Achilles Systems, a fictitious IT service provider to human resources teams in medium and large businesses, has fallen victim to an attack in which sensitive customer data and, potentially, customer networks, have been compromised. Achilles has a small security team who has historically focused on basic controls and compliance. However, it seems clear this attack was the work of a sophisticated adversary capable of circumventing the controls i...

As cloud security controls mature, it’s common to find that a wide variety of security controls and configuration capabilities are melding into a single platform or service fabric, in addition to the cloud provider infrastructure. Ranging from CNAPP to CSPM to CWPP and beyond, controls that cover the pipeline, workload security, cloud environment configuration, IaC templates, and runtime (and much more) are starting to evolve into a much...

Adversaries targeting critical infrastructure systems (power grids, water management systems, heavy manufacturing, oil and gas refineries and pipelines, etc.) have demonstrated detail technical knowledge of control system components, industrial protocols, and engineering operations. These skilled and brazen adversaries continue to launch a combination or Ransomware and targeted ICS tailored attacks against the safety and reliability of critica...

Hands-On Cyber Security Training in Denver Celebrating 35 Years of Cybersecurity Excellence Elevate your expertise with cyber security training at SANS Rocky Mountain Summer 2024 (June 17-22, MT). Led by industry-leading instructors renowned for their deep knowledge and practical insights, this event offers unparalleled, live access to your favorite cyber experts. Filled with hands-on labs, simulations, and exercises designed to equip you with...

Automation plays a vital role in improving capacity, efficiency, and performance in the SOC. Security teams spend far too much time “in the weeds,” unable to focus on solving the problems that matter. Security orchestration, automation, and response (SOAR) tools have the potential to streamline analysis, reduce response times, and improve quality. However, SOC teams often struggle to realize the full potential of this kind of autom...

Every organization professes that risk management is at the heart of its cybersecurity program. Threat modeling is at the heart of this proactive approach: a systematic process that helps organizations identify, understand, and mitigate potential threats. However, with technology's ongoing advancement and the rising complexity of digital systems, constructing exhaustive threat models from the ground up can be daunting. In this presentation, Ja...

In 2024, the SOC Survey continued to explore the detailed aspects of cybersecurity operations centers. The survey collected information on organizations’ capabilities, and what is outsourced. On this webcast, SANS Senior Instructor Chris Crowley examines survey results to understand how SOCs are architectured, favorite and frustrating technologies, staffing, funding, threat intel, and automation. Register for this webcast now, and you wi...

Serious Cyber Security Training in Washington, DC Celebrating 35 Years of Cybersecurity Excellence Dive into an immersive cyber security training experience at SANSFIRE 2024 (July 15 - July 20, ET). Led by world-renowned instructors boasting extensive industry experience, SANSFIRE 2024 offers live access to top experts in the field. SANSFIRE 2024 is equipped with industry-leading hands-on labs, simulations, and exercises that you can immediate...

Every organization professes that risk management is at the heart of its cybersecurity program. Threat modeling is at the heart of this proactive approach: a systematic process that helps organizations identify, understand, and mitigate potential threats. However, with technology's ongoing advancement and the rising complexity of digital systems, constructing exhaustive threat models from the ground up can be daunting. In this presentation, Ja...

The 2024 Top Attacks and Threats Report and webcast will once again dig deep into the emerging threats discussed during the annual SANS keynote panel discussion at the RSA® Conference 2024. SANS author and chair Domenica Crognale will discuss attacker trends and mitigation strategies and provide suggestions on how organizations can better position themselves to get ahead of these attacks. Topics will focus on: Briefing of the most dangerou...