Do we ask too much of our security validation platforms? Is it really possible to mitigate risks created by security gaps, vulnerabilities, and external exposure across an entire organization? Yes—it’s all about asking, and answering, the right questions. In this webcast, Senior SANS Instructor Dave Shackleford and Cymulate’s Director of Cyber Evangelism Dave Klein examine the Cymulate Extended Security Posture Management Pl...

Finding flaws is much easier than fixing flaws. That's a fact. Happy to debate it. If this were not the case, we might just have this security thing all wrapped up. There are hundreds of tools that are reasonably successful at telling us what we are doing wrong (think compliance and vulnerability scanners). However, the solutions to these problems are not always as straightforward as they might seem. Sure, our tools and penetration testers wi...

Ransomware attacks are no longer “drive-by” events. Encryption is only one of the problems among a list of others that include operational disruption and data exfiltration for extortion, ransom, sale, and re-sale. Join SANS Senior Instructor Jake Williams, SANS Instructor and BlackBerry Principal Incident Response Consultant Ryan Chapman, and BlackBerry Most Distinguished Threat Researcher Dmitry Bestuzhev as they dissect and anal...

Get a preview of material directly from SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. There are many stages in the attack lifecycle in which we can detect or prevent an (advanced) attacker from getting closer to their final objectives. One thing we always come across however is that the attacker likes to persist in your environment, be it for two days, two months, or two years. It is important fr...

This webinar is a preview of a new report - the updated version of the Top 20 Cyber Attacks on Industrial Control Systems. The attack "ruler" of 20 standard attacks now includes nation-state-grade ransomware, IT-targeted ransomware that triggers "abundance of caution" OT / ICS shutdowns, IT-targeted ransomware that triggers OT shutdowns when IT systems vital to OT networks are impaired, and other timely updates. Cloud-seeded ransomware / supp...

So you have a vulnerability management program. Great. Excellent. But are you able to let the management team know if it is being effective or not? In this final Vulnerability Management series webcast, join Jonathan (MGT516 co-author and SANS certified Instructor) as he discusses how to show your program is being effective through metrics and measures. He will discuss metrics that a new program can start creating and generating on day 1 as we...

Get a preview of material directly from SANS SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defenses. There are many stages in the attack lifecycle in which we can detect or prevent an (advanced) attacker from getting closer to their final objectives. One thing we always come across however is that the attacker likes to persist in your environment, be it for two days, two months, or two years. It is important fro...

The Evolution of Resilience | Join us in Phoenix as we will provide you with all the tools and knowledge to respond to today’s disruptions and tomorrow’s emerging threats! We invite you to join us and enjoy all the programming, the networking, the exhibitor demos and more at DRJ Fall 2022 – The Evolution of Resilience. We have designed our 67th conference to meet the needs of you, our valued attendees. This conference guide i...

There are many business challenges affecting Network Operations and Security teams. CIOs and CISOs alike are finding it more and more difficult to keep up with the sophistication and increasing frequency of modern-day and zero-day threats, while also building a highly collaborative and effective IT team. As businesses today focus more and more on security, there is a need to think outside the box in order to properly mitigate risks and drive n...

This webcast will provide deeper insight into the threats highlighted during the annual SANS keynote panel discussion at the RSA® Conference 2022. The webcast will include insight from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the dangerous new attacks techniques they see emerging. We will also include actionable advice on the critical skills, processes, and controls needed to protect enterprises...