SANS Institute - Upcoming Webcasts

Special Webcast: Using Cisco Stealthwatch to Increase Security By Enhancing Critical Security Control Performance - January 13, 2017 1:00pm US/Eastern

Fri, 13 Jan 2017 01:00:00 -1600

Speakers: Jamison Budacki and John Pescatore

Audits, penetration tests, and self-assessments had convinced the Senior Information Security Architect at Erie Insurance that Erie needed better situational awareness to speed up detection, response and resolution of cyber-threats. Erie focused on tools that could be shared by the security group and the network operations group, to increase collaboration and coordination of efforts. After evaluating several products, Erie chose Cisco Stealthwatch and was able to document improvement in security metrics, including more effective coverage and implementation of the CIS Critical Security Controls.

Wednesday Webcast: Enhanced Application Security for the Financial Industry - January 17, 2017 1:00pm US/Eastern

Tue, 17 Jan 2017 01:00:00 -1600

Speakers: Steve Kosten and Mike Ware

Application security is a growing concern for all businesses embracing a digital transformation, but in the financial sector, it is a top-level priority. With cyberattacks increasing in frequency and sophistication, financial institutions face the challenge of securing diverse portfolios of web and mobile applications that handle high volumes of transactions and sensitive data.

Organizations in the financial services industry go to great lengths to secure their applications, from adhering to industry standards and best practices to investing in penetration testing and web application firewalls. Despite these efforts, many AppSec initiatives fall short and fail to adequately secure business-critical applications.

So, what can be done to move the needle? The best answer today is to use a secure software development lifecycle (SDLC). Whether developing applications in-house, outsourcing development or purchasing applications from outside vendors, a financial institution must be able to ensure that secure development practices are being followed.

In this webcast, you will learn about the elements of a secure SDLC and why baking in proactive security controls early in the lifecycle is the best hedge against bugs that could be devastating if released into the wild. Attendees also will learn more about requirements and standards as well as best practices for financial services developmentand consequences for poor practices.

Be among the first to receive the associated whitepaper written by SANS expert Steve Kosten on this topic.

Special Webcast: Hunting with Cyber Deception and Incident Response Automation - January 18, 2017 1:00pm US/Eastern

Wed, 18 Jan 2017 01:00:00 -1600

Speakers: Gadi Evron

In this webcast, we will explore how to effectively use cyber deception to hunt advanced threat actors and other threats. We will discuss the use of incident response automation, and specifically how deception orchestration can be used to deploy successful deception campaigns.

Starting from the initial reconnaissance phase, cyber deception technology takes advantage of the critical stages through which all attackers must pass (infiltration and lateral movement) and creates a controlled path for them to follow. The most effective cyber deception solutions allow the organization to create deception stories and realistic environments for hunting cyber attackers.

Deception orchestration takes this to the next level by integrating incident response automation into the existing deception platform.

We will also introduce Cymmetria's community edition of their deception solution, MazeRunner, freely available for download. Webcast attendees will come away with an understanding of what cyber deception is, how to effectively use it to hunt threats, how MazeRunner can be effectively deployed, as well as how deception orchestration integrates with incident response automation.

Wednesday Webcast: Packets Dont Lie: Whats Really Happening on Your Network? - January 19, 2017 1:00pm US/Eastern

Thu, 19 Jan 2017 01:00:00 -1600

Speakers: Dave Shackleford and Rob McGovern

When it comes to detection and response, defenders require full visibility into what's traversing their network. In this webcast, senior SANS analyst and SANS trainer Dave Shackleford will discuss the outcome of his functional review of LogRhythm's Network Monitor Freemium (a free version of LogRhythm's Network Monitor product). In the review, he puts the tool through its paces to recognize contemporary threats such as bots, beaconing, unencrypted sensitive information, and ransomware.

Attend this webcast to learn:

· Why network monitoring should be an essential component of your security and operations toolkit

· How to automate threat detection that was previously only possible via manual packet analysis

· To create analyst workflow that leverages forensic investigation capabilities

· How to identify potential network threats such as port misuse or beaconing

· To respond to incidents discovered through deep packet analysis

· How to differentiate IT operations issues from security threats

Be among the first to receive the associated whitepaper written by Dave Shackleford.

Wednesday Webcast: Practical Application of Threat Intel for Network Defenders - January 23, 2017 1:00pm US/Eastern

Mon, 23 Jan 2017 01:00:00 -1600

Speakers: Dave Shackelford and Tim Helming

Threat Intelligence holds great potential for helping network defenders block adversaries who have not yet breached them, and find evidence of those who may have. However, making practical and impactful use of the data can be tricky. It doesnt have to be. Join Dave Shackleford of SANS and Tim Helming of DomainTools to learn straightforward methods and data sources to strengthen your security posture without breaking the bank. The webinar concludes with a simple 5-point checklist you can apply immediately to begin your organizations threat intel evolution. CPE Credit with SANS is available to all attendees.

