Webcasts

Webcasts

How to Deploy the Critical Controls in a Windows Environment with Jason Fossen

The Critical Security Controls project describes the most important tasks to perform to secure a network. Some controls are easy to understand and implement, while others can be a challenge, especially in an Active Directory environment. In this webcast, the SANS Windows Security (SEC505) author and instructor, Jason Fossen, will talk about those Critical Controls which are the most effective and the most difficult to implement when securing Windows systems. Especially important is how to do so without spending a fortune, preferably using built-in tools we already have, like PowerShell and Group Policy." View Webcast


Insider Threat - The Enemy Within

Insider threat is a term that many people are familiar with. The problem is that when people hear this term they immediately think of malicious, evil insiders that are deliberately causing harm to an organization. While the "malicious" insider will always be a concern, that is not the primary area of damage for most organizations today. The main point of compromise for many attacks today is the "accidental" insider. The accidental insider is someone who honestly and earnestly believes they are doing their job but are tricked or manipulated into allowing someone to cause harm to the organization. In this webcast cyber security visionary Dr. Eric Cole, will explain how adversaries compromise the insider and most importantly what can be done to protect against. Actionable solutions such as controlling harmful applications, filtering bad content, limiting executable content and controlling executables will be covered. During this engaging webcast attendees will walk away with a better understanding of the insider threat and actionable steps that can be taken to protect against it. View Webcast


The Crazy New World of Cyber Investigations: Law, Ethics, and Evidence

Increasingly, employers and enterprises are engaged in cyber investigations. The explosion of cyber evidence about every little thing that anyone does or says creates a massive need for HR departments, IT departments, internal auditing departments, and other investigators to find and sift through it all.

Cyber evidence includes, for example:

  • Corporate emails (in which one employee may say something that is discriminatory toward another employee);
  • Social media posts (in which a prospective employee demonstrates that he or she might be a threat to co-workers or, alternatively, that they are an honest and ethical person);
  • Text messages or photos stored on a personal or corporate mobile phone (in which an employee indicates he or she is stealing trade secrets or, conversely, "trying to do the right thing");
  • Video cameras scattered around the workplace; and,
  • Time stamps on emails or text messages that indicate whether an employee is working overtime and is therefore entitled to overtime pay.

These cyber investigations are guided, motivated, and restricted by a blizzard of new laws and court cases.

More than ever before, firms need professionals with backgrounds in cyber forensics, cyber law, and computer privacy to help them oversee their businesses. Likewise, they need advice from lawyers, auditors, and managers with expertise in cyber investigations and the development of policy on data security, computer evidence, and individual privacy. This engaging webinar will survey the big trends in this dynamic field. View Webcast


How to Avoid a Phone Call from Brian Krebs - The Basics of Intrusion Detection and Prevention with Mike Poor

Who hasn't heard of Brian Krebs, the blogger and journalist who covers cyber-crimes? If you are a cybersecurity professional, he is the last person you want on the other end of your phone line. It's unlikely he's calling with good news. Cyber-attacks cost organizations billions of dollars each year. In most cases, by the time an organization discovers a breach - or has Krebs on the line asking about one - it's too late. Lots of time and money have already been lost. In the face of these widespread threats, every cyber defender must know how to detect a cyber-attack in a timely manner. This webcast by leading industry experts will teach you those skills, and save your company valuable time and money. The foolproof way to avoid a call from Brian Krebs is to become a stalwart defender. But to be successful, you have to defend against an array of attacks. The adversary only has to be successful one time, so your defensive skills must be comprehensive and rock solid.

