Cybersecurity Webinars and Workshops

20 Critical Security Controls

The 20 Critical Controls are quick wins that allow you to rapidly improve your cybersecurity without major procedural or technical change. International cybersecurity experts developed the 20 Critical Controls to be the most effective and specific set of technical measures to counter the most common and damaging computer attacks. The controls address the root causes of these attacks to ensure your security measures are effective. This presentation will also discuss how VA Tech is implementing the 20 Critical Controls as part of its overall security strategy.

Open Season on Cyberthreats: Part I- Threat Hunting 101

Expanding on the results of the 2015 SANS Incident Response Survey, the threat hunting survey explores the uses and benefits of threat hunting. Results of the survey will be presented in a two-part webcast.In Part 1 of the webcast, attendees will gain insight into:What threat hunting entailsWhat pitfalls stand in the way of attaining actionable resultsWhat organizations are discovering through threat huntingPart 2 of the webcast, held on Friday, April 15, 2016 at 1:00 p.m. Eastern, will focus on threat hunting methodologies and tools. Be among the first to receive the associated whitepaper written by threat hunting expert and SANS Analyst Eric Cole.View the associated whitepaper here.Enrich your Threat Hunting skills by attending the Threat Hunting and Incident Response Summit | New Orleans, LA | Tuesday, Apr 12-19, 2016.

Empowering Incident Response via Automation

Despite advances in incident response, the security community tells SANS there are plenty of things to fix. Automation is sometimes presented as the solution, but what does that mean? In a new SANS webcast and paper, we will talk about automation to empower your employees and make them more successful.While we are making noticeable advancements in some areas, such as dwell times, there's still significant room for improvement in automation. Join us to examine some of the critical issues facing incident responders today. These issues, which may vary in your organization, typically include:The inability to move from remediation/eradication to recoveryMonotonous and/or laborious processes that eat up time that could be spent dealing with incidentsLack of data enrichment to help make investigative decisionsLack of investigative tracking mechanisms to help teams "learn from the past"Register to attend this webcast and be among the first to receive the associated whitepaper written by SANS community instructor and analyst, Matt Bromiley.

Building and Maturing Your Threat Hunt Program

While threat hunting sounds exciting--and promising--building an effective program can be daunting. The very definition of threat hunting is fluid, creating confusion about how to use it. Practitioners often have varying opinions about what would be involved in a threat hunt program and how to use it. And, there are many questions about how to develop a program that can evolve into an effective, mature one.In this new SANS webcast, SANS instructor Davis Szili, with insights from a Cisco representative, will help attendees define threat hunting and create an effective process for using it.'the webcast will address getting started, including building a team, what a typical hunt might look like and building a knowledge base for later use. 'Attendees also will learn how to create a test lab and use effective metrics.Register now and be among the first to receive the associated white paper written by David Szili.

2020 SANS Cyber Threat Intelligence (CTI) Survey Results

Over the past several years, SANS has seen a gradual maturation of cyber threat intelligence (CTI) and its applications in information security. The 2019 CTI survey saw an increase in usage of and interest in CTI, along with a diversification in how the intelligence is being used by organizations. While the use of CTI continued to grow, it became evident that there is no one-size-fits-all approach. Organizations leverage different types of CTI to meet different needs.The 2020 Cyber Threat Intelligence (CTI) Survey builds on previous surveys to provide guidance on how organizations of all types can get the most out of CTI. Attendees at this webcast will gain insight into:How consumers and generators of CTI leverage, create and measure intelligenceWhat progress has been made on automation of intelligence collection and processingWhat improvements organizations have realized as a result of using CTIWhich best practices are in use across respondents' organizationsRegister today to be among the first to receive the associated whitepaper written by SANS instructor and CTI expert Robert M. Lee.Click here to register for a panel discussion of the survey results on Thursday, February 13, 2020, at 1PM Eastern. On this webcast, Robert M. Lee and sponsor speakers will explore how these results can improve CTI programs.

Women in Cybersecurity: A SANS Survey

Today, women are entering and rising through the ranks of cybersecurity experts, with more expected to join these ranks in coming years. By the end of 2019, women are expected to represent 20% of the global cybersecurity workforce, up dramatically from 2013, when only 11% of the workforce was female, according to the most recent statistics from Cybersecurity Ventures.At this webcast, survey author, forensic examiner and SANS instructor Heather Mahalik discusses key results of the survey of successful women in varied roles within the cybersecurity community and draws on experiences of such women to provide practical advice to women all along their career life cycle. Attendees will learn about:Directing your career pathGrowing as a manager/leaderInteracting with othersAs an added bonus, Heather will share the advice successful women have provided to those entering the cybersecurity field today.Register today to be among the first to receive the associated whitepaper written by Heather Mahalik.Click here 'to register for a companion webcast to be held at 1 PM ET on Tuesday, March 24, 2020, a panel discussion with survey author Heather Mahalik and selected sponsors that digs more deeply in to the results.

SANS Top New Attacks and Threat Report

As we move into 2020, news reports have been filled with reports of deepfakes, attacks against election systems, quantum computing advances and more. SANS instructors Heather Mahalik, Ed Skoudis and Johannes Ullrich present their analysis of the new attack techniques currently in use that will affect you and share their projections for future exploits in a highly rated keynote presentation moderated by Alan Paller at the annual RSA Conference in San Francisco.In this webcast, SANS Director of Emerging Security Trends John Pescatore will highlight key themes from that report and other sources to provide:Coverage of the top new attacks and threats as defined in that presentationDeeper insight into overall cybersecurity trends on both the offensive and defensive sidesAdvice from SANS on the steps enterprises must take to evolve critical skills, processes and controls to mitigate current and future risksBe among the first to receive the associated whitepaper written by John Pescatore, SANS Director of Emerging Security Trends.

How Are Remote Workers Working? A SANS Poll

Remote work has quickly become the \new normal" with the COVID-19 pandemic. Organizations have been forced to rethink how they will get work done with their employees mandated to stay home. 'How are organizations handling working from home? How well were companies prepared for remote work? How have technological needs changed with this shift? How are teams communicating? How are devices and communications being secured? When a time like this does not allow for the mission to halt, employees and employers have scrambled to keep the work going. 'Ensuring that teams are equipped, communicating, and are safe at home is key during this time.'this webinar, led by Heather Mahalik SANS Senior Instructor, Author and Senior Director of Digital Intelligence at Cellebrite, covers how companies have adjusted to this new landscape as a workforce. How have things changed and how are we coping and keeping the ball rolling forward from home.