Special Webcast: Next generation analysts for next generation threats - lessons from deploying best practices to hundreds of SOC teams! - January 24, 2017 11:00am US/Eastern

Tue, 24 Jan 2017 11:00:00 -1600

Speakers: John Pescatore and Meny Har

Security teams are challenged by a deluge of alerts straining both infrastructure and personnel. Managing a SOC requires operational pragmatism. Perfect prevention is not achievable, so organizations are shifting focus to visibility and response speed. As a result, the role of the security analyst is more important than ever and the job is only getting more difficult.

Having trained security analysts all over the globe, we will share insights on how leading organizations mature security operations capabilities by focusing on reducing the time-to-insight for identifying threats

In this webinar we will examine -

How the time-to-insight is the key factor in lowering remediation times
The efficiencies of centralizing threat response to a single pane of glass
Best practices leveraging automation and human intervention
How to operationalize response through a cohesive orchestration process from detection to remediation
Driving productivity throughout the incident response process

Wednesday Webcast: 2017 Cloud Security and Risk Benchmarks - January 24, 2017 1:00pm US/Eastern

Tue, 24 Jan 2017 01:00:00 -1600

Speakers: Brandon Cook and John Pescatore

Enterprise use of cloud services (SaaS, PaaS, IaaS) grew over 20% in 2016. How has that impacted the risk of cloud-related security incidents and data loss?

Join this webinar for a discussion of cloud security benchmarks for 2017 based on Skyhigh's newly published Cloud Adoption & Risk Report, an analysis of cloud usage & risk from over 600 enterprises and 30 million users.

We'll review hard data on cloud security and answer questions that should guide cloud security strategies, including:

· How much sensitive data is uploaded to cloud services?

· What is the prevalence of insider threats and compromised accounts?

· What are the most common data loss & compliance risks?

· How are leading organizations addressing cloud security challenges?

Wednesday Webcast: Implementing and Maintaining a DevSecOps Approach in the Cloud -
Tips, tricks, operational and security best practices - January 25, 2017 1:00pm US/Eastern

Wed, 25 Jan 2017 01:00:00 -1600

Speakers: George Gerchow and Mark Bloom

Its no secret that continuous innovation and speed to market are mandating dynamic paradigm shifts in how companies conceive, develop and implement IT operations and security strategies. While this is all fine and well for the DevOps teams, for the folks managing security, these innovations bring up new challenges. Modern applications must be architected and managed with security in mind from the get-go, and building a SaaS offering that has security baked in is a whole new game.

DevSecOps is the name of the game, but there isnt always a clear path to implementation and adoption. Between protecting against major attacks that arrive on a daily basis to maintaining compliance with strict regulations, leaving the boundaries of traditional IT can leave some security professionals quaking in their boots.

Fear not, friends! There is a way to be secure and compliant in the cloud with the right approach. In this webinar, George Gerchow, VP of Security and Compliance at Sumo Logic, will do a deep dive into the steps it takes to successfully implement and maintain DevSecOps in your organization at scale. He will be discussing:

· What it took to build a world-class data analytics service on AWS from the ground up

· Technologies used to gain necessary operational and security visibility

· Tips and tricks to maintain optimal levels of performance, integrity and availability of the data

· How to best approach regulatory compliance in the cloud in pursuing certifications like PCI DSS, ISO 27001, CSA STAR, TRUSTe, SOC 2, Type 2, etc.

· Challenges encountered in the journey and how they were addressed

Special Webcast: Stop Threats in their Tracks- An Introduction to Advanced Malware Protection - January 25, 2017 3:00pm US/Eastern

Wed, 25 Jan 2017 03:00:00 -1600

Speakers: Tom Stitt and Brian McMahon

It's no longer a question of if youll be breached, but a matter of when. Major breaches in 2016 have created great uncertainty about the future.

2016 has been a busy year for cybersecurity breaches. Companies large and small were exploited and their confidential information exposed. And breaches will continue to rise in 2017. Which begs the question- what can we do to protect ourselves?

Join Cisco Security experts for a webinar to:

· Understand how todays evolving threat landscape impacts your IT security defenses

· Learn tips to stay one step ahead of attackers

· Learn how Cisco Advanced Malware Protection (AMP) delivers the visibility, context, and control needed to defeat advanced malware across the extended network

· See how you can reduce time to detection with Cisco AMP and Threat Grid

Wednesday Webcast: Dont get marooned on Analytic Islands - January 26, 2017 12:00pm US/Eastern

