##### Following are the upcoming SANS Webcasts #####
WEBCAST 1:
What's New for Security in Windows 10 and Server 2016?
WHEN: Monday, January 11 at 10:00 AM EDT (15:00:00 UTC)
Featuring: Jason Fossen
http://www.sans.org/u/bcS
What's new in Microsoft's latest operating systems? Windows 10 has 3D
facial scanning for biometric logins, new ways to protect credentials in
memory, plus a new browser (Edge) to replace the ailing Internet Explorer.
Server 2016 has Docker containers, Server Nano, virtual TPMs, PowerShell
5.0, and more. Attend this free webcast from "The Windows Guy" at SANS,
Jason Fossen, the author of the SANS six-day "Securing Windows with
PowerShell" course. Jason Fossen is not a Microsoft employee, so get the
straight story here.
WEBCAST 2:
Smartphone Forensics Moves Fast. Stay Current or You May Miss Relevant
Evidence!
WHEN: Tuesday, January 12 at 9:00 AM EDT (14:00:00 UTC)
Featuring: Heather Mahalik
http://www.sans.org/u/bHG
How have smartphone OS upgrades to iOS 8 and Lollipop changed the game of
forensics? The goal of this talk will be to cover new locations for data
storage, how the tools stand up to the changes and how to manually recover
data that the tools miss. We will look at residual data from older OSs on
Android and iOS (because an upgrade doesn't delete the old data) and
determine how the data is parsed and decoded while staying within a
limited budget.
WEBCAST 3:
Know Before You Go: Key AWS Security Considerations
WHEN: Tuesday, January 12 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Dave Shackleford and Matt Keil
http://www.sans.org/u/bBe
Sponsored by Palo Alto Networks (https://www.paloaltonetworks.com/)
If your data center expansion plans includes Amazon Web Services (AWS),
then please join SANS and Palo Alto Networks for an interactive webinar
that will cover key security considerations to protect your applications
and data from cyber criminals. Topics covered in this webinar will
include:
- What does the shared security responsibility model mean?
- Are native AWS security features sufficient?
- Can your AWS deployment be segmented for security?
WEBCAST 4:
Intelligent Intelligence: Secrets to Threat Intel Success
WHEN: Tuesday, January 12 at 3:00 PM EDT (20:00:00 UTC)
Featuring: David Bianco
http://www.sans.org/u/bHL
Those of us tasked with defending networks are lucky to live in a time
when there is so much information floating around about our adversaries,
their goals, techniques and tools. The sheer amount of information thats
readily available, though, can present a problem of its own: overload.
From reports to indicator feeds to samples of malicious files, theres just
so much raw data available that its often not clear which pieces will have
the most impact on our ability to resist our adversaries. Using them all
indiscriminately leads to piles of ignored alerts, swamped analysts and
undetected attacks. However, by making smart choices about which pieces of
information we use, we can both reduce the burden on the defender and
increase the cost of the adversarys attacks, making it harder for them to
operate against us. Join us to hear about a smarter, goal-driven approach
to using threat intelligence intelligently as we discuss Secrets to Threat
Intel Success.
WEBCAST 5:
From the Front Lines: Practical Application of DNS Threat Intel Data
WHEN: Wednesday, January 13, 2016 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Tim Helming and Robert M. Lee
http://www.sans.org/u/bSk
Sponsored by DomainTools (http://www.domaintools.com/)
Every day, security teams must make fast, accurate decisions about which
threats represent the highest risk, and how to defend against them.
Attacks today are more targeted and our adversaries often control
sophisticated, distributed networks. Goals range from data exfiltration to
control or compromise of industrial infrastructure. But even the most
stealthy and advanced attackers leave a trail behind them and these
breadcrumbs from DNS and Open Source Intelligence (OSINT) offer a wealth
of data for use in active defense.
