In the modern age of cloud migration and deployment, many security and operations teams are having to adapt their controls, processes, and overall strategies to better accommodate hybrid on-premises and cloud environments. While some architecture and control concepts stay relatively static, many don't. So what should organizations do? How can traditional firewalls and cloud-native controls co-exist? What network security controls are most read...

The castle model is dead, it's time to move on. Protecting our corporations primarily from the outside looking in is a naive and inefficient approach. Prevention is great, but inevitably the defenses will fail, and the attackers are on the inside. Threats attacking us from the inside are real, and we can neither avoid it nor can we "trust our employees". While it would be nice to trust employees, and we can trust most of them, we need to be vi...

Conventional wisdom suggests that a zero-trust framework or architecture be implemented as part of a holistic security strategy. “Trust nothing, verify everything” seems like the safest bet. Yet, it remains unclear how this approach keeps your organization's connectivity, which supports your most critical business applications, more secure without impeding their business intent. Uncover the most pressing network security policy iss...

Our 2022 Survey on infrastructure operations is designed to explore how organizations are utilizing cloud-native applications and integrating those applications within their security monitoring and response capabilities. We continue to see growth of adopting of cloud-native applications, but larger issues always remain. As we adopt and utilize more and more cloud-native applications, is the security team able to keep up with newer forms of tel...

Every network has a security vulnerability. Vulnerabilities obviously lead to threats. Do you know where your vulnerabilities and any hidden threats are located? With major security breaches happening every year to businesses and government agencies of every type, don't you want to find (and fix) your network BEFORE a hacker finds and exploits the weakness? In this webinar, we explain what you need to do to actually protect yourself from vulne...

Join members of the SANS Industrial Control Systems (ICS) Team in a new ICS Webcast Series: ICS Cyber Resilience, Active Defense & Safety. Presenters will address the recent increase in attack campaigns and impacts seen across multiple sectors in the ICS space. Topics of discussion will include ransomware impacting critical infrastructure, detecting advanced adversaries inside ICS networks, and a variety of other threats and defenses. This...

Over the past few years, we have seen drastic, but welcome, changes in how organizations manage their own software and code. Organizations are embracing security at the code level, encouraging developers and security teams to work closely together. Giving way to the term “DevSecOps”, developers now integrate automated processes to build and ship code, streamline the development cycle, and ship code more securely. However, cyber adv...

Over the past few years, we have seen drastic, but welcome, changes in how organizations manage their own software and code. Organizations are embracing security at the code level, encouraging developers and security teams to work closely together. Giving way to the term “DevSecOps”, developers now integrate automated processes to build and ship code, streamline the development cycle, and ship code more securely. However, cyber adv...

As the world continues to endure ongoing global disruption, cyber-attackers have been constantly updating their tactics in light of emerging trends. According to MIT Technology Review, 121 million ransomware attacks were recorded in the first half of 2020, each one attempting to encrypt private data and extort payment for its release. The automated elements of these attacks, malware that moves faster than security teams can respond, is one of...

The AFCEA Intelligence Committee Webinar Series will look at the latest intelligence and security issues facing the nation. These conversations will feature members of AFCEA’s highly regarded Intelligence Committee, a volunteer group of public- and private sector intelligence professionals dedicated to strengthening government, industry, and academic collaboration for a safer future. The series will focus on identifying the most promisin...