How to Protect All Surfaces and Services in the AWS Cloud

Multiple layers of defense are required to protect your AWS environment. The first step is to reduce your overall attack surface to reduce exposure, in ways such as hardening your Amazon EC2 operating systems and configuring your containers. Organizations can then implement tools, such as a cloud security posture management (CSPM) solutions, to monitor and manage risk. In this prerecorded webcast, SANS instructor Dave Shackleford and AWS Marketplace explore best practices and provide practical guidance on how you can secure your entire AWS footprint. They will also present real-world use cases and examples of tools you can leverage to protect your investments. Attendees at this webcast will learn how to:Decrease their attack surface to limit exposureProtect their AWS environment with configuration management, real-time assessment, and access control mechanisms.Implement automation for monitoring and continuous protectionLeverage AWS services and seller solutions in AWS Marketplace to protect AWS services and surfaces Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford.

Closing the Critical Skills Gap for Modern and Effective Security Operations Centers (SOCs): Survey Results

Any successful security operations center (SOC) will combine skilled people, effective processes and efficient technology. Previous SANS surveys have shown that the skills of the people are the prime prerequisite to enable organizations to define critical SOC processes; create use cases, hypotheses and plans; architect effective security solutions; and efficiently deploy, operate and maintain security systems. From that skills base, sophisticated technology and tools can be used as a force multiplier. CISOs and SOC managers who can reduce or close their critical skills gaps have the highest probability of minimizing business impact from cyberattacks when budgets and staffing are constrained. Webcast attendees will learn:Where hiring managers turn when sourcing potential new hiresWhich skill areas are most sought afterWhat technologies employers wish new hires had hands-on experience usingWhich security technologies are perceived as enabling organizations to delay or mitigate the need for additional staff Register today to be among the first to receive the associated whitepaper written by SANS Director of Emerging Security Trends, John Pescatore. Click here'to register for a companion webcast to be held at 1 PM ET on Thursday, July 30, 2020 ' a panel discussion with survey author John Pescatore and selected sponsors that digs more deeply in to the results.

How to Improve Threat Detection and Hunting in the AWS Cloud Using the MITRE ATT&CK Matrix

Understanding adversary tactics and techniques based on real-world observations are critical to building more effective threat detection and hunting capabilities. The context provided by data sources is what enables us to make actionable decisions. Still, it is limited to what raw data inputs we consume, as well as consuming enough of the right data to be able to mitigate, remediate and prevent future adversary activity. However, detecting malicious events is not the final solution to thwarting adversaries. Actions need to be taken, whether they are operational (e.g., stopping a malicious process) or strategic (e.g., securing an environment to prevent the execution of malicious processes). In this webinar, SANS and AWS Marketplace will discuss the exercise of applying the MITRE ATT&CK Matrix to the AWS Cloud. They will also explore how to enhance threat detection and hunting in an AWS environment to maintain a strong security posture. Attendees will learn how to:Apply the MITRE ATT&CK Matrix to classify and understand cloud-based techniquesCreate an effective detection strategy and uncover what data sources are requiredBreak down and recognize detections by security product capabilities and data sourcesLeverage threat intel for improved detectionUse AWS services and third-party solutions to support their threat detection and hunting strategy Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford.

Detecting Malicious Activity in Large Enterprises

Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed. In this webcast, SANS author Matt Bromiley and Chronicle Security's Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:In your current state, how much data are you ingesting/analyzing?How is your team writing detections? What types of metadata points are they looking for?How do you detect threats?Can you effectively scale detections across your data sets?How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant? Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.

The Great Reboot: How Infosec Professionals Can Come Out of This (Extended) Mess Even Better Than Before SANS@Mic

Of course, there are serious problems we are confronting now, and some people and businesses are not doing well. Yet some people and businesses are doing alright, and some are actually thriving.While luck certainly does play a role, what can we do to maximize the probability of coming out of this better than before? Obviously sitting on the couch, watching TV and lamenting what is happening doesn't help, and saying "take care of yourself, stay healthy" and other platitudes only goes so far.This talk covers concrete things you can do to weather the pandemic and thrive, both during and afterwards. Included is a planning template along with the slides so you can make your plan along with Ted.Some of us are taking this as an opportunity to reboot ourselves and our careers and come back better than ever. You should too!

Understanding IEC 62443: An Overview of the Standard, Its Deployment and How to Use Fortinet Products for Compliance

IEC '62443 is the global standard for the security of ICS networks, designed to help organizations reduce the risk of failure and exposure of ICS networks to cyberthreats. The standard demands that security professionals not only understand their organization's hardware and its interactions, but also how to recognize a threat, how to report it and how to respond and to recover. In this webcast, SANS instructor/author Jason Dely and Fortinet representatives Antoine D'Haussy and Aasef Iqbal will explore how the IEC62443 set of standards can provide the guidance to enterprises looking to choose and implement technical security capabilities. They will look at some of the common challenges and how the use of compensating controls can help maintain a layered security across the ICS. Learn how Fortinet's layered solutions may help asset owners and system integrators reach IEC 62443 compliance. Register now and be among the first to receive the associated white papers: \Effective ICS Cybersecurity Using the IEC 62443 Standard" and "Managing ICS Security with IEC 62443".

Herramientas rapidas DFIR para respuesta a incidents y caza de amenazas

Durante una presunta violacion o caza de amenazas, cuando el tiempo es esencial, interrogar y recopilar datos de un host remoto para descubrir la causa de un incidente es la prioridad numero uno. La recopilacion de datos de un host puede no ser algo nuevo, pero ?que hay de escalar esa recopilacion en cien, mil hosts o mas? Durante este webcast, analizaremos las herramientas y tecnicas que le permitiran obtener de forma rapida y eficaz la visibilidad que tanto necesita en los hosts sospechosos o que estan comprometidos. Podra utilizar estas hermientas para utilizar cualquier proceso o servicio, asi como recopilar cualquier cosa de uno o todos esos hosts de forma remota y consecutiva. Acompaneme en este webcast de una hora mientras revisamos las herramientas de respuesta a incidentes y analisis forense digital como KAPE, Kansa y Velociraptor para una clasificacion y recopilacion de datos rapida y escalable durante un incidente.

