Data can end up in the unlikeliest of places, even for those organizations that have developed formal data governance policies and implemented technical controls to (try to) keep data in central data stores. Especially troublesome is data stored and worked with on user endpoints—workstations, laptops, devices—such as original unstructured files or containing data extracted from structured data sources. With this survey, SANS is see...

The Open-Source Intelligence (OSINT) Summit will bring together OSINT practitioners, investigators, and enthusiasts alike to share their OSINT techniques and tools. As an attendee, you will learn current, real-world methods from others in the OSINT community who collect information across the Internet, analyze the results, and utilize key data to reach their objectives. The OSINT Summit will explore the following topics: Capturing, recording,...

Asset and inventory control solutions are difficult to build and maintain. Many organizations spend lots of time, effort, and resources to get ahold of their inventory of assets, but few are able to effectively leverage their asset inventory data to enrich security operations. Snowflake’s IT and Security teams leverage ServiceNow asset data to create data models and join them to other sources of truth within Snowflake itself. In this web...

It appears that every few months, there's news of yet another cloud breach stemming from a carelessly configured cloud storage solution. While this isn't the default for most cloud vendors, some users still manage to make their cloud data publicly accessible by going out of their way - sometimes to a significant extent. Whether it's out of ignorance or convenience, it doesn't matter - this practice must come to an end. To address this issue, w...

The increasing reliance on cloud computing has driven the need for efficient and secure IT environments, necessitating the development of robust engineering skills across various domains. This keynote speech will explore the world of cloud investigations, focusing on the critical intersection of data engineering, infrastructure as code (IaC), and Continuous Integration/Continuous Deployment (CI/CD) pipelines. Attendees will learn about the lat...

The “cat-and-mouse” game between Attackers and Defenders is as old as the LoveLetter virus. While script-kiddies have matured to become cybercriminals, hacktivists, and state-sponsored adversaries, sometimes it feels like the Defenders are stuck in 1999. We deploy anti-virus solutions, monitor the perimeter, and wait and see. Yes, today’s security technology is “Next Gen,” “2.0,” and “Meta,...

Why are ransomware attacks so prevalent?It's because they're effective and profitable for adversaries. We have all heard the horror stories of bad actors gaining access and deploying ransomware on an organization's network, encrypting their data, and then demanding payment to regain access to their systems. The victim organizations are often unprepared and unable to deal with a ransomware attack, leading to severe financial and operational dam...

Connect the dots with OSINT The Open-Source Intelligence (OSINT) Summit will bring together OSINT practitioners, investigators, and enthusiasts alike to share their OSINT techniques and tools. As an attendee, you will learn current, real-world methods from others in the OSINT community who collect information across the Internet, analyze the results, and utilize key data to reach their objectives. The OSINT Summit will explore the following to...

Protecting critical infrastructure through Operational Technology (OT)/Industrial Control System (ICS) cyber defense is an ever-changing and evolving field required to continually adapt cybersecurity strategics to meet new challenges and threats—all while maintaining the safety and reliability of facilities and production operations. The purpose of this survey is to poll organizations that operate OT systems– this includes ICS, OT,...

The goal of SecOps teams is to monitor, detect, investigate, and respond to suspicious activity and events. This often leaves them in a reactive state — with minimal opportunity to reduce false-positives and innovate. It doesn’t have to be this way, though. One key aspect of forward-looking, mature SecOps programs is the ability to gather context from data sources to inform — and expedite — investigations. In this sessi...