At the Log4Shell Vulnerability Solutions Forum, we will showcase Software Composition Analysis (SCA) tools, Network Detection and Response (NDR) to identify exploitation and post-exploitation activity, and address the multitude of log4j vulnerabilities that were inevitably not disclosed by vendors and missed in vulnerability scanning. Presentations dive into technical content through case studies, demos, and thought leadership using specific examples relevant to the industry.
Continuing Professional Education (CPE) Credits are earned by participation in the event!
- 6 CPEs are earned for attending the Forum
SANS Summits and Solutions Focused Forums and Tracks are one- to two-day events that bring together practitioners and leading experts to share and discuss case studies, lessons learned, new tools, and innovative strategies to improve cybersecurity and overcome challenges in a particular focus area or industry.
Stay up to date on upcoming Summits & Forums and get connected with thousands of industry professionals by joining the 2022 Solutions Forums Workspace & Mailing List!
Agenda | Friday, February 18, 2022 | 9:00 AM - 3:45 PM EST
Welcome & Opening Remarks
Jake Williams, SANS Senior Instructor & Subject Matter Expert
Solving Cloud Security Challenges
A well-crafted container or kubernetes avoids using excessive privileges, shipping unused packages, leaking credentials, and will expose a minimal attack surface. By removing known risks in advance, you’ll reduce security management and operational overhead; however, not everything can be known and prevented in advance. You cannot forget about security since the container is running.
Join this session to gain clear direction on how to:
Eric Magnus, Engineering Manager, Sysdig
Block Like a Boss: Detect Behaviors
Don't Depend on Deny Lists & Learn How to Detect Evasion Techniques that Legacy WAFs Can't
The recent Log4J 0Day generated unprecedented levels of risk. Morphing attack patterns that continue to emerge only compound the problem and will demand our attention into the foreseeable future. ThreatX’s combination of attacker-centric behavioral analytics, 24/7 SOC, managed services and threat research were—and will continue to be—a potent combination to combat the threat as it evolves. In this session, Neil Weitzel, ThreatX’s SOC manager, will share his front-line insights into how ThreatX’s managed SOC delivered same-day protection against Log4J and developed heuristics to detect and block attempted explicit exploits outlined in CVE-2021-44228. He will demonstrate ThreatX’s capabilities, including its multi-level serialized decoding that allowed its customers to detect evasion techniques that legacy WAF providers would struggle to defend against. As we heard from one customer in the throes of Log4J: “I have to say it’s wonderful having your platform in place right now.”
Neil Weitzel, SOC Manager, ThreatX
Log4Shell Lessons Learned and Mitigation Tactics
This talk will share common challenges faced by organizations during and in the response to the Log4Shell related vulnerability disclosure. The talk highlights lessons learned collected from the front lines during investigations on how organizations approached the problem and how certain mitigations prevented further escalation of attacks.
Yinan Yang, Director - Professional Services, CrowdStrike
Log4j: Separating the Exploits From the Noise
Attackers have already found thousands of potential ways to obfuscate their log4j attacks, which are sweeping the Internet at breakneck speed. SOCs protecting still-vulnerable assets have a duty to chase down every alert for it that pops up - which are coming in at a rate of tens or hundreds of thousands of times a day for larger enterprises. This talk will discuss how a data-driven strategy can automate that insurmountable task into a process that quickly reveals systems that actually responded to the attack - letting teams focus on the alerts that matter the most.
Alex Kirk, Global Principal Engineer, Corelight
Speed and Scale: The Technical Security Manager’s Log4shell Manifesto
For many organizations, the experience of Log4Shell during and after the holidays felt like trying to find many needles in many haystacks within a burning barn. To be prepared for the unexpected, security teams need to be able to act quickly and answer questions about their endpoint and cloud workloads such as: What assets are affected? Has the exploit been attempted? and How will updating our software affect our production workloads? There is no silver bullet. However, the proper tooling can make software asset management easier and improve your reaction time to emerging threats such as Log4j/Log4Shell.
Join this session to learn more about:
Jeremy Colvin, Technical Product, Uptycs
Uma Reddy, VP of Engineering, Uptycs
API Security Strategies: Preparing for the Next Log4Shell
The attack surface for APIs is massive amongst all of the different endpoints and Log4Shell is just one vulnerability that has been exposed. How do you prepare for the next one?
Join this session and learn:
Stepan Ilyin, Co-Founder, Wallarm
How to Get Answers for Your CEO's Top Log4Shell Questions
According to a 2021 KPMG survey of hundreds of CEOs, cyber security risk is the number one risk threatening business operations. Just a few years earlier, CEOs dismissed cyber risk as a technology problem to be handled by the IT security team. Log4Shell didn’t calm CEO concerns about cyber risk, leading to many cyber security professionals having to answer non-stop questions about the new Log4j vulnerability.
We could not have anticipated Log4Shell, but we could have been more prepared as an industry to assess, prioritize and mitigate the potential risk of CVE-2021-44228...not to mention the thousands of other new vulns that threaten our businesses every year. Are you ready to answer questions from the boardroom?
Join us to learn how your peers took a risk-based approach to Log4Shell assessment, prioritization and mitigation. Get ahead of the hard questions from executives, and be prepared with intelligent, proactive answers for this latest P1 vulnerability.
Mike Parkin, Engineer, Vulcan Cyber
Cyber Attacks and Your Third-Parties: Why Filling Out Additional Assessments Does More Harm Than Good
When it comes to reacting to a security threat, no one has time for another assessment. Join CyberGRX experts Gary Phipps, VP of Solutions Engineering, to learn how you and your third parties can defend yourself differently in the face of a cyber attack. We'll talk about a new way to respond that includes:
Gary Phipps, VP of Solutions Engineering, CyberGRX
Security Observability - Are you ready for the next Log4J?
When Log4j emerged, many organizations were caught “flying blind”, hoping that they could protect their applications with their traditional perimeter defense. Modern applications are extremely hard to secure because, in the cloud, the apps are no longer behind a firewall, but rather connected to services potentially everywhere. As a result, security at the gate is simply not enough, now we need visibility of what we have, how it is behaving, and how it is being used or abused. We need visibility with the context of the application in order to protect the business from emerging threats like Log4J and others.
In this session you’ll learn:
Sudeep Padiyar, Product Manager, Traceable AI
Log4j - Forensics of a Supply Chain Attack
On December 9th, 2021 a major Log4j vulnerability was posted in GitHub. This immediately began a race to patch or block the attacks that had the potential of taking over the machines running vulnerable versions of Log4j. This supply chain attack showed us how a relatively unknown logging utility could present a high level of risk to companies ranging from SMB to Fortune 100. In this presentation, we will discuss the details of this vulnerability, analyze two of the most common attack vectors we observed, and the different ways that Imperva helps customers protect themselves from this vulnerability – blocking over 200 million attacks to date.
Erick Sanz, Sr. Engineer, Imperva
Jake Williams, SANS Senior Instructor & Subject Matter Expert