Cloud Shared Responsibility: A SANS Whitepaper

As the use of cloud computing has grown, so has the concept of the 'shared responsibility model ' for data protection and cybersecurity in general. While not a new concept, the nature of shared security responsibilities has changed with the advent of the cloud. While all cloud providers are wholly responsible for physical security of their data center environments, data center disaster recovery planning, business continuity, and legal and personnel requirements that pertain to security of their operating environments, cloud customers still need to plan for their own disaster recovery and continuity processes, particularly in IaaS clouds where they 're building infrastructure. ' 'If any of this sounds confusing, that's because it is! There are many challenges facing us as the pace of cloud implementation accelerates. There's an enormous amount of complexity with new services and software-defined infrastructure. 'today, there's no doubt at all that the attackers have discovered new attack paths and techniques that target cloud environments. The nature of today's security operations has to change as we move to the cloud. With this webcast, we will discuss the definitive lack of skills in cloud technologies (and security specifically, leading to deficiencies in cloud detection and response workflows), the much faster deployments and changes to keep pace with, and a need for new and better controls to help combat these systemic challenges. To begin figuring out what to do about them, we need a better grounding in exactly who is responsible for what in the cloud, and what kinds of security controls and services are best suited to helping cloud security operations mature and grow. 'Register today to be among the first to receive the associated whitepaper written by SANS analyst, Dave Shackleford.

Building Your Own Kickass Home Lab - SANS@Mic

Building your own home lab is a great way to keep up with the ever-changing IT world. Well, how does one actually go about building a home lab? That's the part that gets more complicated. Do you really need a whole rack full of off-lease servers and some enterprise-grade switches? No! New-ish high-end servers and workstations are surprisingly powerful, capable of mocking up a pretty complicated network, including attacker systems and even incorporating wireless communications. In this talk, Jeff will walk through both the hardware and software stacks he uses and recommends, including a number of ways to incorporate Microsoft software without paying exorbitant licensing fees. Jeff will also outline several lab designs that can be used for a number of scenarios, including defense, offense, and forensics.

Rekt Casino Hack Assessment Transformational Series Weak Security Program, Unprotected Systems, and Poor Detection & Response Part 2 of 4

The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach. The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. It's as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet. ' If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees ' approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. It's not enough to acknowledge that security requires more attention, you also have to act on that knowledge. In this Part 2 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to a security program built to protect data, systems, networks. We will dive into topics such as:Building a strong security programHow best to protect networks, systems, and dataLeading Modern Security InitiativesDetecting and Responding to Attacks Don't wait! Register now for the other webcasts in the series!Part 1: Business Security Strategy, Policies, and Leadership Gone WrongPart 3: Feeble Security Culture Disconnected from Business ObjectivesPart 4: Rekt Casino Hack Assessment Transformational Series: Pulling It All Together

Unpacking the Hype - What You Can (and Can't) Do to Prevent/Detect Software Supply Chain Attacks

It's been almost two months since the software supply chain attack on SolarWinds was discovered. Now that the dust has settled, let's take a look at what happened, what can('t) be done to prevent future software supply chain attacks, and how to detect a supply chain attack in your environment. There will be no snake oil here, just down-to-earth recommendations for increasing security in your environment. Technology will help with the process, but process matters more for detecting these attacks.This webcast and whitepaper will be valuable collateral for those with recalcitrant leadership teams. If you're battling objections such as \we can't just spend our way into software supply chain security by buying another widget," this webcast is for you. Join us to learn industry leading strategies and get your questions answered.Be among the first to receive the associated whitepaper written by Jake Williams.

Tech Tuesday Workshop - Use Terraform to Provision Your Own Cloud-Based Remote Browsing Workstation

Abstract: This workshop will teach you everything you need to know to provision your own Cloud-Based Ubuntu Workstation in AWS for Remote Browsing. Sometimes there are valid security and privacy reasons to use a temporary workstation for potentially malicious websites or to avoid tracking. Prerequisites: Attendees will need an AWS Account and should be comfortable launching an EC2 instance and connecting to it. Here is a tutorial on launching an EC2 virtual machine instance: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html During the session we will briefly cover some basic git commands as well as Terraform basics, including installation. System Requirements:Link to Sign Up for an AWS Account: https://aws.amazon.com/freeTerraform is available for download here: https://www.terraform.io/downloads.htmlUp to date Web BrowserFor a consistent experience, we will be using the new AWS CloudShell.Mac users will need to add RDP capability per https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-mac *Due to the nature of these workshops, many have a capacity limit. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.

Rekt Casino Hack Assessment Operational Series Vulnerability Management Gone Wrong Part 1 of 4

The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personally identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with improperly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to a more mature enterprise risk management approach. The mistake organizations often make is to focus too much on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of current threats. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet. If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, the organizations current approach to protecting company assets, or even attending security related conferences, they would have better understood how critical security has become and how much the threat landscape has grown. Its not enough to acknowledge that security requires more attention, you also have to act on that knowledge. In this webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into how Rekt Casino could have better managed their vulnerabilities and how this would have helped prevent the breach from occurring. We will dive into topics such as: Where Rekt Casino could have done a better job identifying and managing their assets and vulnerabilities Rekt Casinos challenges in analyzing, communicating, and resolving their problems. How establishing and maturing a vulnerability management program would have helped Dont wait! Register now for the other webcasts in the series! Part 2: What?! There are Critical Security Controls We Should Follow? Part 3: Operations Center Ill-equipped and Unprepared Part 4: Rekt Casino Hack Assessment Operational Series: Pulling It All Together

An Interactive Pentest Experience

Finding value in security operations is a primary goal for organizations. Consistent testing of security controls is one way to ensure that solutions are delivering on expectations. However, penetration testing is thought of as an \external" or "hands-off" service performed, often reducing impact and findings to a final report. What if organizations could turn external testing into an interactive experience, they could use to regularly evaluate and increase their security posture? In this webcast, SANS instructor Matt Bromiley describes how Cobalt's "pentest as a service" platform provides a unique, hands-on approach to this traditional security capability. Specifically, Bromiley shares his experiences using Cobalt to:Define assets and schedule penetration tests to achieve results within a matter of days, not weeks.Gain insights into current and previous operations by using detailed key metrics.Work one-on-one with Cobalt's live testers, providing an impactful, interactive experience.Evaluate the results of penetration tests via up-to-date reports purposed for compliance.Create and prioritize actionable steps to quickly remediate vulnerabilities. Register today to be among the first to receive the associated whitepaper written by Matt Bromiley.

