As more organizations shift application access to the cloud, which minimizes the need for the data center to act as a hub for access and controls, they are realizing the benefits of cloud-brokering solutions that offer strong security capabilities. Nowhere is this more true than application protection, ranging from traditional WAF controls to API protection, bot detection and prevention, and more. In this webcast, Senior SANS Instructor Dave S...

Zero Trust remains one of the main topics in the cybersecurity industry. But what is Zero Trust really about? The broad theme of Zero Trust is about reducing implicit trust throughout the enterprise. The goal is to take an organization from an old non-defensible architecture based on compliance, controls, and a static protection oriented mindset, to a defensible security architecture based on continuous dynamic threat informed defense, and ris...

Just how effective or mature is your security program? Given the multitude of assessment, rating, and cybersecurity frameworks, it can be challenging to determine security operations readiness and resilience through a single measurement or framework. Is effectiveness based on defending against an attack or the ability to mitigate attacks in the first place? Should compliance drive our security strategy, or should our security strategy enable c...

In July 2023, SANS partnered with Carahsoft for the 2023 Government Security Solutions Forum, where cybersecurity preparedness went back to basics. In this webcast, SANS Certified Instructor Matt Bromiley will review the top trends that emerged during the forum. Matt also uncovers how organizations can prepare for the National Cybersecurity Strategy Implementation Plan, or NCSIP, released by the White House in March 2023. His focus on preparat...

The evolution of hybrid cloud environments demands innovative solutions to unify on-premise and cloud-based resources seamlessly. This talk, titled "Bridge to the Clouds: Unifying Worlds with Entra ID in Hybrid Landscapes," illuminates the integration challenges and visibility capabilities provided by Entra ID for reconciling identity and access management in hybrid cloud landscapes. Learning Objectives: To enlighten the audience on the import...

As we head into the last quarter of 2023, three major mandate changes are occurring, each positioned to make a large impact on how businesses, governmental bodies, and critical sector organizations operate. The goal of the SANS Cyber Compliance Countdown is to focus on what you need to know in these complicated and broad requirements and to offer solutions on how to meet these directives. Below is a quick overview of the changes and this forum...

The Cloud is enabling businesses to quickly adopt and use technology in ways that we've never imagined before. Security teams need to find ways to keep up; automation is the solution. By using Policy as Code tools we can define and enforce security guardrails. This allows developers and cloud engineers to continue shipping features while bringing the confidence to everybody that security requirements are being met. Learning Objectives: Examine...

Mobile devices are regularly used for personal and professional reasons, and people rarely put a company’s cybersecurity ahead of their personal needs. This dual-usage introduces organizations to a wide range of threats, many of which originate from mobile apps on personal devices. And if sideloaded apps continue to grow in popularity as expected, the number of mobile risks and threats will accelerate. Join cybersecurity experts from Zim...

We are lucky in Infosec. It may not be an easy field to get into, but once in infosec there is plenty of work available and many work models. Most start out as a full time employee. You have a job and work for one organization. You can also be a contractor. Most contractors have one contract with one client at a time, and the terms of remuneration are different than a full time employee and generally one has more freedom. You can also be an in...

Identity governance and administration (IGA) — ensuring that the right people have the right access at the right time — has emerged as a business-critical security concern for enterprises worldwide. IGA plays a key role in reducing the risk of identity-based security failures, which the Identity Defined Security Alliance (IDSA) reports impacted 90% of enterprises in 2022. But a broad range of factors, including complex IT and busin...