In this webcast, we'll cover:
- How DNS intelligence exposed the attack infrastructure behind one of the
most sophisticated ICS (Industrial Control Systems) malware families
- Other examples of breaches and attack scenarios where domain profile
information could have helped detect or prevent the attacks
- Specific indicators of attack and potential compromise that can be found
in DNS, both internally and externally
- Ways to better defend against attacks and data exfiltration using DNS
and large-scale threat intelligence
WEBCAST 6:
WhatWorks in AppSec: ASP.NET Web API Security
WHEN: Thursday, January 14 at 3:00 PM EDT (20:00:00 UTC)
Featuring: Eric Johnson
http://www.sans.org/u/ams
In ASP.NET, Web API is the primary framework for building REST web
services to support mobile and browser-based applications. These endpoints
commonly perform transactions and data modifications that should be
heavily audited for security issues, but are often overlooked.
In this webcast, Eric Johnson, lead author of the DEV544: Secure Coding in
.NET course will discuss how to test and secure your Web API endpoints
from common validation, error handling, authentication, authorization,
CSRF, and transport layer encryption vulnerabilities. This webcast serves
as a primer for developers or architects supporting Web API endpoints and
will leave you with immediate takeaways to go secure your web services.
WEBCAST 7:
Threat Intelligence Awakens
WHEN: Monday, January 18 at 1:00 PM EST (18:00:00 UTC)
Featuring: Rick Holland
http://www.sans.org/u/9Jb
There's been an awakening. Have you felt it? Threat intelligence: it's
calling to you. Just let it in. Join Forrester analyst Rick Holland as he
describes the awakening of the cyber threat intelligence market. Rick will
discuss the current state of the CTI market, the need to produce organic
intelligence, and indicators of exhaustion (IOEs). This presentation will
include Star Wars: The Force Awakens spoilers.
WEBCAST 8:
How to Leverage The Critical Controls in 2016
WHEN: Tuesday, January 19, 2016 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Randy Marchany
http://www.sans.org/u/6K6
Today, more than in any other time in our history, it's important to have
a security strategy that effectively works to combat pervasive
cyber-attacks and threats. Using any old security strategy or tool simply
won't work because threats can turn on a dime. Companies that want to stay
ahead of threats employ best practices that have consistently worked over
time.
Since 2008, the Controls have consistently shown superior results. In this
webcast, CISO Randy Marchany of Virginia Tech will discuss the points he
addresses in his article, The 20 Critical Controls, and demonstrate how
large-small and private-public organizations use them to combat
cyber-attacks and threats. He will use real world examples of pain-free
ways to show you how to use these measures in your organization. When it
comes to implementing a security strategy, dont rely on assumptions or
incomplete analysis. Learn how to use a security dashboard that has
consistently delivered proven results time and time again. Register today
and start the New Year off with the right strategies and tools for
yourorganization.
WEBCAST 9:
Data-Driven Threat Intelligence: Metrics on Indicator Dissemination and
Sharing
WHEN: Tuesday, January 19 at 3:00 PM EDT (20:00:00 UTC)
Featuring: Alex Pinto
http://www.sans.org/u/bBt
For the last 18 months, MLSec Project and Niddel collected threat
intelligence indicator data from multiple sources in order to make sense
of the ecosystem and try to find a measure of efficiency or quality in
these feeds. This initiative culminated in the creation of Combine and
TIQ-test, two of the open source projects from MLSec Project. These
projects have been improved upon for the last year, and are able to gather
and compare data from multiple Threat Intelligence sources on the
Internet. This research culminated on a talk on SANS CTI Summit 2015 and a
contribution to the Verizon DBIR on the same year.
On this talk, we have gathered aggregated usage information from
intelligence sharing communities in order to determine if the added
interest and "push" towards sharing is really being followed by the
companies and if its adoption is putting us in the right track to close
these gaps. We propose a new set of metrics on the same vein as TIQ-test
to help you understand what does a "healthy" threat intelligence sharing
community looks like.
To better illustrate the points and metrics, we will be conducting part of
this analysis using usage data from some high-profile threat intelligence
platforms and sharing communities, that have been kind enough to
contribute with usage data for this research.