Artificial Intelligence Solutions Forum

You will earn 4 CPE credits for attending this virtual event. Forum Format: Virtual Event Overview There is little doubt that we have entered the information age. In recent years, the human race has generated more information than in all previous human history - and the pace of information generation is accelerating. The security industry is no different, our data processing requirements are increasing on a near daily basis. As one example, consider Windows event logs. In Windows Server 2003, there were three event logs: System, Application, and Security. While those event logs remain today, the event log folder now looks like an extended family reunion with 337 total event logs in place. Whatever processes organizations were using to successfully process security related data previously clearly wont scale for today. Organizations need tools that can distill meaning from large data sets that are constantly increasing in size. Organizations that suffer data breaches typically don't suffer from a lack of data, they simply struggle to discover actionable findings in the data. To that end, Artificial Intelligence (AI) and Machine Learning (ML) can help. Example uses for AI/ML include:Discovering anomalous activity (e.g. UBA/UEBA, IDS, etc.)Identifying malicious content (e.g. phishing detection)Discovering previously unseen patterns (e.g. correlating observed network traffic with apparently unrelated service account usage) Renewed focus on supply chain security suggests that organizations will be storing their security data for longer periods as well. The SolarWinds breach was not discovered until victims had been infected for as long as nine months. Simply searching nine months of data for known indicators doesn't require AI or ML. But if you already have the data, why not do more with it? AI and ML hold the keys to unlocking the potential of this data. As the quantity of security data continues to increase, AI and ML solutions hold the promise of delivering actionable recommendations to security professionals. Come learn from our featured vendors how their solutions deliver on the promises of increased security through this fascinating technology.

Tech Tuesday Workshop – Building Out a Hands-On Purple Team Stack, Part 2

As a follow-up of our previous workshop, we will continue building our purple team stack by emulating a number of different techniques and looking at different options for detection. In this particular workshop we will focus on the following topics:Stealing Credentials from LSASSCOM Object HijackingOffice Persistence We will introduce the topics using a short lecture and afterwards get our hands dirty with lab exercises! Prerequisites: Familiarity with Linux and Windows is mandatory System Requirements: Prior to the workshop participants should prepare the following -Download and install the workshop VM: https://sansurl.com/purple-team-stack-workshop-vmInstalled 64-bit host operating systems (Windows is recommended)Download and install VM Workstation Pro 15.5 or higher, VMware Fusion 11.5 or higher, or VMware Workstation Player 15.5 or higher versions on your system prior to the start of the workshopAdobe Acrobat or other PDF readerImportant! An AWS account is required to do hands-on exercises during the workshop. The AWS account must be created prior to the workshop.A credit card should be linked to the AWS account that was created. Estimated usage costs for the AWS account during the workshop are a maximum of $10. For detailed instructions on these preparation steps, please refer to the following URL: https://sansurl.com/purple-team-stack-workshop-readme * Please note that this WILL NOT be recorded. Due to the nature of these workshops, many have a capacity limit and will not be made available for archive. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.

SANS Attack Surface Management Virtual Conference

You will earn 6 CPE credits for attending this virtual event. Forum Format: Virtual - US Eastern Event Overview Designed for security leaders tasked with managing a growing attack surface, the SANS Attack Surface Management Virtual Conference will take place on April 14, 2021 as a virtual event. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the operational challenges associated with work-from-home transitions, cloud migrations, M&A, shadow IT and the rise of ransomware attacks. Attendees will gain valuable lessons on how to operationalize attack surface management in order to improve their threat intelligence, vulnerability management and offensive security programs.Agenda 10:30 - 10:35 AM EDT - Event Welcome Dave Cowen, @HECFBlog, Forum Chair, SANS Institute, @SANSInstitute 10:35 - 11:05 AM EDT - Defending Forward in Today's Exposed World David "Moose" Wolpoff, @HexadeciMoose, CTO, CO-Founder, Randori, @RandoriSecurity Dan MacDonnell, Retired Rear Admiral, Former Deputy Chief NSA/CSS, Randori, @RandoriSecurity Whether we like it or not, organizations today are on the front lines of an ongoing and growing geopolitical cyberwar. We need look no further than Solarwinds for proof. In this session, former Deputy NSA Chief Rear Admiral Dan MacDonnell and Randori Co-Founder & CTO David Wolpoff will take attendees on a behind the scenes'look into forces driving today's cyber landscape and what they tell us about the future of security. Attendees will leave with a firm understanding of the macro-forces driving today's cyberwar, clarity into why today's approaches won't cut it tomorrow, and why it's essential organizations defend forward - adopting proactive strategies that leverage the attacker's perspective to anticipate threats and test resiliency. 11:05 - 11:35 AM EDT - Getting on Target: Looking at Your Attack Surface Like An Attacker Aaron Portnoy, @aaronportnoy, Principal Scientist, Randori, @RandoriSecurity Fundamental to the rise of attack surface management is a growing recognition that attackers see the world differently. In this session, Aaron Portnoy, Principal Scientist at Randori will break down why that is the case and how red teams, like the Randori Attack Team, can often come to dramatically different conclusions than security teams about an asset - even when both are looking at the same information. He will look at real examples taken from customer environments and break down some of the ways he's see security teams adopting the attacker's perspective to reduce noise, prioritize risk and get on target faster. 11:35 AM - 12:05 PM EDT - Hunting Threat Actors with Attack Surface Management Kyle Howson, Cyber Security Operations Centre Specialist, Air Canada, @AirCanada Dan Pistelli, Security Solutions Engineer, LogicHub, @Logichubhq With a third of successful breaches now originating with unmanaged or unknown assets, understanding your attack surface and being able to prioritize new risks as they emerge has never been more essential. In this session, Air Canada's Kyle Howson and LogicHub's Dan Pistelli will break down how Air Canada is 'integrating the attacker's perspective into their asset, vulnerability, and threat management workflows through LogicHub to hunt for APTs and quickly find, prioritize, and act upon issues as they are discovered. In this session, Kyle and Dan will walk through tangible examples and break down how attendees can replicate these actions in their organization, by:Establishing an external source of truth for threat prioritization between Security and ITIncreasing the efficiency of remediation efforts by combining threat intelligence with real time visibility into their attack surfaceIdentifying process failures and shadow IT that poses categorical risks.Leveraging the attacker's perspective to turn threat data into actionable narratives both executives and practitioners can agree-on.Saving time and money by focusing teams on the specific threats that pose the greatest risk to Air Canada. 12:05 - 12:15 PM EDT - Randori Attack Platform See how Randori Recon empowers enterprise organizations to understand their attack surface in order to identify blindspots, process failures and dangerous misconfigurations. 12:15 - 12:45 PM EDT - Evaluating Attack Surface Management Tools Pierre Lidome, @texaquila, SANS Instructor and Cyber Hunter, SANS Institute, @SANSInstitute Attack surface management (ASM) is an emerging category that aims to help organizations address these challenges by providing a continuous perspective of an organization's external attack surface. In this session, SANS course author Pierre Lidome will provide an overview of Attack Surface Management, the key use-cases and 'benefits and limitations of today's solutions. Based off his research developing the SANS Guide to Evaluating Attack Surface Management, Pierre will also provide attendees with 'actionable guidance they can use 'when crafting RFPs and PoCs for ASM projects. 12:45 - 12:55 PM EDT - Randori Attack Platform See how Randori Recon empowers enterprise organizations to understand their attack surface in order to identify blindspots, process failures and dangerous misconfigurations. 12:55 - 1:25 PM EDT - Top IOT/OT Security Attack Vectors Eric McIntyre, @pwnpnw, Director of Research and Development, Randori, @RandoriSecurity Phil Neray, Director of Azure IoT & Industrial Cybersecurity, Microsoft, @Microsoft IoT and OT devices are now everywhere, helping individuals and businesses collect real-time data and automate tasks for greater productivity and efficiency. This is increasingly true in enterprises, as workers rely on a diverse set of smart devices to get their work done. These devices are often unpatched, unmanaged, and invisible to IT and OT teams ' making them soft targets for adversaries seeking to gain access to corporate networks in order to steal sensitive intellectual property or deploy ransomware. In this talk, join Phil Neray from Microsoft and Randori's Eric McIntyre for a look into the top IT and OT Attack Vectors and how organizations are using ASM to reduce their exposure. 1:25 - 2:15 PM EDT - Fireside Chat: Exchanging Zero Days - Where Do We Go From Here? Moderator - Joseph Menn Panelists: Window Snyder, @window, former CISO at Square, Square, @Square Richard Puckett, CISO, SAP, @SAP Stewart Baker, Former General Counsel of NSA David "Moose" Wolpoff, @HexadeciMoose, CTO and CO-Founder, Randori, @RandoriSecurity SolarWinds and Microsoft Exchange were not the first, and they won't be the last, major cyber attacks to leverage zero days to infect tens of thousands of organizations. In this session - attendees will hear from a panel of leading experts from the commercial and public sector on how they see our approaches to security evolving post these two seismic supply chain attacks. Topics discussed will include - what role policies/regulations can play in reducing cyber risk? How can we as a society work together to build more resilient systems? And what role active defense, or "Defending Forward," has in the future of security. 2:15 - 2:25 PM EDT - Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World Joseph Menn, Reuters Cybersecurity Journalist and author Cult of the Dead Cow is the tale of the oldest, most respected, and most famous American hacking group of all time. Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone. 2:25 - 2:30 PM EDT - Wrap-up