Thu, 26 Jan 2017 12:00:00 -1600

Speakers: Mark Watkinson

5 years ago the constant drip, drip, drip of breaches hitting the news was evidence of preventive signature based defenses were not working and a move to fast recovery was needed. New approaches were needed, signature-less detection focused on detecting behaviors. But behavioral analytics has significant challenges, particularly the need for more data and the need to control false positives, this meant data from endpoints, network devices and applications. Few companies in Cyber Security have the capabilities to cover all these bases, most are focusing on endpoint, or network or applications or cloud. They are developing analytics to find threats within the data captured by their sensors. With the industry buzzing about analytics, the drive for the vendor community to be able to crow about detection analytics and integrate these into and create platforms has led to a compounding of an old security problem The detection silo or Analytic Islands Detection is best served where analytics can use the widest possible data sources, so multiple analytic platforms are counter-productive. Creating analytic islands, on vendor platforms aligned to types of data will not serve to optimize detection. So how Security Leaders invest? Invest in tools that allow data to be easily moved in and out of their native platforms giving the organization the choice of how best to use it, Invest in tools that allow data to be flexibly retrieved cross infrastructure from Endpoint to cloud Invest in centralized analytic/detection/forensic response capability to support Security operations, and allow better use of human resources Invest in the best detection not in platform siloes but across platform, see the whole campaign and give Incident response the best chance BAE Systems does not build sensors, we build analytics. We work with sensor vendors to use the best of their detection, and ensure we still have access to the full data set so that when we see a new threat we can choose the best way to detect it from all the data.

Special Webcast: Mimecast Targeted Threat Protection - January 26, 2017 2:00pm US/Eastern

Thu, 26 Jan 2017 02:00:00 -1600

Speakers: Jerry Shenk and Matthew Gardiner

The FBI estimates that between October 2013 and August 2015, more than 7,000 U.S.-based organizations lost a total of $748 million to business email scams.

Recipients open an average of 30% of phishing emails, according to the 2016 DBIR, which makes email a great way to transport malware, but also allows the growth of exploits that are decidedly nontechnical in nature. Most rely on the same tricks as confidence artists in the real world: the appearance of legitimacy and the tendency of victims to go along with requests that appear to be on the up-and-up, without checking to be sure.

In this webcast, SANS senior analyst Jerry Shenk will discuss his evaluation of Targeted Threat Protect, an email-security service from Mimecast that is one of a number that are focused on stopping sophisticated phishing attacks. Among its most difficult targets: whaling attacks using spoofed accounts and credible-sounding background to spoof high-level executives asking for sensitive data, access or the transfer of money to accounts owned by scammers. Mimecast added a service called Impersonation Protect in March to bolster its Targeted Threat Protection email-security service, which scans and filters more than 180 million emails per day looking for malware, viruses and other typical dangers as well as indications that what an email says to users who open it might be more dangerous than anything it can do on its own.

Be among the first to receive the associated product review written by SANS senior analyst Jerry Shenk, who has long experience writing SANS reviews of systems designed to stop spam, scams and other email-borne threats.

Wednesday Webcast: 3 Cs of Security Awareness - January 31, 2017 1:00pm US/Eastern

Tue, 31 Jan 2017 01:00:00 -1600

Speakers: Lance Spitzner

After working with over 1,000 organizations on building, maintaining and measuring their awareness program, we have found a common theme. Soft skills, or more specifically the lack of soft skills, are often a key reason why awareness programs struggle to have an impact. These findings are reinforced by data from the annual Security Awareness Report. In this webcast we cover how organizations can address these issues by focusing on the 3 Cs of awareness: Communications, Collaboration and Culture. We will explain what each of these three elements are and how organizations can make the most of them.

Special Webcast: Threat Hunting: Open Season on Cyber Threats - January 31, 2017 8:00pm US/Eastern

Tue, 31 Jan 2017 08:00:00 -1600

Speakers: Dr. Eric Cole

SANS Asia-Pacific Webcast Series- Threat Hunting: Open Season on Cyber Threats

Most organizations are involved in threat hunting to some extent, according to results of a new survey.

"Every hour of every day you are either hunting or being hunted," says Eric Cole, PhD, SANS Analyst and network security expert. "The only question you have to ask is which side do you want to be on?"

Nearly 86% of organizations responding to the survey want to be doing the hunting, albeit informally, as more than 40% do not have a formal threat hunting program in place.

"The question is no longer whether or not you are going to have a breach, but how quickly you will detect the adversary to control the overall impact," Cole continues. "Building a hunting program can help your organization reduce the amount of damage from an attack."

Results indicate that hunting is providing benefits. In this survey, 52% who have implemented threat-hunting programs have found previously undetected threats, 74% have reduced attack surfaces, and 59% enhanced speed and accuracy of response by using threat hunting.

Responses indicate that organizations want to realize more benefits from threat hunting and to formalize their programs, with 88% of those respondents who do threat hunting saying their threat-hunting programs need to be improved. Join us for this webcast which will discuss what threat hunting is, pitfalls to gaining actionable results and how threat hunting is currently being used.