WEBCAST 10:
Dizzy New World of Cyber Investigations: Law, Ethics and Evidence
WHEN: Wednesday, January 20 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Ben Wright
http://www.sans.org/u/amx
Increasingly, employers and enterprises are engaged in cyber
investigations. The explosion of cyber evidence (email, text, metadata,
social media, big data, etc.) about every little thing that anyone does or
says creates a massive need for HR departments, IT departments, internal
audit departments and other investigators to find and sift through this
evidence. These cyber investigations are guided, motivated and restricted
by a blizzard of new laws and court cases. Increasingly enterprises need
professionals with backgrounds in cyber forensics, cyber law and computer
privacy.
This webcast will offer ideas on managing legal and ethical risk including
the risk that your enterprise would be the unwelcome target of a cyber
investigation by an adversary such as a tax authority!
WEBCAST 11:
Security Program Development, Maturity Models and Security Dashboards that
help you manage risk
WHEN: Wednesday, January 20, 2016 at 8:00 PM EDT (01:00:00 UTC)
Featuring: N. Dean Sapp - SANS Technology Institute Master's Degree
Candidate
http://www.sans.org/u/ceg
Have you ever had a difficult time developing a maturity model for your
security program and communicating your information security program
success and needs to your executives? If so, plan to attend this hour long
presentation on building a maturity model, effective information security
metrics, dashboards, and automated reporting. The security dashboard that
will be demonstrated has changed the culture for one very large non-profit
organization and it can help you build an incremental security program and
a plan to communicate important security metrics to your leadership in an
effective and compelling way.
WEBCAST 12:
The Frankenstein Framework - Assembling the Pieces to Enhance ICS Security
Without Creating a Monster
WHEN: Wednesday, January 27 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Justin Opatrny
http://www.sans.org/u/aPp
While the quantity and breadth of ICS security-related regulations,
frameworks, industry standards, and guidance continues to grow, it can be
difficult to navigate which best apply and will be useful to your
organization. From those under regulation to those looking to start or
stay ahead of the curve, taking a hybrid approach may be your best option.
This talk focuses on piecing together and re-animating your framework for
an extensible and sustainable ICS security program including:
- How to (re-)start these efforts
- Available resources to guide your program
- Evaluating applicability and fit
- Finding the value in those resources
- Methods to track and sustain
WEBCAST 13:
Why You Need Application Security
WHEN: Thursday, January 28 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Johannes Ullrich
http://www.sans.org/u/atS
Sponsored by Veracode (http://www.veracode.com/)
Inherent risks in web, mobile and cloud applications are keeping security
practitioners up at night, according to the 2015 SANS survey on
application security.
In this webcast, learn about the growing threats against applications, why
applications are so risky, why you need to include application security in
your enterprise security program, and how to get started.
WEBCAST 14:
Threat Hunting
WHEN: Tuesday, February 02 at 1:00 PM EST (18:00:00 UTC)
Featuring: Rob Lee, Robert M. Lee, Luis Maldonado
http://www.sans.org/u/amC
Sponsored by: Sqrrl (http://sqrrl.com/)
The threats facing organizations today mean that the analysts in security
operations centers can no longer sit passively waiting for alerts to come
through. Sophisticated attacks require a more active role in detecting and
isolating them. That's where threat hunting comes in.
Firewalls, intrusion detection systems and SIEMs all depend on alerts to
spur action. But alerts can be difficult to prioritize, largely because
they are limited in what they can tell the SOC about what is going on.
They are like pieces of a puzzle that leave analysts reactively digging
through log files and jumping from repository to repository as they try to
get a clear picture of the event that precipitated the alert.
In contrast, threat hunting is a proactive approach designed to uncover
threats that lie hidden in a network or system, evading more traditional
security tools.
In this webcast, you will learn how threat hunts are initiated, the skills
that threat hunters must have, and the differences between structured and
unstructured hunts.
WEBCAST 15:
What's New for Security in Windows Server 2016?