Tech Tuesday Workshop Cobalt Strike Detection via Log Analysis

Cobalt Strike has become the attack tool of choice among enlightened global threat actors, making an appearance in almost every recent major hack. Cobalt Strike is an extremely capable and stealthy tool suite, but log analysis can level the playing field, providing many opportunities for detection. This workshop will leverage data sourced from SANS FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics to provide insight into how Cobalt Strike operates and how to detect many of its characteristics via endpoint logs. Whether you are just starting out in threat hunting or a FOR508 alumni, there will be something for everyone in this new workshop! Prerequisites: Participants will need a system running the Windows operating system to perform Windows event log analysis (virtual machines are okay).While logs will be provided in CSV format for attendees without access to Windows, your experience will be greatly diminished without native access to Windows logging libraries. Some familiarity with Windows event log is desirable. System Requirements: Prior to the workshop, participants should prepare the following:A host or virtual machine running a Windows 64-bit operating system (Win7-Win10)Download and install Event Log Explorer 'https://eventlogxp.com/download.phpDownload and install Microsoft Sysinternals Sysmon: 'https://docs.microsoft.com/en-us/sysinternals/downloads/sysmonInstall a tool capable of viewing and filtering CSV files (this is particularly important for attendees who do not have a system running the Windows OS) Lab materials should be downloaded here: https://sansurl.com/cobalt-strike-workshop-labs/ An optional final part of the workshop will include working with Cobalt Strike beacon malware. Examples will be given using SANS Linux-based SIFT virtual machine available here: https://digital-forensics.sans.org/community/downloads *Please note: Due to the nature of these workshops, many have a capacity limit, so to help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.

Ransoming Critical Infrastructure - Emergency Webcast

As ransomware attacks continue to impact organizations around the world, and with recent events like the colonial pipeline impacts, we are seeing more and more attacks that have an adjacent or direct impact on Operational Technology environments. As ransomware attacks continue to rise, how should companies think about the cyber to physical impacts to their OT environments? Organizations responsible for operating and maintaining critical infrastructure environments need to consider the steps they should be pursuing right now before a potential attack occurs, establish and implement procedures on how or if they should operate their systems during an attack, and what actions need to be taken after an attack. Tim Conway & Jeff Shearer will discuss how organizations responsible for operating & maintaining critical infrastructure environments need to consider the following: Steps to pursue before a potential attack Procedures to implement during an attack Actions necessary to take after an attack

Not in Cyber Security? No Problem! Creative Ways to Gain Experience With No Experience

Calling everyone who wants to join the amazing cyber security industry. In this webinar, we are going to tackle what you can do outside of your normal day to day work responsibilities to gain experience that future cyber security employers love. We will also cover some ways for you to gain some foundational experience to help build your future cyber chops. The resources are there for you and Kevin will walk through examples to get yourself prime for your next cyber dream role.Don't wait! Register now for the other webcasts in the HR + Cybersecurity! Skilling the Gap: Creative Ways to Recruit Top Cyber TalentKnowing Your Applicants: How to Stay Current to Best Assess Your Cyber ApplicantsSlow the Revolving Door of Talent: Creative Ways to Keep Your Existing Cyber Talent in Your OrganizationTransition to Cyber Security From a Non-Cyber Role: Creative Ways to Impress to Land Your Dream Cyber Role

Roses are Red, Violets are Blue, PenTera is Purple and We're Here to Hack You

We are all aware of the age old Blue Team vs Red Team blame game. We provide a solution that allows these frenemies to finally unite. Introducing your new best friend, PenTera, the award winning security validation platform supplying unity and bringing these teams together, operating as independent entities to run assessments, validate detections and allow Purple Teams an efficient roadmap to remediation.Purple Team Summit & Training 2021 - Live Online Free Summit: May 24-25 | Courses: May 17-22 & May 26-28 Summit Chairs: Jorge Orchilles & Erik Van Buggenhout | Summit CPE Credits: 12 Red Teams emulate real-world attacks that help an organization understand where vulnerabilities exist, while Blue Teams are responsible for identifying and mitigating vulnerabilities, as well as improving detection and prevention. Effective collaboration between these two teams, who have traditionally worked in separate silos, is essential for any security program looking to strengthen its security posture. To stay ahead of attacks and maximize the value of Red and Blue Teams, high-impact organizations utilize purple team tactics and adversary emulation.

Secure the Sauce Scavenger Hunt

Planning for Cybersecurity Awareness Month has never been easier than with this Scavenger Hunt designed to highlight key security awareness topics for your employees.

