Conventional wisdom suggests that a zero-trust framework or architecture be implemented as part of a holistic security strategy. “Trust nothing, verify everything” seems like the safest bet. Yet, it remains unclear how this approach keeps your organization's connectivity, which supports your most critical business applications, more secure without impeding their business intent. Uncover the most pressing network security policy iss...

In “The 2021 State of Enterprise Breaches,” Forrester found that enterprises spend a median of 37 days and a mean of $2.4 million to find and recover from a breach. Ensure your team is prepared for advanced threat actors. Forrester recommends that security leaders must advocate for investment in efforts like digital transformation to help the organization be more adaptable and focus on data and metrics to uncover prevalent attack v...

DNS provides one of the best methods for command and control, covert tunneling, and blind data exfiltration. Burp Collaborator provides a great way to both confirm blind injection, and also exfiltrate data. Penetration testers may prepend names to each DNS request, allowing data exfiltration subject to DNS's length limitations (63 characters per label, 255 characters total name) and character limitations. This webcast will describe methods for...

This engaging session takes a light-hearted look at securing your cloud-native applications and gives a detailed list of what (not) to do. We’ll cover how to ensure your developers never create insecure or vulnerable code, we’ll talk about how to enable complete zero trust, and most importantly we’ll talk about how to guarantee 100% security of your cloud-native applications.

Bad actors don’t knock on the front door. They find a way into your infrastructure whether through your supply chain, a misconfiguration, impersonating a user with stolen credentials, a zero-day exploit or other advanced techniques that we may not have seen yet. It is important to make sure that preventative measures are in place and following best practices, but you also need to be ready to detect attacks and take actions. Join SANS ana...

In the old days, we used Nmap to find and scan systems. The old days are gone. Now we have "the cloud." Attackers have figured out new ways. Join Josh Wright as he shows how to find and scan modern cloud networks. This will be mostly demo in a live network. We've asked Murphy not to interfere. We'll wrap up with some tips for defense. We think it will be pretty awesome. Let us know what you think at the end!

OpenAI is a leading research institute focused on developing artificial intelligence technology in a safe and responsible manner. In this talk, we will discuss the potential risks that advanced AI poses to cybersecurity, and what steps are being taken to address these challenges. We will also explore the ways in which AI can be used to improve cybersecurity and protect against cyber threats. Overall, this talk will provide a comprehensive over...

The US Cybersecurity and Infrastructure Security Agency (CISA) recently released voluntary cross-sector Cybersecurity Performance Goals (CPGs) to help establish a common set of fundamental cybersecurity practices for critical infrastructure. SANS Institute recently published “Five Critical Controls for ICS/OT Cybersecurity” using real-world scenarios to design and improve cybersecurity defense and response. Join presenters from CIS...

Today, most organizations would consider themselves “hybrid”, possessing vast on-premises and cloud footprints. Statistics clearly show that cloud adoption continues to grow, and while businesses love the growth and agility provided by cloud providers, there continue to be challenges in the need to secure these various footprints. IT security teams struggle to keep up with complex product stacks, an ever-growing skills shortage gap...

Executive Director Brandon Wales of the Cybersecurity and Infrastructure Security Agency (CISA) and Rob Lee, Chief Curriculum Director and SANS Faculty Fellow, will enter the “Ring of Fire” with our attendees both online and in-person for an attendee-engaging fireside chat! The fireside chat will poll the audience to gather attendee insight in-person and online. We will collect attendee questions and help upvote topics they would l...