The U.S. Bureau of Labor Statistics reports that the employment of information security analysts is projected to grow 32% from 2018 to 2028, much faster than the average for all occupations. As one of the highest-paid jobs in the field, security analysts must become masters of all trades, becoming “all-around defenders,” highly competent in threat detection, while maintaining excellent analytical and communication skills. But what...

What does it mean to evaluate your attack surface? For many organizations, it may simply mean running a vulnerability scanner against their perimeter and hoping an attacker does not do the same. This legacy thinking leaves out all the nooks and crannies that attackers have become adept at finding. Your attack service should also include your system and network configurations, brand exposure, and knowledge of how your data is secured amongst nu...

Following a hugely successful initial run of the new security operations leadership course, MGT551, some of SANS best blue team minds have come together to build a brand new 5-day version of Building and Leading Security Operations Centers! Expanding upon the initial course themes of SOC design, organization, evaluation, and improvement, the new MGT551 offers an in-depth look at what it takes to build and manage next-level cyber defenses inclu...

Take a new look at Cisco Secure Email. We've radically simplified the way email is protected and how companies choose to migrate to the cloud. We've enhanced our comprehensive protection to defend against all attack methods with pinpoint accuracy. And we've raised the bar on integration with coordinated, multi-layered email security controls and the built-in capabilities of SecureX. We've optimized Secure Email to live up to its name more fully.

This SANS survey explored the types of services organizations are using, what types of controls and tools provide the most value, and how effective cloud security brokering is for a range of use cases. in this webcast, SANS analyst Dave Shakleford will join sponsor speakers to explore how survey results can inform and improve your cloud security posture. Register for this webcast to be among the first to receive the associated whitepaper writt...

The cybersecurity community is evolving from a fortress mentality of "network defense" to a "threat-informed defense" approach to achieve cybersecurity effectiveness, with purple team operations at the center. Why is this happening and what does this transition mean? Over the last decade, the U.S. military has been at the forefront of the transition to threat-informed defense operations, first in the intelligence-operations bond that developed...

Wondering which ICS assets are most commonly targeted and which assets to obtain security logs for your OT SOC? Looking for ICS incident response tabletop ideas? How to start an ICS assessment (pen test vs. vulnerability assessment) or see how the NIST CSF Categories map to whats important in ICS? We have recently published a series of ICS Cheat Sheets to guide the community in answering these questions. Join us in this webcast as Dean provide...

Join us for an update on the 2012 classic Thirteen Ways to Break a Firewall. We review an updated list of 13 common kinds of breaches, with a host of real-life examples. These intrinsic weaknesses are the big reason secure sites demand at least one layer of unidirectional protection in their defense-in-depth architectures.

Designed for security leaders tasked with managing a growing attack surface, the SANS Attack Surface Management Virtual Conference will take place on April 14, 2021 as a virtual event. This half-day event will bring together thought leaders, subject matter experts and practitioners to discuss, share and discover best practices for addressing the operational challenges associated with work-from-home transitions, cloud migrations, M&A, shado...

*To attend this webcast, login to your SANS Account or create your Account on the SANS website. In addition to the challenge brought on by the global pandemic, civil and social unrest, and a contentious political climate, organizations are also experiencing a massive spike in cybersecurity attacks related to their use of third parties ("Solargate"). This environment is systemically increasing the level of difficulty facing cybersecurity profes...