This fun and engaging webcast will teach you the basics of intrusion detection and prevention success, including:

  • How to assess potential security risk;
  • How to detect network anomalies; and
  • How to defend against shifts of adaptive threats

As an added bonus, you'll learn how to discover intrusions via indicators and sensor placements. And by the end of the webcast you'll also know to deal with false positives. View Webcast


Using an Open Source Threat Model for Implementing the Critical Controls

Threat actors are not magic and there is not an unlimited, unique list of threats for every organization. Enterprises face similar threats from similar threat sources and threat actors - so why does every organization need to perform completely unique risk assessments and prioritized control decisions? This presentation will show how specific, community-driven threat models can be used to prioritize an organization's defenses - without all the confusion. In this presentation James Tarala, the Chief Cartographer for the Council on CyberSecurity and contributor to the Critical Security Controls project, will present a new, open, community-driven threat model that can be used by any industry to evaluate the risk that faces them. Then he will show how to practically use this model to prioritize enterprise defense and map to existing compliance requirements facing organizations today. Whether you are in the Department of Defense or work for a small mom and pop retailer, you will be able to use this model to specifically determine a prioritized defense for your organization. View Webcast


Continuous Monitoring, Real World Analysis and Strategies to Mitigate Targeted Attacks; Bonus Story Behind The Top 4 Mitigations

We're pleased to invite you to join us for this next very special session in the SANS-APAC webcast series. Alan Paller, SANS Founder, President of the SANS Technology Institute and Director of Research at the SANS Institute joins forces with Seth Misenar, SANS course author and Senior Instructor for a unique, not-to-be-missed webcast for anyone interested in cyber defence. View Webcast


Continuous Monitoring and Real World Analysis

Repeat after me, I will get breached. Most organizations realize this fact too late; usually after a third party informs them - months after the initial compromise. Treating security monitoring as a quarterly auditing process means most compromises will go undetected for weeks or months. The attacks are continuous, and the monitoring must match.

Modern threats require a paradigm shift in the way we perform our analysis and monitoring. This talk will help you face the problems and describe how to move your organization to a more defensible security architecture that enables continuous security monitoring.

You can download the Prezi in PDF format or view the Prezi directly by going to the following link:https://prezi.com/xukhuqulaqkf/continuous-monitoring-and-real-world-analysis/ View Webcast


Make it Hard for the Adversary: Learn Offensive Counter Measures with John Strand

Discover a fresh new approach to defense and turn the tables on the bad guys. Active Defenses have been capturing a large amount of attention in the media lately. There are those who thirst for vengeance and want to attack the attackers directly. There are those who believe that any active response directed at an attacker is wrong. We believe the answer is somewhere in between. Learn how to annoy, attribute and attack the attackers in this fun and informational webcast.

Walk through several new and proven techniques with leading security expert John Strand. Let's make it hard for the adversary: learn offensive countermeasures that work. View Webcast


How to Be More Effective and Improve the Success Rates of Your IT Projects

As operating environments become more global, more competitive, and more demanding, so do your projects. If you are like a lot of IT project managers, your budget and resources have not kept pace with demand. If you are being tasked to "do more with less" or if you simply want to be more efficient and improve the success rates of your projects, this webcast is for you.

Certified SANS instructor and course author, Jeff Frisk will walk you through some of the key concepts and best practices behind successful IT projects. You'll gain useful insights as he reviews key skills and qualities of successful project managers-like understanding how to prioritize project tasks and reduce risk to avoid project failure. He will discuss some specific project management tips and techniques, which will be helpful if you are new to the infosec project landscape or transitioning from a technical IT position to more of a project-centric role. You'll learn about the PMI Project Management framework and PMP exam and take away a few tips, strategies, and tools that will help you prepare to pass the PMP.

If you are serious about improving the success rate of your projects or thinking about sitting for the PMP exam, then sign up for this webcast today. View Webcast


What's New in Windows 10 and Server 2016?

Windows 8 was a flop, so will the second try be the charm? Microsoft intends Windows 10 to be a universal platform (PCs, tablets, phones, etc.) to run universal apps. The graphical interface of Windows 8 made that OS undeployable, so will users prefer the Windows 10 desktop over Windows 7? This session will lay out what's new in Windows 10, with an emphasis on security and enterprise management, such as Windows Hello, Passport, Cortana, and running LSASS.EXE in a separate virtual machine. The speaker, Jason Fossen, is a SANS Institute Fellow and author of the SANS Securing Windows course (http://sans.org/SEC505). Windows Server 2016 will also soon be available, so we'll also cover what's new and interesting on the server side too, such as Virtual TPM chips in Hyper-V client VMs. There is a lot more to Windows 10 than just the return of the Start Menu, so come see! View Webcast


How To Frustrate Your Adversary: Active Defense, Offensive Countermeasures & Cyber Deception with Bryce Galbraith - Part 1

You know you have intruders in your house...but this is your house and no one knows it better than you. They don't play fair, why should you? It's game on...

