Cyber threat data from multiple sources overwhelm today’s Security Operations Centers (SOCs) without a centralized method to aggregate it. Many organizations have immature threat intelligence programs that rely on select external threat feeds, which users struggle to analyze. A cyber threat intelligence program requires people, processes, and technology to process, exploit, and disseminate threat data. Threat intelligence is “evide...

Vulnerabilities are relentless and exploited by targeted attacks faster than ever with damaging results to business. Study after study shows that most successful attacks exploit well known vulnerabilities with existing patches. Most businesses already do some form of vulnerability scanning but for many, time to remediate has not gone down. Yet some organization have broken out of this pattern—how have they done it? One of the key differe...

Many of us are confined at home due to the COVID-19 pandemic. But, business as usual, many organizations are still facing security incidents (related to the virus or not). Let's imagine the following scenario: Your phone rings because a customer detected some suspicious activity on a server or a workstation. Of course, it must be investigated "as soon as possible". The server is physically located 500km away and you're stuck at home... How to...

Honeypots have always been a favorite of researchers. But making them scale and automating the operation of large "fleet" of honeypots operated by volunteers has been challenging. In this talk, you will get a brief tour of the infrastructure behind the SANS Internet Storm Center. You will learn how some of the recent attacks we detected and wrote about were picked up and analyzed by this global network of honeypots. We will look at live data,...

In the world of "Cloud" we have an entirely new landscape of services, vendors, and functionality. The growth of Cloud is being driven from all sizes of organizations, from 2 person start-ups to Fortune 10 companies. But what can we do to understand these Services better so that when we move to the Cloud its a successful shift, and doesnt introduce unnecessary risk? Theres plenty of room for error, but also plenty of room for success. Were goi...

Successful attacks almost always take advantage of conditions that could reasonably be described as poor cyber hygiene including the failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privilege. In this session, well dig a little deeper into the idea. Well discuss the importance of cyber hygiene as a root cause issue for attacks, and as a defensive strategy. We look at various attempts...

In this webcast, sponsor representatives and report author John Hubbard will discuss the new SANS report, "Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework." The discussion will explore themes from the paper, including: What the MITRE ATT&CK Framework is Where ATT&CK is going Best practices for using ATT&CK information Register today and learn how to leverage the information and ecosystem of tools surround...

Thankfully, we've come far enough that we no longer need to make a case for why gender equality in cybersecurity is important and valuable. But the fact that women still represent less than 20% of the workforce in cybersecurity positions shows we have a long way to go. How do we get there? Achieving gender parity will require two important things: action and allies. Even the most well-intentioned organizations may not realize the gender bias i...

Chairman: John Pescatore, SANS Director of Emerging Security TrendsKeynote: Ashley Mahan, Secure Cloud Portfolio & FedRAMP Director Sponsors: AWS, IBM, Rackspace and Okta The Federal Risk and Authorization Management Program (FedRAMP) has been a highly successful GSA initiative to enable government agency use of cloud services by providing streamlined approach to assessment, authorization and continuous monitoring. Providers of cloud servi...

What is SANS CyberCon?SANS CyberCon is a live online training event that meets in virtual classrooms, allowing students to interact directly with their classmates and instructors. SANS CyberCon students attend popular courses that are taught online by SANS' top instructors. Students also have the opportunity to attend daily bonus sessions that discuss current topics in information security. In short, SANS CyberCon is perfect for professionals...