What's New with the CIS Controls v8

This session will describe the differences between version 7.1 and version 8 of the Center for Internet Security Twenty Critical Security Controls. This major rewrite of the twenty CSCs reflects core changes in today\'s computing and infrastructure environments.

Expanding the Security Toolkit

Attackers and defenders both have vast toolboxes. In observing thousands upon thousands of breaches, we have seen threat actors use their toolkits extensively to achieve their objectives. Meanwhile, however, defenders tend to become dependent on only one tool or source of telemetry, seldom using everything available to them. Detecting today's threats cannot be done with a single source of evidence. Furthermore, threat actors are increasingly defense-aware, employing evasive countermeasures when necessary. The security industry has turned to MITRE's ATT&CK Matrix to quantify and catalog threat actors and their TTPs. Used by SOCs and toolsets worldwide, ATT&CK provides a way to share threat data and test defenses. However, when mapping to techniques in ATT&CK, visibility is crucial, and more than one data source is necessary. Becoming effective at detecting and stopping threats requires SOCs to expand their understanding of their environment. In this webcast, SANS instructor and IR expert Matt Bromiley and Elastic's Principal Product Marketing Manager James Spiteri look at bringing multiple data sets together to build better detections. Using MITRE ATT&CK as your library, learn how to document threat actor techniques and create a taxonomy for implementing effective detections. Be among the first to receive the associated whitepaper (https://www.sans.org/reading-room/whitepapers/analyst/expanding-security-toolbox-40350) written by Matt Bromiley.

OT Network Visibility and Detective Controls in a NERC CIP World

NERC CIP is complicated. Integrating solutions into your CIP program is complex. Demonstrating compliance in a zero-deficiency regulatory sector is challenging. Going beyond compliance in pursuit of expanded cybersecurity capabilities and innovative emerging solutions in ICS environments can be confusing. How do you determine the most appropriate operation technology solutions for your NERC CIP program? Are there unique operating models that make certain solutions better than others? In this webcast, SANS Instructor Tim Conway and Dragos Cyber Risk Advisor Jason Christopher look at the NERC CIP standards and explore how to balance technology implementations for resilient operations, cybersecurity, and compliance benefits. Attendees will learn how to integrate solutions into their CIP programs that help drive detection and incident response actions. Be among the first to receive the associated whitepaper written by Tim Conway.

ICS Threat Landscape Update: Active Cyber Defense for Industrial Control Systems

The presentation draws attention to practical threat detection and incident response in industrial control system environments, by dissecting advanced ICS adversary threat capabilities in recent attack campaigns. A focus of the webcast is on ICS adversary Tactics Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs). Dean will illustrate why the cyber weapons and the techniques used in modern attacks may be more important than adversary attribution for tactical ICS incident response. 개요 이 프레젠테이션은 최근 공격 유형들(campaigns)중에서 고급 산업 제어 시스템 (ICS)의 적대적 위협 가능성들(adversary threat capabilities)을 심층 분석하여 산업제어시스템 환경 속에서 일어날 실질적 위협을 감지하고 발생한 사고에 대응하는 것에 초점을 맞추고 있습니다. 이 웹 캐스트에서는 산업 제어 시스템의 공격자 전략과 전술, 그리고 그 과정(Adversary TTPs) 및 침해 지표 (IoCs)에 집중하여 설명 할 것입니다. 강사 Dean은 전술적 산업제어시스템의 사고 대응을 위해 왜 최근 공격에 활용되는 사이버 무기와 기술들이 적대적 속성(adversary attribute)보다 더 중요한지 그 이유를 설명 할 것입니다.

Cyber42 Game Day: Industrial Edition

Cyber42: Industrial Edition will put you through the paces as an industrial control system (ICS) security manager as players adapt to challenges in operational technology (OT) environments. Unlike traditional IT networks, industrial equipment is designed to impact the physical world and require special considerations when deploying security technologies. As threats continue to rise targeting these networks, many of which are vital for critical infrastructure (like power, water, and energy), it is more important than ever to understand the impacts on ICS due to a cyber security event and to invest in resilience and security that promotes both reliability and safety. Players will step into the world of Cyber42: Industrial Edition, which is being developed for the upcoming ICS418: ICS Security Essentials for Managers, and address real-world industrial cyber threats from the comfort of their own home! This Game Day will focus on balancing security program improvements that impact engineers, operations, and customers all while considering the various technical and cultural implications of an OT security program. In this simulation, you will compete for the high score across other ICS managers facing the same dilemma: How to protect industrial equipment from shut downs, failure, damage, or worse! Do you have what it takes? Find out by playing the game with us! Important Notes: Cyber42 Game Days utilize three platforms:Webcast to view presenters slides throughout the gameLog into the webcast via your SANS Portal AccountSlack to interact with other players, leaders, and SANS Staff for supportLog in information and directions to be provided a week before Game Day (and at Game Day)Cyber42 Web App online gameDirections to join will be provided at Game Day

Combating Insider Threats with People, Processes, and AI-based Technology

Insider threats are some of the more difficult threats to detect from both a human and technology perspective. Understanding the problem, risks, and methods to prevent insider threats is the first step in ensuring this toxic risk does not affect your organization. Join SANS Senior Instructor Heather Mahalik, and BlackBerry VPs Pooja Kohli (Product Management), and Tony Lee (Global Services Technical Operations) to learn how insider threats and insider risk can be stopped before they begin by implementing AI-based behavior analytics software, such as BlackBerry Persona, to work alongside your defenders. Be among the first to receive the associated whitepaper written by Heather Mahalik.

Apple CVE-2021-30860（FORCEDENTRY）について知っておくべきこと

タイトル：Apple CVE-2021-30860（FORCEDENTRY）について知っておくべきこと日時：9月24日(金) 午前11時(日本時間)スピーカー：Christopher Crowley AppleはCVE-2021-30860のゼロデイ脆弱性を公開、最新OSをリリースしました。iPhone iOS 14.8、macOS Big Sur 11.6、Security Update 2021-005 Catalina、Apple Watch watchOS 7.6.2への速やかなアップデートが必要です。 実際に脆弱性が悪用され、悪意のあるコードが実行された事例も報告されています。iOSやMacOSに対するこのゼロデイ攻撃からユーザーや情報システムを守るために、今すべきことを説明します。この脆弱性の影響を受けているかどうかを確認するための方法や脆弱性についての技術的な情報、Citizen Labsが進めている脅威分析などについても紹介します。 SANS シニアインストラクターであるChrisは、ネットワークセキュリティおよび管理を15年に渡り続けてきました。SANSでも数多くのコースを開発し、SOC構築の第一人者としても知られています。現在はワシントンDCでコンサルタントとして効果的なコンピュータネットワーク防御などを担当しています。ペネトレーションテストやセキュリティオペレーション、インシデントレスポンスやフォレンジック分析などの業務経験もあります。

