Tag Archives: SANS

WhatWorks Webcast: Overcoming Obstacles to Secure Multi-cloud Access – March 13, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Rajoo Nagar and John Pescatore

Any means access to enterprise applications and resources is the new normal, as is news on advanced threats and massive data breaches. While perimeter controls are not going away, the mantra of Zero Trust dictates a verify before trust approach to safeguard access. As companies continue to migrate to the cloud, organizations are considering per-application access using a software defined perimeter (SDP) architecture. SDP offers simple and secure endpoint to application authentication with stateful access compliance. While the death of firewalls and VPNs has been grossly exaggerated, how, when and where should organizations take advantage of this extended mode of secure access?

Join this expert/practitioner webinar to explore:

  • The ins and outs of SDP technology
  • Popular use cases and key considerations
  • Reference architecture for dual-mode VPN and SDP
  • Real world case study: criteria, implementation, lessons learned

Analyst Webcast: Maximizing SOC Effectiveness and Efficiency with Integrated Operations and Defense – March 12, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: John Pescatore and Arabella Hallawell

John Pescatore, SANS Institute, joined by Arabella Hallawell, NETSCOUT, will talk with security managers about how the most commonly cited barriers to improving security operations—including lack of budget and lack of staff—can be overcome. Attendees of this webcast will learn about:

  • Integrating processes and controls used by networks operations with those used for security operations;
  • Using timely, accurate threat intelligence to proactively tune detection and protection controls;
  • Assuring that defenses can withstand complex, multi-pronged attacks, and whether and how current defense architectures can be updated for tomorrows attacks.

The webcast also will help attendees understand effective SOC/NOC integration, including common processes/integration of tools used by NetOps (APM/NPM/DDoS) with SOC processes, as well as better use of threat data.

Register now and be the first to receive the associated paper and actionable takeaways.

Special Webcast: Purple Kerberos: Current attack strategies & defenses – March 11, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Erik Van Buggenhout

We have known Kerberos for quite a few years as a more secure authentication mechanism in Windows (especially when compared to NTLM and NTLMv2). In 2014, SANS Instructor Tim Medin was one of the first security practitioners / researchers to describe an effective attack strategy against Kerberos: Kerberoasting. Benjamin Delpy & Vincent Le Toux further developed Kerberos attack strategies in their infamous Mimikatz tool (Golden tickets, Silver tickets, & Skeleton keys). Join Erik in this webcast to discuss what attack strategies work in 2019 (& how?) + security controls for prevention and detection that can be applied!

Erik Van Buggenhout is the lead author of SANS SEC599 – Defeating Advanced Adversaries – Purple Team Tactics & Kill Chain Defenses. Next to his activities at SANS, Erik is also a co-founder of NVISO, a European cyber security firm with offices in Brussels, Frankfurt and Munich.

Special Webcast: Investigating WMI Attacks – March 7, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Chad Tilbury

Advanced adversaries are increasingly adding WMI-based attacks to their repertoires, and most security teams are woefully unprepared to face this new threat. Join SANS Senior Instructor Chad Tilbury for an overview of the state of WMI hacking, including real world examples of nation state and criminal actor tradecraft. Detection tools and analysis techniques for addressing the threat will be discussed along with actionable steps to better increase your organizations security posture.

{{!Read Chad Tilburys Blog Investigating WMI attacks here.}}

Special Webcast: The State of Kubernetes Security – March 6, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Liz Rice and Michael Hausenblas

Presented by the authors of the bestselling OReilly Book Kubernetes Security: Operating Kubernetes Clusters and Applications Safely

Kubernetes is fundamentally a pretty complex system with lots of different potential attack vectors aimed at currency mining and other threats. This talk provides a directional starting point to secure Kubernetes components and securing applications that run on top of these Kubernetes components. For the topics explored, pointers on where to further investigate will be offered.

Well touch upon:

  • Container image scanning and container security
  • Security boundaries (pod, namespace, node, cluster) and securing clusters form an API perspective
  • Control plane and the role of CIS
  • Authentication and authorization, including new tools available
  • No to root (and why)!
  • Runtime considerations, secrets management and more!

Special Webcast: SOF-ELK(R): A Free, Scalable Analysis Platform for Forensic, incident Response, and Security Operations – March 5, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Phil Hagen

There is no shortage of digital evidence, with many DFIR and Security Operations teams handling terabytes of log and network data per week. This amount of data presents unique challenges, and many tools are simply inadequate at such a large scale. Commercial platforms that are up to the task are often far out of budgetary reach for small- and medium-sized organizations.