WHEN: Tuesday, February 02 at 3:00 PM EST (20:00:00 UTC)
Featuring: Jason Fossen
http://www.sans.org/u/atX
What's new in Microsoft's latest operating system for servers? Quite a
bit! Docker containers, Server Nano, virtual TPMs, Hyper-V upgrades, DNS
policies, PowerShell 5.0, and more can be found in Windows Server 2016.
Attend this free webcast from "The Windows Guy" at SANS, Jason Fossen, the
author of the SANS six-day "Securing Windows with PowerShell" course.
Jason Fossen is not a Microsoft employee or vendor rep, so get the
straight story here!
*** SPOTLIGHT WEBCAST *** WEBCAST 16:
SANS 2016 IT Security Spending Strategies Survey
WHEN: Wednesday, February 03 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Barbara Filkins and G. Mark Hardy
http://www.sans.org/u/8MS
Sponsored by: Arbor Networks (http://www.arbornetworks.com/) & Gigamon
(https://www.gigamon.com/)
During the last quarter of 2015, SANS conducted a survey of security
professionals who are involved in the budgeting process. The goal of the
survey is to help establish key trends and strategies for security
spending that can eventually help directors set correct spending
priorities and levels for their organizations.
Attend this webcast to learn:
- What influences security spending
- What line items are included in most IT security budgets
- How effective those spends are
- Where it makes sense to outsource to the cloud (or not)
- The most successful means of justifying security budgets and spends
- What trends and technologies are in future spending plans
WEBCAST 17:
Security Leadership: Strategies for Success
WHEN: Thursday, February 04 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Frank Kim
http://www.sans.org/u/au2
Learn three things that CISOs and security leaders can do to go beyond
technical skills and make information security relevant and understandable
to key stakeholders.
If you have ever been asked any of these questions and were not sure how
to answer then this session is for you.
- How do we decide where to invest?
- What business value does security provide?
- Are we doing a good job?
The increased importance and visibility of cyber security as a vital
component of business growth make it critical that security leaders
understand how to how to connect with senior executives and business
leaders. Join Frank Kim, seasoned security leader and CISO, as he explains
three things that will make you a more effective security business leader.
WEBCAST 18:
Scaling Big Data Analytics: SANS Review of LogRhythm 7 Analytics and
Intelligence Upgrades
WHEN: Friday, February 05, 2016 at 3:00 PM EST (20:00:00 UTC)
Featuring: Dave Shackleford and Erick Ingleby
http://www.sans.org/u/cel
Sponsored by LogRhythm (https://logrhythm.com/index.html)
When it comes to detecting and responding to breaches, time and accuracy
matter most. In this webcast, Senior SANS Instructor Dave Shackleford
discusses his experiences reviewing the newly-released LogRhythm 7. In
this webcast, learn how LogRhythm reduces mean time to detect (MTTD) and
mean time to response (MTTR) through machine-driven, real-time behavioral
analytics, rapid forensic search and automated response.
Mr. Shackleford will highlight and demonstrate the following:
- Forensic investigations across structured and unstructured meta data
- Contextual and unstructured search for faster and more precise results
- Improved overall platform performance built on native clustering
capabilities with faster processing, highly scalable indexing and
automated load balancing
- Streamlined administration for reduced operating costs
- Accurate event prioritization and incident response orchestration with
granular risk ratings and built-in case management
WEBCAST 19:
Mobile Threat Protection: A Holistic Approach to Securing Mobile Data and
Devices
WHEN: Tuesday, February 09 at 1:00 PM EST (18:00:00 UTC)
Featuring: Lee Neely
http://www.sans.org/u/aPu
The ubiquitous use of mobile devices has radically changed the landscape
of data protection, and the abundance of applications only complicates the
situation. Regrettably, not every application is what it seems. Users
can't always detect a well-crafted forgery or application that secretly
exfiltrates data in addition to the displayed functions. Additionally, not
every network is what it seems. Users stumble across illegitimate networks
that a intercept or even change legitimate communications from mobile
devices. And even legitimate operating systems and applications have
numerous vulnerabilities that can be exploited.
