Tag Archives: SANS

Special Webcast: Five Keys for Successful Vulnerability Management – June 14, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Jonathan Risto

Are you feeling overwhelmed by the vulnerabilities reports you receive from your team? You’re not alone. The increased complexity of our deployed software and networks has amplified the potential locations where vulnerabilities can be found, and thats not including our processes and people. Attackers are taking advantage of multi vectors into our organization. Our push to the cloud has increased the demands, as everything is provisioned instantly and ready for use, according to all the marketing material we receive. Being able to stay on top of, and quickly remediate, the priority issues identified in our environments takes a team larger than we are allocated, besides what we can keep staffed.

Enter SANS new class, MGT516: Managing Security Vulnerabilities: Enterprise and Cloud.

The primary goal of this course is to equip those responsible for managing the infrastructure and application vulnerabilities with strategies and solutions that overcome the challenges and stumbling blocks they may encounter. By understanding the problem and potential solutions, participants will be better prepared to meet this challenge and determine what might work for their organization.

In this webcast, we will give an overview of the MGT516 class and give a sneak peek into some of the material. By the end of this talk, you will have a good understanding of the main topics covered in the course, as well as who should attend the class.

Special Webcast: DDI data a Critical Enabler of SOAR – June 14, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Srikrupa Srivatsan

Constantly evolving threats and shortage of qualified cybersecurity professionals have led security teams to move to security workflow automation to meet the demands. Its not enough to have a great tool nowadays. These tools have to work better together to meet todays security challenges. Security orchestration, automation and response (SOAR) tools improve efficiency and efficacy of security operations by automating threat intel management, event monitoring and incident response processes.

One of the key sources of contextual network and threat intel data comes from infrastructure that organizations already rely on for connectivity DNS, DHCP and IPAM. This data along with timely, reliable and accurate threat intel can be used to improve scoring and investigation, assist in prioritizing incoming incidents, and can be relied upon to build automation.

Join this webinar to learn how a well architected DNS, DHCP and IPAM can power SOAR platforms to:

  • Block/unblock domains using context
  • Enrich other security tools with valuable IPAM data
  • Enhance and improve incident response with better threat intelligence

Special Webcast: Authentication: Its All About the User Experience – June 13, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Matt Bromiley and Hormazd Romer

Authentication, including passwords, remains a weak link for enterprise security, despite many attempts to improve or strengthen it. Because people must authenticate themselves, effective authentication depends heavily on users, whose experience and willingness to comply often compromise security. This SANS webcast and associated new paper looks at the current state of authentication and ways to deploy a better process.

SANS senior instructor Matt Bromiley, with insights from Yubico’s Hormazd Romer, will talk about the challenges with passwords, existing authentication technologies and recent developments to improve authentication. The role of industry standards, including WebAuthn, will be addressed, along with specific recommendations to implement strong authentication that protects the organization and benefit your users.

Register now and be among the first to receive the associated white paper written by Matt Bromiley.

Special Webcast: Authentication: It Is All About the User Experience – June 13, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Matt Bromiley and Hormazd Romer

Authentication, including passwords, remains a weak link for enterprise security, despite many attempts to improve or strengthen it. Because people must authenticate themselves, effective authentication depends heavily on users, whose experience and willingness to comply often compromise security. This SANS webcast and associated new paper looks at the current state of authentication and ways to deploy a better process.

SANS senior instructor Matt Bromiley, with insights from Yubico’s Hormazd Romer, will talk about the challenges with passwords, existing authentication technologies and recent developments to improve authentication. The role of industry standards, including WebAuthn, will be addressed, along with specific recommendations to implement strong authentication that protects the organization and benefit your users.

Register now and be among the first to receive the associated white paper written by Matt Bromiley.

Analyst Webcast: How to Build a Data Protection Strategy in AWS – June 13, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Dave Shackleford and David Aiken

As more organizations store sensitive data in the cloud, and as data protection regulations become more stringent, security personnel must develop a strategy to protect their assets in the AWS cloud. However, this poses many important questions, such as: How can I securely migrate data from on-premises storage volumes to AWS services, or from existing AWS services to new AWS services? What controls are needed? And what performance requirements must be met?

