Protecting critical infrastructure through Operational Technology (OT)/Industrial Control System (ICS) cyber defense is an ever-changing and evolving field required to continually adapt cybersecurity strategics to meet new challenges and threats—all while maintaining the safety and reliability of facilities and production operations. The purpose of this survey is to poll organizations that operate OT systems– this includes ICS, OT,...

Our 2022 Survey on infrastructure operations is designed to explore how organizations are utilizing cloud-native applications and integrating those applications within their security monitoring and response capabilities. We continue to see growth of adopting of cloud-native applications, but larger issues always remain. As we adopt and utilize more and more cloud-native applications, is the security team able to keep up with newer forms of tel...

Security professionals are starting to rethink their approach to access control and monitoring for user activity. Today, many traditional static network segmentation and access controls are not capable of keeping pace with remote workers and cloud access scenarios. Zero trust is a model where data and application behavior are the central focus points of all isolation and segmentation tactics, and all users and assets in an IT operating enviro...

Threat hunting in ICS environments must consider safety. IT and ICS systems have different missions, objectives, impacts during an incident, and different assets like embedded operating systems, and engineering devices speaking non-traditional industrial protocols. Adversaries targeting ICS must use different attack tactics and techniques for access, execution, collection, and persistence, etc., to degrade safety, manipulate control, damage ph...

Effective security requires a holistic and streamlined approach to endpoint detection and response across the entire organization. For complex enterprises with various types of assets, extended detection and response (XDR) provides comprehensive security while also delivering integrated endpoint protection. XDR unites and correlates visibility across assets, uncovers vulnerabilities, and detects threats with cross-data analytics. It takes inci...

Maintaining trust in a network has become an enormous challenge due to: an increasingly sophisticated cyber threat landscape an expanding digital infrastructure a mushrooming cybersecurity skills gap, and an increased need to secure remote work In addition, the growing remote workforce needs to access both cloud-based and on-premises infrastructures. Zero trust network access needs to include controls and policies for network segmentation, end...

In the past year, businesses have been continually under pressure to increase efficiency and keep costs down. This webcast will discuss the results of the SANS 2021 Threat Hunting Survey, and cover ways organizations can defend against yet-to-be-discovered network threats using NDR The potential output of Threat Hunting strongly depends on three factors - visibility, skills, and Threat Intelligence. Recent survey reported .. 51.3% of responden...

Organizations continue to manage cloud migrations, the challenges of remote working and encrypted communications, the increased data connectivity to external vendors and an expanding range of connected devices, the complexity of the network increases. These changes may enable new business opportunities, but they may also complicate operational support, split existing teams, and ultimately impact security. This survey aims to understand the cur...

Assessing applications for security risks and then remediating those risks at scale, without slowing down the development process, can be quite the challenge. Traditional security tools struggle to provide accurate and comprehensive visibility to security risks within modern application workloads, and typically weren’t built with cross-functional ownership in mind to prioritize and remediate risk findings. As a result, AWS offers a suite...

The goal of SecOps teams is to monitor, detect, investigate, and respond to suspicious activity and events. This often leaves them in a reactive state — with minimal opportunity to reduce false-positives and innovate. It doesn’t have to be this way, though. One key aspect of forward-looking, mature SecOps programs is the ability to gather context from data sources to inform — and expedite — investigations. In this sessi...