Achilles Systems, a fictitious IT service provider to human resources teams in medium and large businesses, has fallen victim to an attack in which sensitive customer data and, potentially, customer networks, have been compromised. Achilles has a small security team who has historically focused on basic controls and compliance. However, it seems clear this attack was the work of a sophisticated adversary capable of circumventing the controls i...

As cloud security controls mature, it’s common to find that a wide variety of security controls and configuration capabilities are melding into a single platform or service fabric, in addition to the cloud provider infrastructure. Ranging from CNAPP to CSPM to CWPP and beyond, controls that cover the pipeline, workload security, cloud environment configuration, IaC templates, and runtime (and much more) are starting to evolve into a much...

Adversaries targeting critical infrastructure systems (power grids, water management systems, heavy manufacturing, oil and gas refineries and pipelines, etc.) have demonstrated detail technical knowledge of control system components, industrial protocols, and engineering operations. These skilled and brazen adversaries continue to launch a combination or Ransomware and targeted ICS tailored attacks against the safety and reliability of critica...

Automation plays a vital role in improving capacity, efficiency, and performance in the SOC. Security teams spend far too much time “in the weeds,” unable to focus on solving the problems that matter. Security orchestration, automation, and response (SOAR) tools have the potential to streamline analysis, reduce response times, and improve quality. However, SOC teams often struggle to realize the full potential of this kind of autom...

Every organization professes that risk management is at the heart of its cybersecurity program. Threat modeling is at the heart of this proactive approach: a systematic process that helps organizations identify, understand, and mitigate potential threats. However, with technology's ongoing advancement and the rising complexity of digital systems, constructing exhaustive threat models from the ground up can be daunting. In this presentation, Ja...

In 2024, the SOC Survey continued to explore the detailed aspects of cybersecurity operations centers. The survey collected information on organizations’ capabilities, and what is outsourced. On this webcast, SANS Senior Instructor Chris Crowley examines survey results to understand how SOCs are architectured, favorite and frustrating technologies, staffing, funding, threat intel, and automation. Register for this webcast now, and you wi...

Every organization professes that risk management is at the heart of its cybersecurity program. Threat modeling is at the heart of this proactive approach: a systematic process that helps organizations identify, understand, and mitigate potential threats. However, with technology's ongoing advancement and the rising complexity of digital systems, constructing exhaustive threat models from the ground up can be daunting. In this presentation, Ja...

The 2024 Top Attacks and Threats Report and webcast will once again dig deep into the emerging threats discussed during the annual SANS keynote panel discussion at the RSA® Conference 2024. SANS author and chair Domenica Crognale will discuss attacker trends and mitigation strategies and provide suggestions on how organizations can better position themselves to get ahead of these attacks. Topics will focus on: Briefing of the most dangerou...

Cybercrime continues to evolve, and as forensic analysts and incident responders, we often are in a virtual arms race with the criminals. While the best tool in both art and science is the amazing capacity of the human brain, and this is especially apparent in the field of digital forensics and incident response, where we match ourselves against the creative ingenuity of committed and capable criminals; we do need other tools to make our work...

Cybercrime continues to evolve, and as forensic analysts and incident responders, we often are in a virtual arms race with the criminals. While the best tool in both art and science is the amazing capacity of the human brain, and this is especially apparent in the field of digital forensics and incident response, where we match ourselves against the creative ingenuity of committed and capable criminals; we do need other tools to make our work...