**Note: This webcast is free of charge however a SANS portal account is required

Special Webcast: Digital Ghost: Turning the Tables on Cyber Attacks in Industrial Systems - February 1, 2017 1:00pm US/Eastern

Wed, 01 Feb 2017 01:00:00 -1600

Speakers: Michael Assante and Robert Garry

Recent attacks on industrial systems and infrastructure have underscored the urgent need to better protect these critical assets. In parallel, organizations are learning that their data could be just as important as their physical systems. In fact, digital data from sensors and elsewhere could hold the answer to earlier prediction, detection and protection from cyber attackers.

Attendees at this webcast will learn about:

· How attacks typically occur and the role of the ICS kill chain to detect and disrupt attacks

· Beyond traditional network security, how sensor data can be used to detect suspicious events and drive adaptive machine response

· How to use digital data to prevent or minimize damage to physical systems

Be among the first to receive the associated whitepaper written by Michael Assante.

Special Webcast: What Works in Situational Awareness and Visibility: Reducing Time to Detect and Lowering Business Impact with Splunk - February 2, 2017 1:00pm US/Eastern

Thu, 02 Feb 2017 01:00:00 -1600

Speakers: John Pescatore and Ryan Niemes

Detecting malicious activity more quickly and more accurately is key to reducing business impact of cybersecurity threats. This requires both visibility into alerts and logs from servers, PCs and network devices but also analytic tools to enable cybersecurity analysts to prioritize response and mitigation actions. A common success factor of those organizations who are not in the news for yet another breach is investment in the people, processes and technology to decrease time to detect and time to mitigate without requiring negative impact to business operations.

During this SANS What Works webcast, Ryan Niemes, Lead Security Analyst at rapidly growing biotech firm, Illumina, will provide details of his deployment of Splunk to enable continuous monitoring of advanced targeted attacks, supporting faster and more accurate detection, reduced impact and demonstrating benefits to increased integrity and availability of critical business processes.

Join SANS Director of Emerging Security Trends John Pescatore and Ryan to hear details on the selection, deployment and experience using Splunk. The webcast will contain a discussion of lessons learned and best practices as well as detail the metrics used to demonstrate the value of Splunk.

Special Webcast: Tools and Techniques for Assessing Android Malware - February 8, 2017 8:00pm US/Eastern

Wed, 08 Feb 2017 08:00:00 -1600

Speakers: Christopher Crowley

SANS Asia-Pacific Webcast Series- Tools and Techniques for Assessing Android Malware

Join us for the next installment of the SANS APAC webcast series, as we take a detailed look at Tools and Techniques for Assessing Android Malware.

Topic: Tools and Techniques for Assessing Android Malware

Presenter: Christopher Crowley, SANS Principal Instructor

Date: Thursday, February 9, 2017

Time: 9:00 am Singapore / 12:00 pm Canberra

Note: This webcast is free of charge however a SANS portal account is required (see webcast link for details)

SANS Asia-Pacific Webcast Series- Tools and Techniques for Assessing Android Malware

Android malware is substantially more common that iOS malware. Android users can choose to disable the Unknown sources Allow installation of apps from unknown sources and install applications from anywhere.

In this webcast Christopher Crowley will show tools and techniques you can use to inspect Android applications to determine if they exhibit malicious behavior. This methodology can be employed as forensic analysis and can also be used in application assessments to determine if an application is suitable for use within an organization.

Malicious behavior includes: persistent root, installation of ad revenue producing apps, and key logger collection of credentials to steal information within protected containers. Malware spreading vectors includes drive by downloads, and fraudulent applications purporting to be pornography. It also tries to trick users into installing software, claiming to be an update, in order to root the phone.

Get a preview of capabilities to be discussed in the upcoming SEC575 in Canberra, ACT March 20th - 26th.

Special Webcast: Application White-listing through Bit9 aka Parity aka Carbon Black Protect - A Masters Candidate Webcast - February 21, 2017 8:00pm US/Eastern

Tue, 21 Feb 2017 08:00:00 -1600

Speakers: Michael Weeks

Security professionals have espoused the shortfalls of Anti-Virus for detecting and deterring modern threats since APT became an industry term. One such solution is Carbon Black Protect (Formerly Bit9 Parity) an application white-listing vendor who was one of the first companies to offer a solution in the space. Cyber security professionals looking to implement an application white-listing solution should pay particular attention to some of the shortfalls and implementation issues regarding Carbon Black Protect. However, the proper implementation of the solution can significantly decrease infections and greatly improve an organizations security posture. Another interesting product from the same company is Carbon Black Response, a product that fits in the Enterprise Detection and Response (EDR - Gartner term) space. This solution can significantly expand information security focused forensics investigations at an enterprise scale. The ability to isolate systems for analysis, immediate process-tree analysis, and memory resident network connections - are a necessary capability for high-level Incident Response personnel. Both products also complement each other significantly and provide next-generation incident response capabilities.

