This hour and a half long Lightning Summit will feature six different 10-minute talks from SANS instructors across various disciplines.
It has been over a month since SolarWinds made public that it was breached and a backdoor known as SUNBURST had been inserted into its flagship product. During the last month, the information security community has come together to share and learn about how to defend against this attack. In this SANS Lightning Summit, SANS instructors will present lightning talks summarizing some of the key lessons learned.
The compromised SolarWinds Orion platform is at the heart of many organizations. It monitors and manages enterprise infrastructure. The platform has full access to all managed assets. This made the backdoor attackers introduced into SolarWinds Orion a worst-case scenario supply chain attack. The attack started as early as March, but was not detected until December which provided ample time for attackers to roam and compromise the networks managed by SolarWinds Orion.
You will learn:
Overview and Intro - Rob Lee FOR508 Advanced Incident Response Author and Instructor
1. KEY CTI Takeaways - - Katie Nickels FOR578 Cyber Threat Intelligence Instructors
2. Hunting and incident response key takeaways from the field - Mark Bristow ICS515: ICS Active Defense and Incident Response Instructor
3. Takeaways from SolarWinds Malware Analysis and why it is important - Evan Dygert FOR610 Malware Analysis Instructor
4. Best and Worst organizational approaches to SolarWinds/SunBurst Incident (Detection, Response, Remediation). Rating effective hunting approaches for SolarWinds. - Mike Murr
5. Blue Team Approaches in Preventing and Detection of SolarWinds in the Future - John Hubbard SEC450: Blue Team Fundamentals: Security Operations and Analysis Author and Instructor
6. Beyond SolarWinds: What we need to learn about supply chain attacks NOW. - Dr. Johannes Ulrich Internet Storm Center Lead
SolarWinds/Sunburst Panel with all 6 Speakers and moderator for 30 min at the end.
Dr. Johannes Ullrich