Tracking the software and software components an organization uses in its products and its operations is crucial for responding to emergency threats. However, building and maintaining these Software Bills of Materials (SBOMs) is very challenging, especially across large enterprises. In this session, Alyssa Miller discusses the hidden threats in the Software Supply Chain, and analyzes some of the unique challenges of open source software in fin...

Cyber threat data from multiple sources overwhelm today’s Security Operations Centers (SOCs) without a centralized method to aggregate it. Many organizations have immature threat intelligence programs that rely on select external threat feeds, which users struggle to analyze. A cyber threat intelligence program requires people, processes, and technology to process, exploit, and disseminate threat data. Threat intelligence is “evide...

Vulnerabilities are relentless and exploited by targeted attacks faster than ever with damaging results to business. Study after study shows that most successful attacks exploit well known vulnerabilities with existing patches. Most businesses already do some form of vulnerability scanning but for many, time to remediate has not gone down. Yet some organization have broken out of this pattern—how have they done it? One of the key differe...

Many of us are confined at home due to the COVID-19 pandemic. But, business as usual, many organizations are still facing security incidents (related to the virus or not). Let's imagine the following scenario: Your phone rings because a customer detected some suspicious activity on a server or a workstation. Of course, it must be investigated "as soon as possible". The server is physically located 500km away and you're stuck at home... How to...

Honeypots have always been a favorite of researchers. But making them scale and automating the operation of large "fleet" of honeypots operated by volunteers has been challenging. In this talk, you will get a brief tour of the infrastructure behind the SANS Internet Storm Center. You will learn how some of the recent attacks we detected and wrote about were picked up and analyzed by this global network of honeypots. We will look at live data,...

In the world of "Cloud" we have an entirely new landscape of services, vendors, and functionality. The growth of Cloud is being driven from all sizes of organizations, from 2 person start-ups to Fortune 10 companies. But what can we do to understand these Services better so that when we move to the Cloud its a successful shift, and doesnt introduce unnecessary risk? Theres plenty of room for error, but also plenty of room for success. Were goi...

Successful attacks almost always take advantage of conditions that could reasonably be described as poor cyber hygiene including the failure to patch known vulnerabilities, poor configuration management, and poor management of administrative privilege. In this session, well dig a little deeper into the idea. Well discuss the importance of cyber hygiene as a root cause issue for attacks, and as a defensive strategy. We look at various attempts...

In this webcast, sponsor representatives and report author John Hubbard will discuss the new SANS report, "Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework." The discussion will explore themes from the paper, including: What the MITRE ATT&CK Framework is Where ATT&CK is going Best practices for using ATT&CK information Register today and learn how to leverage the information and ecosystem of tools surround...

Thankfully, we've come far enough that we no longer need to make a case for why gender equality in cybersecurity is important and valuable. But the fact that women still represent less than 20% of the workforce in cybersecurity positions shows we have a long way to go. How do we get there? Achieving gender parity will require two important things: action and allies. Even the most well-intentioned organizations may not realize the gender bias i...

SANS continues to offer high-quality cyber security training taught by real-world practitioners at the top of their fields. SANS training via Live Online offers live-stream, instructor-led cyber security training with support from virtual TAs, hands-on labs, electronic books, plus new virtual NetWars challenges, and dedicated chat channels for peer networking. View details and register now to learn cutting-edge, immediately applicable cyber se...