Siaran Web Penting SANS: What you Need to Know about CVE-2021-30860 aka FORCEDENTRY

Siaran Web Penting SANS: What you Need to Know about CVE-2021-30860 aka FORCEDENTRYJumat, 24 Sep 2021 9:00AM WIBChris Crowley Apple merilis CVE-2021-30860 dengan menyebutkan: semua versi iPhone iOS sebelum 14.8; versi macOS sebelum OSX Big Sur 11.6, Pembaruan Keamanan 2021-005 Catalina, dan Apple Watch sebelum watchOS versi 7.6.2 menjadi target yang saat ini aktif di eksploitasi. Kami akan membahas hal-hal yang harus segera Anda lakukan untuk melindungi pengguna dan sistem informasi Anda dari eksploitasi zero-day ini terhadap iOS dan MacOS. Kami akan membahas hasil temuan tersebut. Kami akan memberikan indikator tentang apa yang harus dicari untuk mengetahui apakah perangkat Anda telah terdampak oleh kerentanan ini, informasi terbatas tentang detail kerentanan, dan Threat attribution yang telah dikembangkan oleh Citizen Labs. Christopher Crowley, Instruktur Senior SANS, memiliki 15 tahun pengalaman mengelola dan mengamankan jaringan. Dia telah menulis banyak kursus dan merupakan salah satu ahli dalam membangun SOC yang efektif. Saat ini, dia bekerja sebagai konsultan independen di wilayah Washington, DC dan fokus dalam mengembangkan computer network defense yang efektif. Pengalamannya meliputi penetration testing, security operation, incident response, dan forensic analysis.

Adapting detection and response strategies in the cloud

Cloud systems are dynamic, with rapid workload changes to ensure availability, scalability, and cost optimization. Traditional security tools, such as endpoint, network, and event management, find difficulties monitoring changes and addressing vulnerabilities in cloud environments and the changing security landscape. As a result, organizations should consider updated strategies and mechanisms that are proactive, agile, and can effectively mitigate cloud security risks.

The Encryption and Password Hashing Recipe (with a little salt).

The Encryption and Password Hashing Recipe (with a little salt). Waktu: Jumat, 1 Oktober 2021Menampilkan Pembicara: Bryan Simon Dalam webcast selama satu jam ini, kami akan memberikan pengantar singkat tentang berbagai ystem kriptografi dalam penggunaan modern serta membahas miskonsepsi seputar kriptografi yang mengakibatkan implementasi yang salah. Setiap diskusi tentang keamanan informasi modern tidak akan lengkap tanpa pertimbangan tentang cloud computing dan oleh karena itu presentasi ini akan ditutup dengan contoh tentang keunggulan yang dapat diberikan cloud computing kepada kita dalam hal password hashing. Bryan Simon adalah seorang Instruktur Utama SANS dan penulis utama dari SEC401: Security Essentials: Network, Endpoint, and Cloud, serta seorang ahli keamanan siber yang dikenal di dunia internasional sejak tahun 1991. Saat ini ia menjabat sebagai presiden dan CEO dari Xploit Security Inc, suatu perusahaan yang menyediakan nasihat dari ahli, panduan, dan inteligen yang dapat ditindaklanjuti bagi semua sektor umum dan swasta. Selama perjalanan kariernya, Bryan telah menempati berbagai posisi teknis dan manajerial dalam sektor pendidikan, lingkungan hidup, akunting, dan jasa keuangan. Ia rutin menyampaikan berbagai materi di berbagai konferensi internasional dan dengan pers tentang keamanan siber. Bryan mengajar berbagai siswa yang berasal dari berbagai organisasi seperti FBI, NATO, dan PBB dalam berbagai topik seputar keamanan siber di tiga benua.

Core NetWars Tournament 7 - Walmart Oct. 2021

Once you have signed up, you will need to proceed to your Account Dashboard in order to complete registration for the game.

Cyber Solutions Fest 2021: Level Cloud Security

You are entering Level Cloud Security at the SANS Cyber Solutions Fest 2021. This full-day session, led by SANS cloud expert Shaun McCullough, will explore innovative cybersecurity solutions that can help security teams adapt to cloud deployments in areas such as network security, threat intelligence, container and serverless security, and many more. The focus we need to look at is what comes next in Cloud Security?

Tech Tuesday Workshop – Cloud Attacks and Incident Response

Attackers evolve to exploit new opportunities, including attacks against cloud systems. As defenders, we also need to evolve, developing new skills and understanding in how attackers exploit cloud platforms, and how we should respond to these incidents.

Data Security Solutions Forum

To be effective, data protection has to be everywhere, from the server to the endpoint, at the office and at home, throughout the cloud and across the web. A company's system must be able to detect data leakage from any path, quickly apply real-time data protection policies, automate incident workflows, and alert the IT team as needed for further investigation. Having an effective understanding of how and where a company's data is stored is essential when trying to protect it. Data stored across multiple devices and cloud services need to be discovered and categorized according to sensitivity and accessibility. The data that a company creates, collects, stores, and exchanges is a valuable asset. Safeguarding it from corruption and unauthorized access by internal or external people protects a company from financial loss, reputation damage, consumer confidence breakdown, and brand erosion. Furthermore, government and industry regulation around data security make it imperative that a company achieve and maintain compliance with these rules wherever you do business.

How to Mitigate Dangerous Web Application Vulnerabilities with Security Awareness Training

Application security is quickly becoming a growing concern for many organizations. But relatively fewer resources are spent preventing the application-specific security bugs that create dangerous vulnerabilities. Effectively reducing human risk across the organization requires dedicated training paths to teach the entire team involved in your development cycles.

SANS 2021 Ransomware Detection and Incident Response Report

Ransomware attacks have become some of the most prolific and public intrusions over recent years. Within a matter of hours, organizations can go from normal operations to having an inoperable network and being extorted for tens of millions of dollars. On this webcast, SANS instructor and author Matt Bromiley, as well as sponsor representatives, will share their thoughts on modern detection and response techniques for ransomware breaches.

Your Extra Layer of Security: Getting to Zero Trust Network Access

Maintaining trust in a network has become an enormous challenge due to: an increasingly sophisticated cyber threat landscape an expanding digital infrastructurea mushrooming cybersecurity skills gap, and an increased need to secure remote work In addition, the growing remote workforce needs to access both cloud-based and on-premises infrastructures. Zero trust network access needs to include controls and policies for network segmentation, endpoint security, identity and access management—and lead the way into a modern extended detection and response (XDR) model of security operations, as well.