Wednesday Webcast: Next-Gen Endpoints Risks and Protections: A SANS Survey Part 1: New Devices and Risks - February 28, 2017 1:00pm US/Eastern

Tue, 28 Feb 2017 01:00:00 -1600

Speakers: G. W. Ray Davidson, Anthony Di Bello, Ty Powers and Dana Torgersen

Endpoints are more than just servers, desktops and laptops--and not all of them are under corporate control. Today's endpoints also include printers, industrial controls, HVAC systems and even wearables, according to the 2016 endpoint security survey.

So, how has the endpoint threat landscape changed in the last year? And what have IT security teams done to improve their ability to identify and protect the endpoints they deem risky? Attendees will get answers to these questions, as well as learn about the following:

What new devices are considered endpoints and how well these devices are wrapped into respondents' security programs
Types of breaches organizations are detecting
How endpoint breaches are detected
What was targeted on those endpoints and why
How endpoints are still used to pivot deeper into the organization through credential theft and other means
Whether or not organizations prioritize and manage risk related to those endpoints

Answers to these questions directly relate to what IT professionals demand from next-gen endpoint protections, which is the topic of SANS' Part 2 webcast on March 1, 2017. Click here to register for the Part 2 webcast.

Be among the first to receive the associated whitepaper written by SANS Analyst G. W. Ray Davidson.

Wednesday Webcast: Next-Gen Endpoints Risks and Protections: A SANS Survey Part 2: Next-Gen Protection and Response - March 1, 2017 1:00pm US/Eastern

Wed, 01 Mar 2017 01:00:00 -1600

Speakers: G. W. Ray Davidson

Endpoints, especially user endpoints, are where most attacks get started, according to multiple SANS surveys. However, next-generation endpoint controls, while progressing, are not keeping up with the variety of devices and threats.

The Part 1 portion of the report on the SANS survey on next-generation endpoint risks and protections (held on February 28, 2017), covers how the endpoint landscape has changed in the past year and what IT security teams have done to improve their security posture. Click here to register for the Part 1 webcast.

In this webcast, Part 2 of the results of the 2017 survey on next-generation endpoint risks and protections, we explore whether or not organizations' tools and services are up to next-generation demands. In this webcast, attendees will learn:

How organizations manage risks related to the variety of endpoints on their systems
Respondent definitions of next-generation security
Features users need that they're not getting with current controls
Level of automation organizations are achieving to detect, protect and remediate
Best practices advice from those working in the field of endpoint risks and protections

These and other results will be discussed by SANS author G. W. Ray Davidson and thought leaders from leading endpoint security vendors.

Be among the first to receive the associated whitepaper written by SANS Analyst G. W. Ray Davidson.

Special Webcast: Complying with the General Data Protection Regulation: A Guide for Security Practitioners - March 8, 2017 1:00pm US/Eastern

Wed, 08 Mar 2017 01:00:00 -1600

Speakers: Benjamin Wright and Kevin Flynn

The General Data Protection Regulation or GDPR is the latest amplification of the European Unions data security requirements that articulates measures to protect individuals and holds organizations accountable for data security.

When it goes into effect, GDPR can apply widely to various organizations, including many without a physical presence in the European Union. In this webcast, we will explore this lengthy, complex regulation by focusing on the key steps your organization needs to take in order to comply. This includes how to get ready for the regulation; how to identify a Data Protection Officer and what this person needs to know to be effective in this role; as well as steps toward and a checklist for compliance with concise, practical information your organization can begin using now.

Wednesday Webcast: Cyber Threat Intelligence in Action-Skills and Implementations: Results of the 2017 Cyber Threat Intelligence Survey Part 1 - March 15, 2017 1:00pm US/Eastern

Wed, 15 Mar 2017 01:00:00 -1600

Speakers: Dave Shackleford

With all but 6% of respondents now deploying cyber threat intelligence (CTI) in their environments (based on our 2016 CTI survey), this new survey, developed by Dave Shackleford, senior SANS instructor and GIAC technical director, explores how and where organizations are integrating CTI, how its helping, and what barriers inhibit full implementation of CTI.

Attend this webcast and learn:

Staffing and skills required for utilizing and managing CTI
How extensive most deployments are today
Most useful types of CTI data and standards
Differences between Big Data analytics and CTI data analytics and why it matters

Be among the first to receive the associated whitepaper written by Dave Shackleford.

This is the first of a two-part webcast series releasing our 2017 CTI survey results. The second webcast, on Thursday, March 16, 2017, at 1:00 p.m. Eastern, will focus on the effectiveness of CTI efforts and what respondents want to see in the coming years. Click here to register for the Part 2 webcast.

