The evolution of cloud technologies has ushered in a new era of opportunities, but with it comes a unique set of challenges, particularly in the realms of configuration and network security. This talk will shed light on the modern practices and strategies essential for safeguarding cloud environments against configuration missteps and network vulnerabilities. We'll dissect real-world scenarios where configuration errors led to breaches and del...

As more organizations shift application access to the cloud, which minimizes the need for the data center to act as a hub for access and controls, they are realizing the benefits of cloud-brokering solutions that offer strong security capabilities. Nowhere is this more true than application protection, ranging from traditional WAF controls to API protection, bot detection and prevention, and more. In this webcast, Senior SANS Instructor Dave S...

The evolution of hybrid cloud environments demands innovative solutions to unify on-premise and cloud-based resources seamlessly. This talk, titled "Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes," illuminates the integration challenges and visibility capabilities provided by Entra ID for reconciling identity and access management in hybrid cloud landscapes. Learning Objectives: To enlighten the audience on the import...

The Cloud is enabling businesses to quickly adopt and use technology in ways that we've never imagined before. Security teams need to find ways to keep up; automation is the solution. By using Policy as Code tools we can define and enforce security guardrails. This allows developers and cloud engineers to continue shipping features while bringing the confidence to everybody that security requirements are being met. Learning Objectives: Examine...

Today, most security professionals are actively architecting and implementing cloud security controls across SaaS, PaaS, and IaaS environments. We’ve learned that what once worked on-premises may not work quite the same in the cloud, and a wide range of new and innovative security platforms and services have emerged and evolved in recent years to address critical cloud security use cases and categories, including: Cloud security monitori...

Whether you are just getting started in cloud security, or overseeing a team of technical cloud practitioners, you likely have questions about the process, journey, technology, and career path of cloud security professionals. In this talk, we’ll discuss the myriad responsibilities of people working in cloud security from viewpoints such as: Privacy, compliance, data protection, engineering, offensive security, as well as leadership. We...

In the modern age of cloud migration and deployment, many security and operations teams are having to adapt their controls, processes, and overall strategies to better accommodate hybrid on-premises and cloud environments. While some architecture and control concepts stay relatively static, many don't. So what should organizations do? How can traditional firewalls and cloud-native controls co-exist? What network security controls are most read...

The NIST cybersecurity framework (CSF) is a well-known and respected framework for building cybersecurity programs. The NIST CSF organizes the framework beginning with functions that organize basic cybersecurity activities at their highest level. These functions are Identify, Protect, Detect, Respond and Recover. The NIST CSF functions can help cloud organizations express their management of cybersecurity risk by organizing information, enabli...

Cloud environments are attractive targets for hackers due to their complexity, which can make them difficult to defend. This presentation will cover three crucial strategy cloud security that can greatly impact your cloud's security posture. We'll kick off by exposing common vulnerabilities that hackers exploit to compromise cloud environments. Then, we'll dive into effective mitigation strategies in three areas and show you how to implement t...

Have you ever wondered about the security of your cloud environment and how to enhance the posture? In this session, we will guide you through the eight fundamental domains of cloud security in today's organizations. Our aim is to help you comprehend the key areas that need to be secured in the cloud. We'll cover topics such as Identity & Access Management and cloud security governance, and provide an overview of essential capabilities in...