How SMBs Can Benefit from the Security Protections of Windows 11

Small-to-medium businesses (SMBs) often operate with limited security budgets. Consequently, they need to take advantage of any built-in security features of programs they already use to maximize their protections.

산업 제어시스템(ICS) 직접 체험하기!

SANS의 산업 제어시스템(ICS) 코스의 저자이며 국제적으로 유명한 Tim Conway와 Jeff Shearer이 핵심 인프라 및 프로세스 환경에서 근무하는 사이버보안 실무자들이 ICS 환경을 보호하고 위협 및 취약점 식별 방법을 익혀야 함에 있어 실무 경험과 전문 교육의 중요성에 대해 설명합니다. Jeff와 Tim은 ICS 환경을 지원하고 작업하는 모든 실무자님들이 접하게 될 공통 요소 및 자산 유형과 ICS 전문가들이 추구해야 하는 다양한 지식 영역에 대해 논의하고자 합니다.

Menguasai Industrial Control Systems

Bergabunglah dengan para pakar global terkemuka dan instruktur pelatihan SANS ICS, Tim Conway dan Jeff Shearer, yang akan membahas perlunya pengalaman langsung dan pelatihan terfokus bagi praktisi keamanan siber yang bekerja di sektor infrastruktur vital dan lingkungan processing untuk mengidentifikasi ancaman dan kerentanan serta metode untuk mengamankan lingkungan ICS.

産業用制御システム(ICS)で手を動かそう

SANSのICSに関するコースを開発しているTim ConwayとJeff ShearerによるWebcastを開催します。TimとJeffは重要インフラやプロセス環境に携わるサイバーセキュリティ人材の実践的な経験や集中的なトレーニングの必要性について議論します。ICSの環境で働いていたり、サポートしたりしている方が関わる一般的な要素と資産の種類や、このコミュニティにいる専門家が知っておくべき様々な知識に関して説明します。

การลงมือปฏิบัติจริงกับ Industrial Control Systems

ความจำเป็นของประสบการณ์ที่ได้จากการลงมือปฏิบัติงานจริง และการฝึกอบรมแบบเจาะจงหัวข้อสำหรับผู้ที่ทำงานในสาย Cybersecurity ที่ต้องทำงานเกี่ยวกับ Critical Infrastructure การระบุภัยคุกคาม และข้อบกพร่องของระบบ กระบวนการทำให้ ICS ปลอดภัย Tim และ Jeff จะอภิปรายเกี่ยวกับ องค์ประกอบพื้นฐานของ ICS และชนิดของอุปกรณ์ที่จะพบกับใน ICS และระบบสนับสนุน

緊急Webcast:ウクライナにおけるロシアからの サイバー攻撃の拡大について 知っておくべきこと!

2月22日（火）に米国国土安全保障省は、あらゆる組織がロシアからのサイバーリスクにさらされていると警告しました。この警告は、ロシアによるウクライナの侵攻がエスカレートしていることを受けて発表されたもので、サイバー攻撃だけではなく地上での攻撃も含まれます

Urgent Webcast: Russian Cyber Attack Escalation in Ukraine - What You Need To Know!

This urgent webcast will give an overview of current Russian Threat Actor capabilities, discuss critical infrastructure attacks on Ukraine, and possible escalation spillover into the EU and/or the United States.

2021 ICS/OT Year in Review Executive Briefing

The ICS/OT community has long suffered from a lack of insight into cyber threats, vulnerabilities, and incident response observations. The annual Dragos ICS/OT Year in Review reports on how the community is performing and surfaces areas of improvement needed to provide safe and reliable operations.

การสร้างแผนรักษาความมั่นคงปลอดภัยคลาวด์ที่ใช้งานได้จริงในปี 2022

ผู้นำการรักษาความมั่นคงปลอดภัยคลาวด์จำเป็นต้องจัดการความท้าทายทั้งหลายเพื่อบรรลุหลักไมล์สำคัญในแผนการรักษาความมั่นคงปลอดภัยคลาวด์ของพวกเขา ในการบรรยายที่กระตุ้นความคิดครั้งนี้ Ashish Rajan (วิทยากร SANS และผู้ดำเนินรายการ Cloud Security Podcast) จะแนะนำสิ่งสำคัญที่สุดในการสร้างแผนการรักษาความมั่นคงปลอดภัยคลาวด์ รวมทั้งกระแสที่ติดอับดับต้น ๆ ในใจของมืออาชีพด้านการรักษาความมั่นคงปลอดภัยคลาวด์ในปี 2022 จบท้ายด้วยเรื่องราวและบทเรียน (ซึ่งบางครั้งก็เจ็บปวด) สำหรับสิ่งที่ไม่ควรทำในคลาวด์ เว็บคาสนี้จะให้ข้อมูลเชิงลึกกับผู้นำการรักษาความมั่นคงปลอดภัยซึ่งกำลังสร้างความสามารถของคลาวด์

SANS Protects: File Storage

This SANS Protects webcast will examine current, prevalent threats to file storage solutions, how adversaries abuse them, and steps your organization can take to mitigate these threats—including actionable mitigation tips and tricks that you can implement to strengthen your security posture.

Flying low - a look at some sophisticated and stealthy attacks

It is no surprise that in last few years we are witnessing a number of attacks that are slowly becoming more sophisticated and stealthier. While there will always be opportunistic attackers that are simply going for the low hanging fruit (and they will always be the majority), we started observing dedicated attackers who want to remain as stealth as possible.

Pertahanan Keamanan Tanpa Server

Saat mengalihkan beban kerja ke cloud, data peristiwa (khususnya manajemen peristiwa) akan berubah menjadi format baru yang perlu diidentifikasi, disimpan, dan diproses oleh tim keamanan untuk mengidentifikasi adanya potensi ancaman. Diskusi kali ini dimulai dengan membahas siklus hidup peristiwa management plane secara keseluruhan di lingkungan cloud. Hal ini akan membantu kita mengidentifikasi ancaman yang menargetkan sumber daya cloud dengan lebih efektif. Namun, respons apa yang harus diambil? Hingga saat ini, banyak tim yang mengandalkan tim analis keamanan dan tim respons insiden untuk mengidentifikasi dan bereaksi terhadap ancaman yang teridentifikasi di antara sejumlah besar log data.

SANS Protects: The Endpoint

This SANS Protects webcast will examine threats to one of the most sizable assets of any organization: the endpoint. Endpoints are necessary for employees to complete their work, but they also represent constant challenges for information security teams and a large attack surface. This webcast will examine current, prevalent endpoints threats and how adversaries use them to gain footholds in, and take advantage of, victim environments.