How, then, can mobile device data be protected? This webcast reviews the
current and emerging services and practices designed to help secure and
protect the data on these devices, and identifies areas where solutions
are needed to fill the remaining gaps and provides recommendations for a
holistic approach including mobile threat protection.
Attendees will learn:
- What role security tools such as analytics can play in managing mobile
devices
- What the risks are to mobile devices
- How mobile devices and data are currently protected and how effective
those protections are
- Common attack vectors and possible mitigation strategies
- Features and capabilities that a solution should have to provide
organizations with ideal mobile security and visibility
*** SIMULCAST *** WEBCAST 20:
CISO Hot Topic: Communicating to and Influencing CEOs and Boards of
Directors: What Works and What to Avoid
WHEN: Tuesday, February 09 at 6:00 PM EDT (23:00:00 UTC)
Featuring: John Pescatore, Alan Paller
http://www.sans.org/u/bcX
With security breaches regularly making headlines in mainstream media,
CEOs, boards of directors and agency heads are focusing on cybersecurity
and looking for answers from the CISO. As part of a continuing series of
'CISO Hot Topic' sessions, at SANS Scottsdale SANS will present sessions
with real world advice and 'What Works' examples for CISOs to learn how to
take advantage of opportunities to interact with top management in ways
that lead to increases in the effectiveness of the security program.
WEBCAST 21:
Passive DNS Logs: The Pulse of the Network (APAC Series webcast)
WHEN: Wednesday, February 10, 2016 - 10:00 am Singapore / 1:00 pm
Melbourne
Featuring: Philip Hagen and Ruby Souza (Moderator)
http://www.sans.org/u/ceq
Although some network protocols are more commonly seen than others, the
staggering reality is that there are thousands of protocols an analyst may
encounter during the course of an investigation, incident response, or
threat hunting program. Therefore, network forensic analysts will
recognize great efficiencies by reviewing those which provide insight to
many other protocols. A prime example is the Domain Name System, or DNS.
By logging all DNS queries and their responses, it's possible to
characterize the nature of nearly every other protocol - even many
undocumented, custom, and proprietary ones. This webcast will review
several different methods one can use to log DNS activity or extract it
from existing evidence, as well as analytic cases where it can provide
decisive value by itself or as clarifying evidence in support of NetFlow
and logs.
WEBCAST 22:
Predicting Future Attacks and Breaches: Analytics in Action
WHEN: Wednesday, February 10 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Dave Shackleford
http://www.sans.org/u/au7
Sponsored by SAS (http://www.sas.com/en_us/home.html)
The pace and sophistication of data breaches is forcing security teams to
adjust their security strategies. Where prevention used to be the sole
focus, now it's clear that detection and response are just as vital.
Organizations are not finding the indicators of compromise within their
environments soon enough, and they aren't responding to these incidents
and removing them quickly enough.
In addition to rapid event detection, correlation, and response, however,
we need the capability to predict future trends based on past and current
behavior, which is where security analytics may prove useful. This webcast
explores the growing necessity of security analytics and looks at some
sample use cases to support its adoption.
The webcast will explore:
- Why security professionals aren't asking the right questions - and what
those questions are
- Why many monitoring tools and strategies haven't worked
- What security analytics is - and what it isn't
- Some potential future uses of security analytics
WEBCAST 23:
Getting Started with Web Application Security
WHEN: Thursday, February 11 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Gregory Leonard
http://www.sans.org/u/auc
Sponsored by Veracode (http://www.veracode.com/)
Chances are, at any given moment, your organization's web applications are
under attack (if not already exploited). Attackers see web applications as
the front door: just one vulnerability allows them entry - perhaps to the
database supporting the web application or maybe to your business
partners, such as the payment processing vendor supporting your
application.
