Log data is critical for understanding how systems are operating and for monitoring malicious activity with the IT environment. This is particularly true for traditional systems as well as modern systems in the midst of a digital transformation that lack an audit trail, such as multi-cloud and DevOps environments, microservices, and containers. The technologies and trends organizations embrace as they accelerate their transformation all increa...

Nearly 2 billion records were exfiltrated in recent cloud breaches. Can breach paths be detected even before clouds are built? Learn how DevSecOps processes can predict breach paths programmatically using threat models derived from cyber threat intelligence, MITREs ATT&CK framework, and Infrastructure as Code. This session includes specific code examples for common IaC technologies. *To attend this webcast, login to your SANS Account or cr...

The increasing complexity of the threat landscape means we can no longer depend on a "business as usual" approach to endpoint security. Antivirus or EDR (Endpoint Detection and Response) used in isolation may not be the most efficient recourse to protect against today's sophisticated attacks. The good news is that there is a way to get more from our endpoint security with less effort, it's called eXtended Detection and Response (XDR). XDR reco...

As organizations shift to the cloud, teams grapple with legacy security tools incapable of ingesting and combining data from hybrid environments for analysis. The result? Threat visibility gaps and lower SOC performance. Join this Devo lunch and learn session as we discuss: Ensuring analysts have visibility into the entire attack surface Keeping detections relevant during cloud shift and how access to all data sources provides relevant context...

When it comes to security metrics, there are lots of variables. The company. The size and scale of that company. Measuring where things are at today and where you hope things will be in the future. Theres a lot at play, but one things for certain: Theres a laundry list of security metrics you could be measuring. So how do you know where to start? And once you have your foundation, whats next? Join Jake Munroe of Axonius for Cybersecurity Metri...

Todays security operations centers (SOCs) do not have the time, energy, or resources to keep pace with the evolving threat landscape. Security teams need to be able to secure their organizations by doing more with less. This can be achieved with security orchestration, automation, and response (SOAR). Rather than being bogged down by arduous manual tasks, SOAR empowers your SOC by leveraging your existing people, processes, and technology to i...

All facts are theory generated, and "truth" depends on what people collectively believe the truth to be. The prevalence of deception in human affairs is facilitated by an innate human desire for order, predictability, structure, and control. It is this tendency that makes us vulnerable to accepting vendor truths. By perpetuating vendor "truths", vendors assert their control over buyers and beyond. And unwittingly, folks are locked into paradig...

As the world continues to endure ongoing global disruption, cyber-attackers have been constantly updating their tactics in light of emerging trends. According to MIT Technology Review, 121 million ransomware attacks were recorded in the first half of 2020, each one attempting to encrypt private data and extort payment for its release. The automated elements of these attacks, malware that moves faster than security teams can respond, is one of...

All facts are theory generated, and "truth" depends on what people collectively believe the truth to be. The prevalence of deception in human affairs is facilitated by an innate human desire for order, predictability, structure, and control. It is this tendency that makes us vulnerable to accepting vendor truths. By perpetuating vendor "truths", vendors assert their control over buyers and beyond. And unwittingly, folks are locked into paradig...

There are many layers to cyber security, but the most critical layer is you. Time and again, the difference between success and failure is not a product or a service; it is having the right people in the right places. Since information security is continually evolving, success requires committing to a career of learning, from the fundamentals to advanced techniques. To put you firmly on that learning path, please join us at SANS Austin Winter...