Storing your data in cloud services doesn't always guarantee the security of it. Data loss can occur for various reasons including human errors, ransomware attacks, or other kinds of malicious deletion.It is important to understand the retention policies and data back-up strategies so we can quickly react to any threats that could lead to permanent data loss and quickly recover data. This webinar will focus on the possible external factors tha...

Modern organizations are increasingly supporting the cloud. According to Microsoft, 95% of the Fortune 500 companies are using M365. A traditional pen test is incomplete without looking for insecurities in Azure, especially when hybrid Active Directory is in use. In this webcast, Tim Medin will walk through methods to enumerate users in Azure and how to attack the users in the cloud.

As organizations actively migrate applications and computing environments to the public cloud, it is important to integrate security throughout the cloud adoption journey. SANS has developed a Cloud Maturity Model to help organizations measure their progress in the cloud security journey. In this talk, we will discuss the content of the Cloud Maturity Model, how it is suitable for organizations like yours, and the best practices on how the mo...

In this presentation, we will explore how to set up red team scenarios in your cloud native environment with open source tooling. From there we will go through capturing high fidelity alerts for these scenarios with audit logging tools that are readily at your disposal today.

Today’s cloud environments are large, multi-faceted, and dispersed. They have a myriad of options for selection, configuration, security, and functionality. Add on more than one of these environments (AWS, GC, Azure, Oracle, Digital Ocean, etc) and the number of potential issues skyrocket! If you have custom applications, developers, databases, and any of the hundreds of other common items in your arena, your chances of having exposed v...

With rapidly changing computing platforms, a growing threat landscape, and a shift to a remote workforce, managing vulnerabilities is more challenging than ever. We are all looking for answers and we all want to know how our peers are doing in their fight and what we can learn from each other to make our systems, applications, and networks more secure and resilient. This webcast event will examine results from the SANS 2022 Vulnerability Manag...

The realm of cloud security is rapidly expanding and evolving. Security teams have a lot to keep up with, and need to know the latest and greatest cloud security services, controls, trends, and technology innovations that are helping to secure cloud access, services, and assets in a widely diverse set of cloud environments. In the Cloud track at Cyber Solutions Fest 2022, leading solution providers and practitioners will highlight the newest t...

Securing a cloud environment can be challenging and time consuming, especially if you don’t know where to start. This Workshop will scrutinize a common cloud service: Virtual Machines, and focus on the secure implementation of that service. We’ll discuss Operating Systems (and why it matters from a cloud perspective), as well as security groups, remote access, system and network hardening as well as how mature organizations handle...

Attackers are circling your cloud-native apps, sniffing your API structure, and lying in wait for one exposed API before they pounce on your vulnerable endpoints. Unfair? Absolutely. So how do you prevent this? Join SANS Senior Instructor Dave Shackleford and a product expert from Traceable as they demonstrate the Traceable AI solution. Watch as they show the importance of API exposure visibility, the realities of detection and prevention, an...

The pressure is on! As if there wasn’t enough momentum pushing security and development teams to get applications to the cloud, along came 24 months of remote work, high workforce turnover, and budget reductions. Never has there been more reason or pressure on security and development teams to get mission-critical workloads to the cloud than there is in 2022. Powerful, enabling technologies such as Function-as-a-Service, containers, and...