In this webcast, learn why Cross Site Scripting, SQL Injection, Input
Validation and other common vulnerabilities continue to plague web
applications. Speakers will discuss what types of web apps are most
targeted (such as Java and .NET, according to the 2015 SANS Application
Security Survey), why these types of applications are targeted, and what
the common outcomes of these types of breaches are.
Presenters will also provide educational and technical resources to help
security operations teams proactively manage their web applications by
finding and reducing vulnerabilities - before attackers can take advantage
of them.
WEBCAST 24:
What Works in Threat Prevention: Detecting and Stopping Attacks more
accurately and Quickly with Threatstop
WHEN: Friday, February 12, 2016 at 1:00 PM EST (18:00:00 UTC)
Featuring: John Pescatore and Ken Compres
http://www.sans.org/u/cev
Sponsored by ThreatSTOP (http://www.threatstop.com/)
Press coverage tends to focus on breaches - companies that have failed to
protect their business systems and sensitive customer data. However, many
enterprises have invested in improved processes, more advanced security
products and threat-driven prioritization approaches to show immediate and
measurable increases in both the effectiveness and the efficiency of their
security programs.
During this SANS What Works webcast, Ken will provide details of his
deployment of Threatstop to enable continuous monitoring of advanced
targeted attacks, supporting faster and more accurate detection, reduced
impact and demonstrating benefits to increased integrity and availability
of critical business processes.
Join SANS Director of Emerging Security Trends John Pescatore and Ken
Compres to hear details on the selection, deployment and experience using
Threatstop. The webcast will contain a discussion of lessons learned and
best practices as well as detail the metrics used to demonstrate the value
of Threatstop.
WEBCAST 25:
Ensuring Compliance and Detecting Suspicious Activity with Promisec
Endpoint Manager
WHEN: Wednesday, February 17 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Dave Shackleford and Steve Lowing
http://www.sans.org/u/8dc
Sponsored by Promisec (http://www.promisec.com/)
Ensuring compliance with security guidelines and standards is an ongoing
headache for security teams, while the need for rapid investigation of
suspicious activity can strain an organization's resources when they're
most needed. For both jobs, organizations need to have a solid grip on
endpoint configurations and, even more importantly, must be able to
identify when a configuration change represents a risk to the safety of
the network. Promisec Endpoint Manager covers both sides, detecting
deviations from baseline configurations and, once found, remediating them
in a single click.
WEBCAST 26:
Security Awareness: Understanding and Managing Your Top Seven Human Risks
WHEN: Wednesday, March 09 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Lance Spitzner
http://www.sans.org/u/auh
A key step to managing your human risk is first identifying and then
prioritizing those risks and then focusing on the top ones. After working
with hundreds of organizations, Lance Spitzner will discuss what are the 7
most common human risks he finds in organizations and what you can do to
effectively manage and measure those specific risks. Key points you will
learn include.
- Concepts of "cognitive overload" and how every behavior has a cost.
- Key elements in a human risk analysis.
- Determining the key behaviors that will mitigate your top human risks
- How to effectively communicate and measure those behaviors.
WEBCAST 27:
Is Active Breach Detection the Next-Generation Security Technology?
WHEN: Thursday, March 10 at 1:00 PM EDT (18:00:00 UTC)
Featuring: Dave Shackleford and Paul Kraus
http://www.sans.org/u/bBD
Sponsored by EastWind Networks (https://www.eastwindnetworks.com/)
Industry surveys, including the 2015 SANS survey on application security,
confirm what security analysts already know - network security
professionals feel they are losing the battle of the breach. It's
especially true for small and medium size businesses that don't always
have access to the latest and greatest breach detection tools, yet are
held to the same high data protection standards as the big guys.
In a smaller shop where staffing resources may be stretched to the limit,
there's no time to chase down excessive false positive alerts, but with
jobs as well as sensitive data exposure on the line, are there any
alternatives?