Wednesday Webcast: Cyber Threat Intelligence in Action-Effectiveness of CTI Programs and Wish Lists for the Future: Results of the 2017 Cyber Threat Intelligence Survey Part 2 - March 16, 2017 1:00pm US/Eastern

Thu, 16 Mar 2017 01:00:00 -1600

Speakers: Dave Shackelford

Cyber threat intelligence (CTI) usage is maturing, but organizations still have a long way to go, based on our 2016 CTI survey results. This webcast will cover improvements in CTI usage and integration over the past year, as well as what CTI consumers would like to improve.

In this webcast, featuring Dave Shackleford, senior SANS instructor and GIAC technical director, attendees will learn:

Best practices and standards for integrating and utilizing CTI
Whos utilizing CTI data and for what purposes
Usefulness of reports and data output
Wish lists for future iterations of their CTI deployments

Be among the first to receive the associated whitepaper written by Dave Shackleford.

This is the second part of a two-part webcast series releasing our 2017 CTI survey results. The first webcast, on Wednesday, March 15, 2017, at 1:00 p.m. Eastern, will focus on the how CTI is being implemented and the inhibitors that affect organizations ability to establish and maintain programs. Click here to register for the Part 1 webcast.

Special Webcast: Protecting Business Mobility Against Emerging Threats - March 17, 2017 1:00pm US/Eastern

Fri, 17 Mar 2017 01:00:00 -1600

Speakers: John Pescatore and Prakash Nagpal

The increase in mobile employees and customers, along with increased business use of cloud-based services, creates security concerns for organizations. Moreover, DNS has become an easy target for exploitation because it is often under-protected. The Mirai attacks provide a recent example of this in the DDoS arena, and new DNS-based attacks that enable data breaches are emerging. Visibility into threats on mobile devices and networks, and protecting mobile users is a challenge - but far from impossible, especially when on-premise security solutions can be extended to integrate cloud-based delivery.

Security teams need to determine which threats are most important to their organization, who is targeting their organizations, and where risk originates. SANS director John Pescatore will examine how evolving threats, increased business demand for mobility, and use of cloud services is requiring many security programs to use mixtures of on-premise and cloud security services to reduce risk. This webcast and associated whitepaper highlights the steps necessary, including the Critical Security Controls, to protect on-premises, mobile and remote office users from cyber attacks, including DNS based data breaches. Learn why a hybrid approach to DNS security can be effective for enterprises, especially those with branch offices, remote workers and mobile workers.

Wednesday Webcast: Impact of Isolated Cyber Security Functions: A SANS Survey - April 20, 2017 1:00pm US/Eastern

Thu, 20 Apr 2017 01:00:00 -1600

Speakers: G. W. Ray Davidson

Is there really a gap in focus among cyber security functions in todays enterprise? Are these gaps impacting organizations capabilities to prevent, detect, and respond as needed in the ever-escalating threat landscape? These are the questions being asked by a new SANS survey discussed during this live webcast.

The results of the survey detail the roles, responsibilities and departments that guide and manage these functions. Well also look at how tools and processes are implemented and shared across prevention, detection and response functions.

In this webcast, we will explore the following:

Structure and function of cyber security teams
Types of risks associated with lack of coordination among teams and tools
Organizational plans to improve and automate coordination of these tools, processes and teams across cyber security functions

Attend this webcast and be among the first to receive the associated whitepaper written by SANS Analyst G. W. Ray Davidson, with advice from SANS Analyst and research director Barbara Filkins.

Special Webcast: Threat HuntingModernizing Detection Operations: The SANS 2017 Threat Hunting Survey Results | Part 1 - April 26, 2017 1:00pm US/Eastern

Wed, 26 Apr 2017 01:00:00 -1600

Speakers: Rob Lee and Robert M. Lee

SANS 2017 Threat Hunting Survey - Is threat hunting proactive, reactive or both? Tell us in this SANS survey: https://www.surveymonkey.com/r/2017SANSThreatHuntingSurvey

In this webcast, SANS will release results of its second annual Threat Hunting Survey. According to our previous survey on this topic, the 2016 SANS Survey on Threat Hunting, 86% of IT departments utilized threat hunting, although only 40% had any formal threat hunting program, and 88% said their threat hunting programs needed to be improved.

Have threat-hunting programs been formalized over the past year? And if so, to what degree? Is hunting being used more proactively than in 2016? Rather than relying on indicators of compromise to start a hunt, are hunters proactively searching for the unknown?

This webcast, the first of a two-part report of the SANS Threat Hunting Survey will look at the current state of threat-hunting programs and how they have changed in the past year. In it, attendees will learn:

How regularly respondent organizations hunt for threats
Whether respondents have been more successful at hiding their hunts from adversaries
What improvements theyve made in the time it takes to hunt for threats
How they utilize their hunting information (prevention, response, improved risk posture)
What inhibitors hold organization back from achieving proactive, continuous threat hunting

Register for this webcast and be among the first to receive access to full survey results paper, developed by SANS Fellow Rob Lee, publishing in association with the SANS Threat Hunting and Incident Response Summit.