The Elastic Stack, a big data storage and analysis platform, has become increasingly popular due to its scalability and open-source components. Countless investigative and security teams have incorporated Elastic into their toolkits, often realizing the significant level of effort required to customize and manage such a powerful tool. To overcome some of these hurdles, the SOF-ELK platform was created. SOF-ELK aims to be an appliance-like virtual machine that is preconfigured to ingest and parse several hundred different types of log entries, as well as NetFlow data. The intent is to provide analysts and investigators with a tool that leverages the power of the Elastic Stack with minimal setup time and effort. Originally a part of the SANS FOR572, Advanced Network Forensics & Threat Hunting course, SOF-ELK has been incorporated into additional SANS courses and is released as a free and open-source platform for the overall security community.

In this webcast, we will explore SOF-ELKs use cases, types of log data currently supported, as well as how to load data from live or archived sources. We will also show the various dashboards supplied with the VM and show how new features can be activated through the projects GitHub repository.

Analyst Webcast: Taking SIEM to the Cloud: A SANS Review of Securonix Next-Gen SIEM – March 1, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Dave Shackleford and Nitin Agale

Today’s security operations teams drown in data from security event management tools and platforms, yet investigators and threat hunters need better tools and capabilities to see behavioral trends and specific events in large environments. Is there a solution to this situation?

SANS reviews the Securonix SNYPR platform, which offers analysts and investigators a highly scalable analytics tool that focuses on ease of use, emphasizes correlation and behaviors, and has unique automation capabilities. Security operations teams, incident handlers and threat hunting professionals should attend to see how Securonix can offer fast, intuitive queries and deep investigation tools that are easy to use.

Register today and be among the first to receive the associated product review written by SANS instructor Dave Shackleford.

Special Webcast: NIST Recommendations for ICS & IIoT Security – February 28, 2019 3:30pm US/Eastern

This post was originally published on this site

Speakers: Phil Neray, Michael Powell, Jim McCarthy, Tim Zimmerman

WannaCry, NotPetya, and TRITON demonstrate that ICS and IIoT networks continue to be soft targets for cyberattacks, increasing the risk of costly downtime, safety failures, environmental incidents, and theft of sensitive intellectual property.

NIST and the NCCoE recently published a NIST Interagency Report (NISTIR) demonstrating how off-the-shelf, ICS-aware behavioral anomaly detection (BAD) effectively reduces cyber risk for manufacturing organizations, without impacting OT networks, as well as risk from equipment malfunctions.

The report was the product of a close collaboration between NCCoE, CyberX, and other technology providers such as OSIsoft.

In this joint webinar with NIST and CyberX, you’ll learn about:

  • Mapping the security characteristics of BAD to the NIST CSF
  • Using NIST’s reference architecture for your own ICS & IIoT environment
  • How CyberX detected 15 examples of high-risk anomalies in NIST’s testbed environment, including unauthorized devices; unauthorized remote access; plain-text credentials; network scans using ICS protocols; and unauthorized PLC logic downloads

We’ll also discuss how CyberX’s agentless platform helps you:

  • Auto-discover your ICS & IIoT assets, protocols, and network topology
  • Identify critical OT vulnerabilities and risks
  • Prioritize risk mitigation for your most valuable processes (crown jewels)
  • Enable rapid ICS threat detection, response, threat hunting, and prevention
  • Implement converged IT/OT security in your corporate SOC via certified apps for IBM QRadar, Splunk, ServiceNow, Palo Alto Networks, and other integrations with your security stack

Special Webcast: Improving Detection and Understanding the Adversary with Deception Technology – February 27, 2019 1:00pm US/Eastern

This post was originally published on this site

Speakers: Matt Bromiley and Ori Bach

Despite our best efforts, security practitioners are finding the same attacker return to their systems at least twice. Why is this happening? Are our detection methods working and if not, why not? This SANS webcast and associated whitepaper will look at the evolution of attackers, whether existing defenses are working and how to improve our stance.

Attendees will learn techniques used to identify, remediate and eradicate attackers as well as tips for successfully using deception techniques, including traps and lures. A case study will illustrate key recommendations.

Be among the first to receive the associated whitepaper written by SANS instructor Matt Bromiley.