Cloud-based active breach detection is emerging as a next-gen security
technology, leveraging real-time machine learning, behavior analytics,
threat feeds, and malware analysis technologies to detect anomalies that
indicate a breach is underway. This webcast explores:
- Why traditional solutions aren't working
- What's at stake for SMEs that don't sharpen their defenses against
increasingly sophisticated hacker attacks
- How a typical SME can benefit from active breach protection
WEBCAST 28:
Benchmarking AppSec: A Metrics Pyramid
WHEN: Tuesday, March 15 at 1:00 PM EDT (17:00:00 UTC)
Featuring: SANS Instructor Jim Bird
http://www.sans.org/u/azr
Sponsored by Veracode (http://www.veracode.com/)
So you think you've assessed your applications, scanned them, patched them
and reduced your vulnerabilities, but how do you know if these actions
have actually improved your organizational risk profile?
In the 2015 SANS survey on application security, only 31% of respondents
felt their IT security spending was adequate, while 47% of those able to
assess their environments felt their programs needed improvement. Do you
measure improvement by number of breaches? Can you prove reduction in
attack surface? Did you improve compliance posture and if so by how much?
What benchmarks does management actually care about?
In this webcast, SANS instructor and application expert Jim Bird will
introduce his metrics pyramid covering technical, operational and
executive level benchmark requirements and resources.
WEBCAST 29:
Can We Say Next-Gen Yet? SANS 2016 Endpoint Security Survey
WHEN: Thursday, March 17 at 1:00 PM EST (17:00:00 UTC)
Featuring: Ray Davidson
http://www.sans.org/u/a5Q
Sponsored by Malwarebytes (https://www.malwarebytes.org/);
The SANS 2016 survey attempts to define what an endpoint is and explore
what types of endpoints are most targeted and why. Results will expose how
far endpoint vulnerability and security intelligence has evolved and
whether endpoint security policies are improving.
Attend this webcast to learn:
- What endpoints are covered by organizational policies
- How advanced endpoint protection is
- Whether organizations have centralized vulnerability management,
detection and response
- What endpoints are currently benefiting from advanced protection
- How to take this level of advanced protection to the rest of your
endpoints
WEBCAST 30:
Open Season on Cyberthreats: Part I - ThreatHunting 101
WHEN: Thursday, April 14, 2016 at 1:00 PM EST (17:00:00 UTC)
Featuring: Eric Cole, PhD
http://www.sans.org/u/amH
Sponsored by: Malwarebytes (https://www.malwarebytes.org/); Sqrrl Data
(http://sqrrl.com/); Bit9 + CarbonBlack (https://www.bit9.com/);
DomainTools (http://www.domaintools.com/); Endgame
(https://www.endgame.com/); HP Enterprise
(https://www.hpe.com/us/en/solutions/security.html)
Expanding on the results of the 2015 SANS Incident Response Survey, the
threat hunting survey explores the uses and benefits of threat hunting.
Results of the survey will be presented in a two-part webcast.
In Part 1 of the webcast, attendees will gain insight into:
- What threat hunting entails
- What pitfalls stand in the way of attaining actionable results
- What organizations are discovering through threat hunting
Part 2 of the webcast, held on Friday, April 15, 2016 at 1:00 p.m.
Eastern, will focus on threat hunting methodologies and tools.
WEBCAST 31:
Open Season on Cyberthreats: Part 2- Threat Hunting Methodologies and
Tools
WHEN: Friday, April 15 at 1:00 PM EST (17:00:00 UTC)
Featuring: Eric Cole, PhD
http://www.sans.org/u/aPz
Sponsored by: Malwarebytes (https://www.malwarebytes.org/); Sqrrl Data
(http://sqrrl.com/); Bit9 + CarbonBlack (https://www.bit9.com/);
DomainTools (http://www.domaintools.com/); Endgame
(https://www.endgame.com/); HP Enterprise
(https://www.hpe.com/us/en/solutions/security.html)
Expanding on the results of the 2015 SANS Incident Response Survey, the
threat hunting survey explores the uses and benefits of threat hunting.
Results of the survey will be presented in a two-part webcast.