In this recorded webcast, SANS analyst and senior instructor Dave Shackleford will explore the controls that are critical to data security and how to scale on-premises data protection strategies to the cloud.

Attendees will learn:

  • The changes organizations must consider before storing data in and scaling data protection to the AWS cloud
  • How to use data loss prevention (DLP), encryption, access controls, user behavior analytics and data life cycle controls as integral parts of a data protection strategy
  • Key steps in scaling data protection to the AWS cloud

Register for this webinar to be among the first to receive the associated whitepaper written by cloud security expert Dave Shackleford.

Special Webcast: Cybersecurity Frameworks for CISOs – June 12, 2019 10:30am US/Eastern

This post was originally published on this site

Speakers: Frank Kim

Learn how to make sense of the veritable alphabet soup of cybersecurity frameworks to simplify the complex world of security and structure your program to meet both business and technology goals.

Security is complex. Explaining it to others is difficult. Frameworks are supposed to help make this easier. But, they too are often complex. Learn a simple model for organizing the vast array of frameworks so that you can simplify the complex world of security and build a more effective program.

Special Webcast: Using Zeek/Bro To Discover Network TTPs of MITRE ATT&CK​ – June 12, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Richard Betjlich and James Schweitzer

Techniques, tactics, and procedures (TTPs) can help characterize patterns of adversary behavior, such as sending a spearphishing attachment for initial access or using the Remote Desktop Protocol to move laterally in a target environment. To track TTPs and develop corresponding defense strategies, security personnel increasingly turn to MITRE ATT&CK​, a TTP repository based on real-world observations. While no single technology nor process can cover all TTPs, did you know that the Zeek Network Security Monitor (formerly Bro) can give you powerful visibility and detection against critical network-based TTPs in the ATT&CK framework?

In fact, earlier this year MITRE released the Bro/Zeek ATT&CK-based Analytics and Reporting (​BZAR​) scripts to the open-source community to help uncover network-based ATT&CK TTPs. Tune into this webcast to hear from world-class security operators as they dig into Corelight and the MITRE framework and demonstrate step-by-step examples of how you can use Corelight to significantly improve your visibility and defenses.

Register for this webcast to learn:

● An Overview of the MITRE ATT&CK framework

● How Corelight addresses ATT&CK TTPs related to data exfiltration and C2s

● And more…

Analyst Webcast: SANS 2019 State of OT/ICS Cybersecurity Survey – June 12, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Barbara Filkins and Doug Wylie

In this research project webcast, SANS experts Doug Wylie and Barb Filkins, with advisor and SANS instructor Jason Dely, will examine the current state of known and perceived cybersecurity risks, threats and potential impacts to industrial and automation control systems that are applied within the Operational Technology (OT) domain.

Security practitioners and risk managers from energy (oil, gas, electricity), nuclear, water/wastewater, aviation and aerospace, automotive, transportation, food and beverage, agriculture, metals and mining, chemical and pharmaceutical, and defense will share how they perceive threats, challenges and solutions to securing a strong ICS, SCADA, distributed control system (DCS), process control system (PCS) and building automation/control and management system (BAS/BCS/BMS).

Webcast attendees will learn how adeptly we are safeguarding operations and protecting human and company capital from a range of technical and non-technical cybersecurity risks that stem from threats that include malicious and unintentional insiders and outsiders.

Register now and be the first to receive the associated report with survey data.

Special Webcast: The 20 Critical Security Controls: From Framework to Operational to Implementation – June 11, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Randy Marchany

The 20 CSC provide an excellent bridge between the high level security framework requirements and the operational commands needed to implement them. Implementation is a 3-7 year process depending on a wide variety of factors and constraints. This talk discusses our experiences in implementing the 20 CSC. For example, Control #1 has proved to be the most challenging one because it depends on how your IP addresses are generated by your networking group. We’ll also discuss various tools and internal policies and standards that support a particular control’s implementation. Finally, we’ll show examples of how we measure progress.