This presentation will explore ways that you can frustrate, annoy, and reveal Advanced Persistent Threats (APTs) with active defense, offensive countermeasures & cyber deception.

You don't have to lie down and let government thieves steal your zeroes and ones. You can fight back (legally) and maybe even get a good chuckle along the way... View Webcast


Certifications that Matter: Passing the CISSP

Having an extra certification or two can't hurt, but investing valuable time and money can - unless the certification pays off. The CISSP certification does. Cyber-security professionals who earn the industry's most acclaimed certification earn up to 15% more than their counterparts. And that is only one of the benefits. Learn all about this industry-leading certification in this webcast. View Webcast


How to Build a Cybersecurity Platform the Easy Way

A webcast for technical and non-technical professionals

If you are you new to Information Security or surrounded by complex technical security terms you don't understand, then this webcast is for you.

Building a cybersecurity foundation for your organization is not rocket science, but building the right one could be. Investing your time and money in the right cybersecurity resources at the right time can save you a lot of headaches.

Every organization needs a cybersecurity strategy. Even non-technical managers can learn how to implement a security strategy.

Save time and money; learn how to build the proper security foundation for your organization in this webcast taught by industry expert Keith Palmgren. View Webcast


Continuous Ownage: Why you Need Continuous Monitoring

Repeat after me, I will be breached. Most organizations realize this fact too late, usually after a third party informs them months after the initial compromise. Treating security monitoring as a quarterly auditing process means most compromises will go undetected for weeks or months. The attacks are continuous, and the monitoring must match. View Webcast


Top 3 Threats to Retail IT Security and How You Can Defend your Data

Affecting millions of consumers worldwide, a few high-profile retail breaches have called into question the security practices of retailers and those that support the industry. The prevalence of breaches calls for stronger, more effective security measures in a rapidly evolving IT environment.

This webinar explores:

  • New risks presented by cloud, mobile and Bring Your Own Device (BYOD)
  • Protecting data no matter where it lives, whether in the cloud or on-premises
  • The business and compliance drivers for strengthening authentication security
View Webcast


Network Segmentation Best Practices for Defense

Network segmentation has been a security best practice in financial services for a very long time. Most institutions know that segmenting systems is the right thing to do, but organizations still most often do not use the defenses at their disposal. With the proliferation of mobile computing, cloud computing, and innovative use for the Internet, no organization should take yesterday's segmentation best practices for granted. View Webcast


The Critical Security Controls: From Adoption to Implementation A SANS Survey

View this webcast, featuring SANS CSC course author and instructor James Tarala and Tony Sager, SANS Director and Director of the Consortium for Cybersecurity Action, to learn full results of the survey and the current state of CSC adoption. We will celebrate the wins and explore the barriers to adoption View Webcast


SANS DHS Continuous Diagnostics & Mitigation Award Workshop PART II

This SANS CDM workshop provides government security managers the opportunity to get the latest status on the DHS Continuous Diagnostic and Mitigiation program and to learn how the early adopters in government are using CDM to increase security, reduce the cost of FISMA compliance and deliver more secure services to the citizen. Featuring SANS experts (e.g., John Pescatore, Tony Sager, Alan Paller) on continuous monitoring, the Critical Security Controls and other similar initiatives. View Webcast


SANS DHS Continuous Diagnostics & Mitigation Award Workshop PART II Afternoon Session

This SANS CDM workshop provides government security managers the opportunity to get the latest status on the DHS Continuous Diagnostic and Mitigiation program and to learn how the early adopters in government are using CDM to increase security, reduce the cost of FISMA compliance and deliver more secure services to the citizen. Featuring SANS experts (e.g., John Pescatore, Tony Sager, Alan Paller) on continuous monitoring, the Critical Security Controls and other similar initiatives. View Webcast