The US Cybersecurity and Infrastructure Security Agency (CISA) recently released voluntary cross-sector Cybersecurity Performance Goals (CPGs) to help establish a common set of fundamental cybersecurity practices for critical infrastructure. SANS Institute recently published “Five Critical Controls for ICS/OT Cybersecurity” using real-world scenarios to design and improve cybersecurity defense and response. Join presenters from CIS...

Today, most organizations would consider themselves “hybrid”, possessing vast on-premises and cloud footprints. Statistics clearly show that cloud adoption continues to grow, and while businesses love the growth and agility provided by cloud providers, there continue to be challenges in the need to secure these various footprints. IT security teams struggle to keep up with complex product stacks, an ever-growing skills shortage gap...

Executive Director Brandon Wales of the Cybersecurity and Infrastructure Security Agency (CISA) and Rob Lee, Chief Curriculum Director and SANS Faculty Fellow, will enter the “Ring of Fire” with our attendees both online and in-person for an attendee-engaging fireside chat! The fireside chat will poll the audience to gather attendee insight in-person and online. We will collect attendee questions and help upvote topics they would l...

A vast majority of today's attacks use encryption to bypass defenses. Zscaler's ThreatLabz team analyzes data from the world's largest security cloud, processing over 250 billion transactions per day, to uncover what threats are hiding in SSL/TLS. Join this webinar to learn and discuss how encrypted attacks are evolving, including: The fastest growing threat types The most targeted industries/geographies Where most enterprise defense strategie...

In this session, Enrico Benzoni and Andrea Fumagalli will explain how to build and optimize the top three SOAR use cases, sharing invaluable tried-and-true technical details for solving your needs. The fastest security response is not always the right one. However, minimizing response time by prioritizing security incidents, reducing false positives, and quickly investigating alerts is one of the imperatives of successful cyber defense. Noneth...

Threat Exposure Management (TEM) is a new approach to security designed to help organizations identify, prioritize and manage unexpected risks or exposures. This approach differs from standard threat management practices by taking a contextual view of threats, focusing on establishing a process for how information is collected and integrated together to inform better and faster decision making. Though the term, threat exposure management, is n...

Remote work has upended security. Sadly, in reaction, security vendors have developed two substandard solutions: VPN and ZTNA. VPN server ports must be open to the internet and anyone on the internet can try to hack it. ZTNA suffers degraded performance while obfuscating identity creating a huge security blindspot. In this webinar, learn about Zero Networks’ ZNConnect which combines the best aspects of VPN and ZTNA while eliminating thei...

Let’s go back, way back to 2013 when AV was AV, whitelisting was whitelisting, and EDR ads were taking over airport terminals. Ah, the good old days. News Flash! Dr. Emmett Brown just showed up and he’s got urgent news from the future. No matter how good your incident response capabilities are, they cannot stand on their own (sort of like Biff, who was nothing without his buddies). To be effective, incident response (IR) must be pa...

In this workshop, SANS certified instructor Jean-François Maes will walk you through some of the most used NTLM relay attack paths pentesters use to compromise the domain. We will take a look at: What is NTLM auth? Using broadcast traffic for fun and profit Active Directory Certificate Services abuse ShadowCredentials And more! BEFORE THE WORKSHOP: This workshop requires a large local LAB that must be downloaded prior to the workshop. D...

Threat actors continue to make government agencies – at the federal, state and local levels – one of their most important targets. A series of Presidential Executive Orders and DHS CISA Binding Operational Directives have been issued in response, often with specific cybersecurity control and technology requirements. Government agencies need to address both these pressures, and do it with limited resources, prioritizing their action...