The cloud has changed infrastructure for all organizations and Federal agencies are no exception. However, it’s not as easy as simply “flipping the switch” because there are a myriad of regulatory requirements and considerations to navigate, and it requires careful planning and implementation. Join us on March 26, 2024, at 10:30 ET where SANS analyst Matt Bromiley and Cisco’s Technical Marketing Engineer, Christian Clau...

The modern threat landscape is a maze of complexity and adversaries that want to impact your organization. The time of “good enough” security is over. We’ve got to look elsewhere in our environments, integrating as many sources of telemetry as possible into your security program. We’re calling for a paradigm shift, combining observability and security data to gain and operate on a holistic view of your environment. Join...

In recent years, the cyber threat landscape has evolved significantly, blurring the lines between tactics, techniques, and procedures (TTPs) used by cybercrime and nation-state-sponsored attacks. On this webcast, SANS certified instructors Mat Fuchs and Josh Lemon will explore results of our 2024 Threat Hunting Survey, and reveal how organizations are changing their proactive hunting activities and their use of hunting for unusual patterns, be...

The public sector is under constant threat from cyber criminals who use advanced tactics such as phishing, ransomware, imposter emails and other methods to exploit employee vulnerabilities. Human error is typically the starting point of most attacks, and cyber criminals have become adept at using social engineering techniques to target individuals with highly persuasive, personalized messages. That means it’s more important than ever to...

Cyberattacks are evolving, and your defenses need to, too. Join SEC401 author Bryan Simon, GSE, for this webcast unveiling the game-changing 2024 update to SEC401 Security Essentials: Network, Endpoint, and Cloud. Get hands-on with next-generation labs: 20 brand-new exercises based on real-world security breaches Master essentials skills to combat cloud server compromise, data leakage, phishing attacks, and rushed development See the scenarios...

We know that the threat landscape is ever-changing and that organizations are constantly looking for technologies and tools to help guide and augment their security efforts. In this survey, we look at spending habits, priorities, and decision-making processes when it comes to security technology. What drives organizations to spend the way they do? Is it risk factors, compliance needs, or looking to defend against the latest threats? Furthermor...

In a digital landscape where ransomware threats have evolved into highly targeted, multi-phase attacks, public sector organizations face unprecedented data and operational continuity risks. The burning question is, how can state and local governments effectively mitigate these threats and protect access to vital public services? The answer lies in gaining network visibility to detect and stop ransomware and other malicious attacks before they...

When critical infrastructure is hit by a disruptive cyberattack, national security officials need to know about it as soon as possible. That’s the guiding principle behind new rules coming soon from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). In March 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) was signed into law. Enactment of CIRCIA means CISA will require covered entities d...

What a difference a year can make! Looking back on 2023, we saw some stunning trends and incidents in the realm of cybersecurity that got us all talking. In this webcast (with an associated white paper), SANS Senior Instructor Dave Shackleford will examine: The most significant cybersecurity incidents in 2023, and lessons learned from them What’s happening in the realm of machine learning and AI, both good and bad New security technology...

Securing applications is a complex and cumbersome issue many organizations have yet to solve. Current processes to test and secure applications are manual, ad-hoc, and often disconnected from development cycles. Furthermore, testing tools or results are siloed, and may not focus on overall risk or lack enterprise context. This leads to unnecessary friction, which can impact development processes or leave a security gap in the organization. In...