Part 1 of this webcast, held on Thursday, April 14, 2016, at 1:00 p.m.
Eastern, focuses on what threat hunting is, pitfalls to gaining actionable
results and how threat hunting is currently being used.
In this part 2 webcast, attendees will learn about the following:
- What tools organizations are using for threat hunting
- What skills hunters need
- How threat hunting affects and is affected by security budgets
WEBCAST 32:
Managing Applications Securely: A SANS Survey
WHEN: Wednesday, April 27 at 1:00 PM EDT (17:00:00 UTC)
Featuring: Johannes Ullrich and Eric Johnson (Moderator)
http://www.sans.org/u/bBI
Sponsored by Checkmarx (https://www.checkmarx.com/), Veracode
(http://www.veracode.com/) & WhiteHat Security
(https://www.whitehatsec.com/)
Applications and software components, particularly web and mobile apps,
have proven difficult to manage and secure, according to the SANS 2015
survey on application security. This year's survey explores how
organizations are improving their application security practices, and what
they still need help with.
Webcast attendees will gain insight into best practices and get advice
about managing the security of their applications. Specifically, they will
learn:
- What applications introduced the most risk into respondents'
environments in 2015
- What percentage of their breaches resulted from badly-coded applications
versus how many came from configuration-induced vulnerabilities
- How frequently organizations test the security of their applications in
production
- What tools are most useful in protecting applications in production
- Management challenges around commercial third-party applications and
applications hosted in the public cloud.
WEBCAST 33:
Practical and Open Source Threat Intelligence
WHEN: Tuesday, May 17 at 3:00 PM EDT (19:00:00 UTC)
Featuring: James Tarala
http://www.sans.org/u/aum
Threat actors are not magic and there is not an unlimited, unique list of
threats for every organization. Enterprises face similar threats from
similar threat sources and threat actors - so why does every organization
need to perform completely unique risk assessments and prioritized control
decisions? This presentation will show how specific, community driven
threat models can be used to prioritize an organization's defenses -
without all the confusion.
Industry pundits often present the idea that every organization and every
industry is unique in their own special way. They present that enterprises
need to hire specialists and subscribe to up to the minute threat
intelligence to defend themselves against cyber-attack. While such
commentary can be beneficial, the majority of attacks still take place
using common methods and tools, exploiting weaknesses that can be found in
any industry.
In this presentation attendees with learn about an open, community-driven
threat model that can be used by any industry to evaluate the risk that
faces them. Then they will learn how to practically use this model to
prioritize enterprise defense and map to existing compliance requirements
facing organizations today. Whether you are in the Department of Defense
or work for a small mom and pop retailer, you will be able to use this
model to specifically determine a prioritized defense for your
organization.
WEBCAST 34:
Scapy and Snort, Packet Peanut Butter and Jelly
WHEN: Wednesday, May 18 at 1:00 PM EDT (17:00:00 UTC)
Featuring: Mike Poor and Judy Novak
http://www.sans.org/u/aur
Scapy is a Python library that takes packet crafting from an arcane
science to an intuitive user-friendly language. This webcast will discuss
how Scapy can be combined with Snort to help you craft packets to use with
Snort testing. You will also realize the power of Scapy and how it can be
used for many different crafting scenarios.
WEBCAST 35:
How to Negotiate a Cyber Insurance Policy
WHEN: Thursday, May 19 at 1:00 PM EDT (17:00:00 UTC)
Featuring: Ben Wright
http://www.sans.org/u/amM
When an enterprise purchases cyber insurance, negotiation can make a big
difference. Sometimes you can get more value from the insurer simply by
knowing to ask for a particular service or clause in the policy. Other
times, you may be able to negotiate substantial changes to a proposed
policy by citing case studies or experiences from other similarly-situated
enterprises. Commonly, to get the best value, you are wise to engage the
services of an attorney who is experienced in representing the interests
of commercial policy holders. This webcast will examine key topics to
consider in negotiation, and explain some relevant war stories.
