Data Security Solutions Forum

  • Friday, 12 Nov 2021 10:30AM EST (12 Nov 2021 15:30 UTC)
  • Speakers: Benjamin Wright, April Mitchell, Geoff Mattson, Andy London, Sam Crowther

Join the action on the SANS Data Security Solutions Forum Slack Workspace.

To be effective, data protection has to be everywhere, from the server to the endpoint, at the office and at home, throughout the cloud and across the web. A company's system must be able to detect data leakage from any path, quickly apply real-time data protection policies, automate incident workflows, and alert the IT team as needed for further investigation. Having an effective understanding of how and where a company's data is stored is essential when trying to protect it. Data stored across multiple devices and cloud services need to be discovered and categorized according to sensitivity and accessibility.

The data that a company creates, collects, stores, and exchanges is a valuable asset. Safeguarding it from corruption and unauthorized access by internal or external people protects a company from financial loss, reputation damage, consumer confidence breakdown, and brand erosion. Furthermore, government and industry regulation around data security make it imperative that a company achieve and maintain compliance with these rules wherever you do business.



Dasera_Logo_Purple-01_(002).pngDTEX_NewLogo_Positive_RGB.pngKasada.pngLogRhythm Logo

Agenda | Friday, November 12, 2021 | 10:30 AM - 12:45 PM EST

Timeline (EST)

Session Details

10:30 AM

Welcome & Opening Remarks

Ben Wright, SANS Instructor

10:45 AM

Prevent Your Data From Going Rogue

Ways Customers Secure Their Data from Cradle to Grave

Cloud data is complex and dynamic. It’s constantly manipulated, edited, copied and moved by thousands of users, several times a day. That’s why your cloud data is constantly at risk and exposed to the new security and compliance vulnerabilities. Traditional security solutions like access control and DLP aren’t designed to protect against these vulnerabilities. A new approach is needed to keep pace with the onslaught of data and prevent that data from going rogue throughout its lifecycle. This session will highlight details on how customers address security challenges, such as:

  1. Classifying and securing thousands of data stores
  2. Proactively preventing PII from appearing in a public or sandbox environment
  3. Monitoring production data while in-use without sacrificing performance/throughput.

You’ll leave this session with a better understanding of the state of risk in your cloud data stores. And new knowledge of how to quickly remedy these risks and secure your data throughout the data lifecycle.

April Mitchell, Head of Engineering, Dasera

11:20 AM

Using Machine Learning & More for Threat Detection

Detecting malware, network intrusion, social engineering, and anomalous user behavior are just a few ways machine learning helps SecOps make sense of their world. But is ML-based detection enough?

While most Network Detection and Response (NDR) solutions rely solely on machine learning applied to single streams of data to detect network security issues, hybrid analytics combine machine learning, rules-based detection, and threat intelligence to analyze network, user, and host activity. This holistic approach maps actors to actions, providing a true representation of all activity within the enterprise domain. This makes it possible to detect threats with greater context and in real time. Join us to discover:

  • How hybrid analytics identifies and monitors actors and their actions
  • How ML and rules-based detection work hand-in-hand to detect known and unknown threats
  • How hybrid analytics use threat intelligence and identity data to help speed incident response

Geoff Mattson, VP Product Management, LogRhythm

11:55 AM

Behavioral DLP ~ The Knockout Punch to Trigger-based Endpoint DLP and UEBA?

The reality has set in. First-generation Endpoint DLP solutions focused on data-centric rules, policies and ‘time-of-exfiltration’ triggers have failed to meet expectations. Blocking is hardly ever used because it completely disrupts user productivity and workflows. Reporting is messy and incomplete, support for MacOS is marginal, and off network protection is hit or miss.

According to Gartner, ‘People-centric’ DLP is the future of data loss prevention and user behavior risk-scoring is a must have capability. Join Andy London, Customer Solutions Architect and DLP expert to learn how Behavioral DLP is meeting the specifications laid out by Gartner and to review the seven capabilities you need in your next DLP RFP.

Andy London, Senior Director, Customer Solutions & Architecture, DTEX Systems

12:30 PM

Credential Stuffing Trends & Tactics: What’s Changing for 2022

Credential stuffing has been a go-to tactic for fraudsters to take over accounts and profit for years. Why don’t we have a handle on this threat in 2021? New sophisticated adversarial techniques and DevTools have made automated credential abuse much more evasive and challenging for organizations to detect and stop.

During this session, Sam will cover stealthy automation trends to watch for in 2022 as he explains:

  • How fraudsters are using highly customized automation tools to bypass enterprise defenses and perform advanced credential stuffing attacks at scale
  • The anatomy of an attack that leverages credential stuffing and reverse engineering in the context of a real-world customer story
  • What to do (and what not to do) to prevent credential stuffing from impacting your organization now and in the future
Sam Crowther, Founder, Kasada

1:05 PM


Ben Wright, SANS Instructor