Click here to register for the second part of the two-part results webcast on Thursday, April 27, 2017 . That webcast will focus on the skills required for threat hunters, along with best practices, tools and threat intelligence feeds that make up the hunting ecosystem.

Special Webcast: Reducing Attacks and Improving Resiliency: The SANS 2017 Threat Hunting Survey Results | Part 2 - April 27, 2017 1:00pm US/Eastern

Thu, 27 Apr 2017 01:00:00 -1600

Speakers: Robert Lee and Robert M. Lee

SANS 2017 Threat Hunting Survey - Is threat hunting proactive, reactive or both? Tell us in this SANS survey: https://www.surveymonkey.com/r/2017SANSThreatHuntingSurvey

Even though their processes arent formal or mature, respondents reported benefits from their hunting practices, including reduce attack surfaces and detection of unknown threats in the enterprise, according to the 2016 SANS Survey on Threat Hunting. In that survey, 74% of respondents who use threat hunting said that hunting for threats reduced their attack surfaces, while 59% cited more accurate response, and 52% found previously undetected threats that were active in their enterprises.

This new 2017 survey, publishing in association with the SANS Threat Hunting and Incident Response Summit, further defines how organizations apply threat hunting to enterprise response and detection, while also bringing out new best practices for integration and use of threat-hunting information. During this session, the second in a two-part series, attendees will learn about:

Tools and skills utilized for successful hunts
Formality of threat-hunting programs and who staffs and leads teams
Required data feeds and collectors
Future uses for threat hunting
What respondents have on their wish lists

Click here to register for the first part of this two-part webcast, being held Wednesday, April 26, to learn about the progress being made in threat-hunting practices, as well as the inhibitors holding organizations back from achieving the full benefits of proactive threat hunting in their enterprises.

Special Webcast: SOCs Grow Up to Protect, Defend, Respond: Results of the 2017 SANS Survey on Security Operations Centers, Part 1 - May 17, 2017 1:00pm US/Eastern

Wed, 17 May 2017 01:00:00 -1600

Speakers: Christopher Crowley

SANS 2017 SOC Survey is NOW OPEN - It takes a village to protect today's networks from cyber threats. Tell us how your organization is accomplishing these tasks and enter to win a $400 Amazon gift card! https://www.surveymonkey.com/r/2017SANSThreatHuntingSurvey

Join survey author Christopher Crowley as he co-chairs the SANS SOC Summit June 5-6, 2017.

It takes a village to protect today's networks from cyber threats. And, today's security operations centers (SOCs) represent villages unto themselves, with many different roles and technologies supporting multiple, complex tasks and often spanning geographies.

Whether in-house or in the cloud, SOCs are maintaining prevention and detection systems and monitoring hosts, the network and the Web for vulnerabilities. Increasingly, SOC functions are converging with intelligence, threat hunting and other emerging processes to aid in prevention and response.

How are organizations accomplishing these tasks? What types of resources are they utilizing to staff and run their SOCs? And what type of organizations are turning toward cloud-based managed services for part or all of their SOC needs? In this first part of a two-part webcast, join SANS principal instructor, Chris Crowley, who will share the results of SANS' first survey on security operations centers. Attend this webcast and learn about trends in SOCs, including:

Basic SOC architectures
Preparedness, staffing and capabilities
Level of automation and integration between prevention, detection and response
The SOC's relationship with IT Ops
What types of organizations are using cloud-based SOC services
What types of organizations are devoting mostly in-house resources to maintain their own SOCs
What functions are most commonly turned over to the cloud versus what are most commonly kept in-house

Register for this webcast and be among the first to receive a link to the associated results whitepaper written by Chris Crowley. Click here to register for the second part of this webcast: Future SOCs, held on Thursday, May 18, 2017

Special Webcast: Future SOCs: Results of the 2017 SANS Survey on Security Operations Centers, Part 2 - May 18, 2017 1:00pm US/Eastern

Thu, 18 May 2017 01:00:00 -1600

Speakers: Christopher Crowley

Join survey author Christopher Crowley as he co-chairs the SANS SOC Summit June 5-6, 2017.

SOCs need to provide active defense against live, often unknown threats, while measuring their security success with metrics. Just how satisfied are organizations with their SOCs in these areas? Do they experience better service with cloud-based managed providers or are in-house SOCs most effective? And what did respondents to the new SANS SOC survey indicate that they'd like to see in their future SOCs?

These and other questions will be answered in this second part of a two-part webcast releasing the results of the 2017 SANS Survey on Security Operations Centers. Attend this webcast to, learn:

Functionality respondents most value in their SOCs
Whether or not they are more satisfied with cloud-based SOC services or their in-house SOC teams
Who's measuring success of SOC operations and how they are measuring success
What's on respondents' wish lists for SOC operations in 2018

Register for this webcast and be among the first to receive a link to the associated whitepaper written by Chris Crowley that will release the full results of the survey. Click here to register for Part 1 of our SOC survey webcast: SOCs Grow Up to Protect, Defend, Respond, held on Wednesday, May 17, 2017.

