This session is to walk through a demonstration of Pentera: The Automated Security Validation solution. Organizations over the years have been following a defense in depth model to protect their critical assets. While this strategy makes sense; the tools, processes, and procedures surrounding this initiative have grown significantly. How confident can organizations be that each layer and the enormous effort undertaken is working effectively? D...

Storing your data in cloud services doesn't always guarantee the security of it. Data loss can occur for various reasons including human errors, ransomware attacks, or other kinds of malicious deletion.It is important to understand the retention policies and data back-up strategies so we can quickly react to any threats that could lead to permanent data loss and quickly recover data. This webinar will focus on the possible external factors tha...

Discovering, identifying, inventorying, and assessing all digital assets — a continuous process known as Attack Surface Management (ASM) — is essential for organizations to secure their environment. After all, you can’t protect what you don’t know about. External threats, vulnerabilities, shadow IT, and cloud misconfigurations are a few critical areas that may sneakily pose risks to organizations. The goal for IT and se...

Operational technology (OT)/industrial control system (ICS) security is an ever-changing and evolving field required to continually adapt defense strategies to meet new challenges and threats—all while maintaining the safety and reliability of facility operations. This event will focus on how OT/ICS defenders across all industries meet these challenges, and will highlight key areas to help defend critical infrastructure moving forward, i...

News Flash: You’re not just responsible for your own organization’s risk anymore. You need to watch out for your friendly, and sometimes not-so-secure, business partners, too. Third-party risk assessment is crucial to the defensibility of your cyber ecosystem, yet the task can be daunting. How do you know whether a third party has been the victim of a security breach? Which ones are most likely to experience a ransomware attack? W...

Environmental, Social and Governance (ESG) frameworks have emerged in the private sector as a way to incorporate social good into the other work an organization is engaged in. It’s a lens that can enhance and inform the way a company thinks about risks, opportunities and outcomes. But when people think about improving their communities and addressing the major issues that impact daily life, they look to governments – not corporatio...

One of the most prolific attacks over the past few years, that has touched nearly every industry and kept security professionals up at night, is ransomware. Ever-looming as the threat that can bring an organization to a halt, we have seen an explosive growth in ransomware and extortion attacks. Driven by never-ending vulnerabilities and automated attack tools, ransomware shows little signs of slowing down. It is time to change that pace. Join...

Get a preview of material directly from SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. Once attackers have gained access to your infrastructure, be it through a compromised host or through physical access, they will be looking to gain access to further resources. While there is a wide variety of ways that attackers can use to broaden their footprint in your environment, this webcast will focus on...

Do we ask too much of our security validation platforms? Is it really possible to mitigate risks created by security gaps, vulnerabilities, and external exposure across an entire organization? Yes—it’s all about asking, and answering, the right questions. In this webcast, Senior SANS Instructor Dave Shackleford and Cymulate’s Director of Cyber Evangelism Dave Klein examine the Cymulate Extended Security Posture Management Pl...

Finding flaws is much easier than fixing flaws. That's a fact. Happy to debate it. If this were not the case, we might just have this security thing all wrapped up. There are hundreds of tools that are reasonably successful at telling us what we are doing wrong (think compliance and vulnerability scanners). However, the solutions to these problems are not always as straightforward as they might seem. Sure, our tools and penetration testers wi...