MDR combines software and human expertise to better respond to attacks, across endpoints and other vectors. In this webcast, join SANS Analyst Dave Shackleford and Red Canary’s Robert Adams as they explore Red Canary MDR as a solution to record alerts, detect and investigate threats, and respond quickly for effective remediation. Red Canary is an all-in-one solution that facilitates: Expanded visibility Evolving detection Alert managemen...

We’ve all seen the headlines, but why is ransomware so pervasive? And are you prepared? As it’s not really a matter of if it will happen, but when. Modern ransomware is not like ransomware of the past - it has evolved to highly targeted attacks by threat actors who are business-minded, focused solely on the big payday. In fact, it’s not even ransomware until it’s too late to prevent significant business impact. The good...

All 16 critical infrastructure sectors, including energy, critical manufacturing, water, and wastewater management facilities, and even cookie factories can benefit from a strengthened cybersecurity defense in today’s Industrial Control System (ICS) cyber threat climate. Active cyber defense starts with knowing what you have in order to apply appropriate and prioritized protections. Establishing a solid ICS asset inventory is essential t...

In the 1990s government agencies, industry groups, and cybersecurity researchers started creating cybersecurity standards and these standards led to cybersecurity regulations and laws that dictate to organizations what they must do to protect their data. Today, there are now dozens of standards that organizations can consider when building their cybersecurity plans and more are released every year. To make the problem even more challenging, no...

This year's Vulnerability Management Survey highlights some of the trends in vulnerability management based on the data we have gathered over the past two years. This webcast explores the results of our 2021 Vulnerability Management Survey, which examines key issues such as: How organizations are discovering different types of vulnerabilities Who is responsible for the different processes related to vulnerability management How organizations a...

Building and deploying modern systems in a highly regulated cloud environment is challenging. In this session, we will explore the DoD Cloud Computing Security Requirements Guide (SRG), key FedRAMP Security Controls, and key lessons learned. Regulators impose requirements that are meant to be applied in a traditional on-premise environment, which requires unique design decisions in cloud-native environments. In this session, we will explore th...

In order to interact with a real domain controller, Mimikatz can spoof a Windows domain controller, and read information from or write information to active directory. Mimikatz's DCSync command is used to read information: typically, it is used to dump credentials from active directory. And the DCShadow command is used to write information: for example, modify the primary group of an account to a group with higher privileges. The use of these...

Adversaries are launching attacks that easily hide in plain sight, often by evading limited visibility defenses, living off the land, or finding coverage gaps in enterprise monitoring. Furthermore, adversaries are launching more and more “large scale” attacks, such as multi-million-dollar ransoms or integrity- and reputation-threatening data breaches. Defenders must constantly find ways to “level up” their defenses and...

As IT and security teams struggle to manage a complex sprawl of devices, users, cloud services, and software, there's one certainty we can rely on (thanks to the second law of thermodynamics): things will only get more complex. But there's good news! What we previously thought of as "asset management" has evolved. Today, we have “asset intelligence”, which moves from a spreadsheet approach — focused on getting an inventory of...

This year's SANS Security Operations (SOC) Survey focused on changes in budgets and the impact of the explosion of both remote work and cloud-based systems on critical SOC functions and team operations. On this webcast, sponsor representatives will join the survey authors fo