SANS Institute - Upcoming Webcasts

Special Webcast: Using Cisco Stealthwatch to Increase Security By Enhancing Critical Security Control Performance - January 13, 2017 1:00pm US/Eastern

Wednesday Webcast: Enhanced Application Security for the Financial Industry - January 17, 2017 1:00pm US/Eastern

Special Webcast: Hunting with Cyber Deception and Incident Response Automation - January 18, 2017 1:00pm US/Eastern

Wednesday Webcast: Packets Dont Lie: Whats Really Happening on Your Network? - January 19, 2017 1:00pm US/Eastern

Wednesday Webcast: Practical Application of Threat Intel for Network Defenders - January 23, 2017 1:00pm US/Eastern

Special Webcast: Next generation analysts for next generation threats - lessons from deploying best practices to hundreds of SOC teams! - January 24, 2017 11:00am US/Eastern

Wednesday Webcast: 2017 Cloud Security and Risk Benchmarks - January 24, 2017 1:00pm US/Eastern

Wednesday Webcast: Implementing and Maintaining a DevSecOps Approach in the Cloud -Tips, tricks, operational and security best practices - January 25, 2017 1:00pm US/Eastern

Special Webcast: Stop Threats in their Tracks- An Introduction to Advanced Malware Protection - January 25, 2017 3:00pm US/Eastern

Wednesday Webcast: Dont get marooned on Analytic Islands - January 26, 2017 12:00pm US/Eastern

Special Webcast: Mimecast Targeted Threat Protection - January 26, 2017 2:00pm US/Eastern

Wednesday Webcast: 3 Cs of Security Awareness - January 31, 2017 1:00pm US/Eastern

Special Webcast: Threat Hunting: Open Season on Cyber Threats - January 31, 2017 8:00pm US/Eastern

Special Webcast: Digital Ghost: Turning the Tables on Cyber Attacks in Industrial Systems - February 1, 2017 1:00pm US/Eastern

Special Webcast: What Works in Situational Awareness and Visibility: Reducing Time to Detect and Lowering Business Impact with Splunk - February 2, 2017 1:00pm US/Eastern

Special Webcast: Tools and Techniques for Assessing Android Malware - February 8, 2017 8:00pm US/Eastern

Special Webcast: Application White-listing through Bit9 aka Parity aka Carbon Black Protect - A Masters Candidate Webcast - February 21, 2017 8:00pm US/Eastern

Wednesday Webcast: Next-Gen Endpoints Risks and Protections: A SANS Survey Part 1: New Devices and Risks - February 28, 2017 1:00pm US/Eastern

Wednesday Webcast: Next-Gen Endpoints Risks and Protections: A SANS Survey Part 2: Next-Gen Protection and Response - March 1, 2017 1:00pm US/Eastern

Special Webcast: Complying with the General Data Protection Regulation: A Guide for Security Practitioners - March 8, 2017 1:00pm US/Eastern

Wednesday Webcast: Cyber Threat Intelligence in Action-Skills and Implementations: Results of the 2017 Cyber Threat Intelligence Survey Part 1 - March 15, 2017 1:00pm US/Eastern

Wednesday Webcast: Cyber Threat Intelligence in Action-Effectiveness of CTI Programs and Wish Lists for the Future: Results of the 2017 Cyber Threat Intelligence Survey Part 2 - March 16, 2017 1:00pm US/Eastern

Special Webcast: Protecting Business Mobility Against Emerging Threats - March 17, 2017 1:00pm US/Eastern

Wednesday Webcast: Impact of Isolated Cyber Security Functions: A SANS Survey - April 20, 2017 1:00pm US/Eastern

Special Webcast: Threat HuntingModernizing Detection Operations: The SANS 2017 Threat Hunting Survey Results | Part 1 - April 26, 2017 1:00pm US/Eastern

Special Webcast: Reducing Attacks and Improving Resiliency: The SANS 2017 Threat Hunting Survey Results | Part 2 - April 27, 2017 1:00pm US/Eastern

Special Webcast: SOCs Grow Up to Protect, Defend, Respond: Results of the 2017 SANS Survey on Security Operations Centers, Part 1 - May 17, 2017 1:00pm US/Eastern

Special Webcast: Future SOCs: Results of the 2017 SANS Survey on Security Operations Centers, Part 2 - May 18, 2017 1:00pm US/Eastern

Wednesday Webcast: Implementing and Maintaining a DevSecOps Approach in the Cloud -
Tips, tricks, operational and security best practices - January 25, 2017 1:00pm US/Eastern