Snyk
Come be SASE With Us: Panel
The Secure Access Service Edge, or SASE, is a convergence of security, data protections and networking to help overcome the problem of building scalable, flexible, and securable infrastructure at scale. In this panel, technical leaders from Cisco and Symantec’s will discuss the cloud journey with SASE services, and how they integrate with current tools, technologies, and security practices. Panel members will also discuss the future of these services. Come and ask questions, hear from the experts, and bring home new ideas to your organization's cloud journey.
Shaun McCullough, SANS Instructor
Keynote: Diversify and Conquer
Turn diversity into power.
Joined by Nicola Whiting, Alyssa Miller, Natasha Barnes, and Seema Kathuria, Diana Kelley will lead this enlightening panel discussion and share how organizations can thrive with a powerfully diverse workforce.
Attend this engaging and thought-leading keynote by registering for a level on day 2 of SANS Cyber Solutions Fest 2021.
Level Cloud Security with Shaun McCullough
Hear from Level Cloud Security's chairperson Shaun McCullough on what you can expect from his track in the upcoming SANS Cyber Solutions Fest!
Cybersecurity Solutions for Today's Challenges
The 2nd annual SANS Cyber Solutions Fest aims to connect cybersecurity professionals of all levels with the latest solutions, tools, and techniques to combat today's cybersecurity threats.
- Featuring 4 unique levels: Threat Hunting & Intel, SOC & SOAR, MITRE ATT&ACK®, and Cloud Security
- Network in real-time with over 30 sponsors and learn from top industry experts
- Join interactive panel discussions, discover job opportunities, compete in games for multiple prizes, and more