In this session, Enrico Benzoni and Andrea Fumagalli will explain how to build and optimize the top three SOAR use cases, sharing invaluable tried-and-true technical details for solving your needs. The fastest security response is not always the right one. However, minimizing response time by prioritizing security incidents, reducing false positives, and quickly investigating alerts is one of the imperatives of successful cyber defense. Noneth...

Threat Exposure Management (TEM) is a new approach to security designed to help organizations identify, prioritize and manage unexpected risks or exposures. This approach differs from standard threat management practices by taking a contextual view of threats, focusing on establishing a process for how information is collected and integrated together to inform better and faster decision making. Though the term, threat exposure management, is n...

Remote work has upended security. Sadly, in reaction, security vendors have developed two substandard solutions: VPN and ZTNA. VPN server ports must be open to the internet and anyone on the internet can try to hack it. ZTNA suffers degraded performance while obfuscating identity creating a huge security blindspot. In this webinar, learn about Zero Networks’ ZNConnect which combines the best aspects of VPN and ZTNA while eliminating thei...

Let’s go back, way back to 2013 when AV was AV, whitelisting was whitelisting, and EDR ads were taking over airport terminals. Ah, the good old days. News Flash! Dr. Emmett Brown just showed up and he’s got urgent news from the future. No matter how good your incident response capabilities are, they cannot stand on their own (sort of like Biff, who was nothing without his buddies). To be effective, incident response (IR) must be pa...

Organizations are increasingly focused on implementing Zero Trust policies to limit exposure to cyberattacks, which is admirable best practice. But how can you verify that your policies and configurations are actually working as intended? In Episode 4 of his ongoing series on using packet forensics for cybersecurity, Jake Williams looks at why packet data is an indispensable resource for verifying Zero Trust implementations and troubleshooting...

In this workshop, SANS certified instructor Jean-François Maes will walk you through some of the most used NTLM relay attack paths pentesters use to compromise the domain. We will take a look at: What is NTLM auth? Using broadcast traffic for fun and profit Active Directory Certificate Services abuse ShadowCredentials And more! BEFORE THE WORKSHOP: This workshop requires a large local LAB that must be downloaded prior to the workshop. D...

There is no doubt that Zero Trust has become one of the main topics in the cybersecurity industry. Since the US Federal Government mandated agencies to accelerate the adoption of Zero Trust and issued detailed guidelines on implementing a Zero Trust Architecture in the second half of 2021, Zero Trust has become both the ‘de facto’ cybersecurity approach and a controversial concept used by some as a marketing ploy. But what is Zero...

More and more enterprises have moved their infrastructure and operations to the cloud than ever before. Along with these changes, we have also seen a significant change in enterprise security posture and use of technology. However, what does that change look like? How have security teams kept up with the change? Just what is the state of cloud security in the enterprise? In this survey, the State of Cloud Security in the Enterprise, we seek to...

Threat actors continue to make government agencies – at the federal, state and local levels – one of their most important targets. A series of Presidential Executive Orders and DHS CISA Binding Operational Directives have been issued in response, often with specific cybersecurity control and technology requirements. Government agencies need to address both these pressures, and do it with limited resources, prioritizing their action...

Staying current in DFIR is more than just doing the job daily. It takes work. Those who put forward an effort to research, train and share seem to carve a special place for themselves in this community. Do you have what it takes? Do you want to do more in forensics and with your education? This talk will walk you through lessons learned and methods to get the most out of DFIR and enhance your daily work.