"Congratulations, you have been selected to conduct a penetration test of our industrial control system (ICS) environment. Please remember, you cannot scan anything, you cannot install anything, and you cannot break anything. Your point of contact, who will watch every move you make, will be..." This is not a joke. More and more companies are requesting penetration tests of their ICS assets. But how can you conduct testing with these restricti...

Join Mark Baggett as he discusses new tools and some new features of older tools that enhance your threat hunting capability. This short one hour talk will provide you with the insight you need to begin hunting for Phishing domains and Command and Control channels on your networks. We will discuss the installation and configuration of tools that will have you threat hunting in no time.

The events of 2020 have forced security teams to address the challenges of securing the exponentially huge work-from-home (WFH) workforce. This same group of unsure WFH employees is facing rapid growth in attacks targeting remote access and collaboration systems and being targeted with sophisticated phishing attacks. All this while the security operations team has to maintain productivity in a distributed, WFH environment. There is no single p...

Learn about two vulnerability management challenges that organizations have - prioritization and reporting - and how the new SANS Vulnerability Management Maturity Model provides a roadmap for managing these areas of concern. The SANS Vulnerability Management Maturity Model describes the characteristics of a comprehensive VM program, and emphasizes how you can advance each focus area. Leveraging the material in MGT516: Managing Security Vulner...

We operate in an ever-changing threat and vulnerability landscape. Yet all too often, many of our approaches to defense seem to be dependent upon a reality that no longer exists. Has your organization's approach to cyber defense kept up with the always evolving adversary? In this talk, SANS Fellow, SEC511 course author, and Blue Team curriculum lead Seth Misenar will explore ways in which we can evolve and modernize our cyber defenses to bette...

This webcast takes a deeper dive into the topics explored in the SANS 2020 Metrics Survey to detail real-world use case examples of businesses selecting and using security metrics. Each speaker will detail a customer example of security metrics that helped reduce the risks posed by use of new technologies, such as cloud-based systems or of advanced threats against existing systems. They will also discuss what metrics worked best in connecting...

According to the 2020 SANS Cyber Threat Intelligence (CTI) Report, respondents identified two key inhibitors to successfully implementing CTI: lack of trained staff or lack of skills needed to fully utilize CTI, and lack of time to implement new processes. One way organizations and teams are bridging this gap is by developing CTI programs that include the three pillars of cybersecurity: people, process, and technology. To this end, industry ex...

To address the constant barrage of threats to endpoint security, many organizations put their efforts toward threat detection. But a strategy that focuses on preventing advanced attacks by automatically locking them down without relying on detection can stop hackers in their tracks, saving organizations both time and money. In this webcast, SANS Instructor Matt Bromiley reviews the Morphisec Unified Threat Prevention Platform, a tool that uses...

Runtime exploits continue to create major issues for security practitioners, especially in long-life systems. How are these attacks deployed? What can you do to prevent them? In this new SANS webcast, senior SANS instructor Chris Crowley will provide recommendations and guidance and relate his experiences using the RunSafe Security’s Alkemist. The guide will address: An example of a kill-chain in a predominantly interpreted-code environm...