Training
Featured CourseView All Courses
Get a free hour of SANS training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training
Can't find what you are looking for?

Let us help.

Contact us
Resources
SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

CISO Network

Engage, challenge, and network with fellow CISOs in this exclusive community of security leaders

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations
Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk with an expert
Talk with an expert

Cybersecurity Webinars and Workshops

Unlock industry insights and hands-on learning with upcoming SANS webcasts and workshops. View archived webcasts here.

Filter by:
Showing 24 of 834

Detecting Malicious Activity in Large Enterprises

Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed. In this webcast, SANS author Matt Bromiley and Chronicle Security's Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:In your current state, how much data are you ingesting/analyzing?How is your team writing detections? What types of metadata points are they looking for?How do you detect threats?Can you effectively scale detections across your data sets?How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant? Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.

WebinarDigital Forensics and Incident Response
Webcast Abstract Image
  • 10 Sep 2020
  • 13:00 UTC
View details

The Great Reboot: How Infosec Professionals Can Come Out of This (Extended) Mess Even Better Than Before SANS@Mic

Of course, there are serious problems we are confronting now, and some people and businesses are not doing well. Yet some people and businesses are doing alright, and some are actually thriving.While luck certainly does play a role, what can we do to maximize the probability of coming out of this better than before? Obviously sitting on the couch, watching TV and lamenting what is happening doesn't help, and saying "take care of yourself, stay healthy" and other platitudes only goes so far.This talk covers concrete things you can do to weather the pandemic and thrive, both during and afterwards. Included is a planning template along with the slides so you can make your plan along with Ted.Some of us are taking this as an opportunity to reboot ourselves and our careers and come back better than ever. You should too!

WebinarCyber Defense
Webcast Abstract Image
  • 14 Oct 2020
  • 19:30 UTC
  • Ted Demopoulos
View details

Understanding IEC 62443: An Overview of the Standard, Its Deployment and How to Use Fortinet Products for Compliance

IEC '62443 is the global standard for the security of ICS networks, designed to help organizations reduce the risk of failure and exposure of ICS networks to cyberthreats. The standard demands that security professionals not only understand their organization's hardware and its interactions, but also how to recognize a threat, how to report it and how to respond and to recover. In this webcast, SANS instructor/author Jason Dely and Fortinet representatives Antoine D'Haussy and Aasef Iqbal will explore how the IEC62443 set of standards can provide the guidance to enterprises looking to choose and implement technical security capabilities. They will look at some of the common challenges and how the use of compensating controls can help maintain a layered security across the ICS. Learn how Fortinet's layered solutions may help asset owners and system integrators reach IEC 62443 compliance. Register now and be among the first to receive the associated white papers: \Effective ICS Cybersecurity Using the IEC 62443 Standard" and "Managing ICS Security with IEC 62443".

WebinarCybersecurity Leadership
Webcast Abstract Image
  • 19 Nov 2020
  • 10:30 UTC
View details

Herramientas rapidas DFIR para respuesta a incidents y caza de amenazas

Durante una presunta violacion o caza de amenazas, cuando el tiempo es esencial, interrogar y recopilar datos de un host remoto para descubrir la causa de un incidente es la prioridad numero uno. La recopilacion de datos de un host puede no ser algo nuevo, pero ?que hay de escalar esa recopilacion en cien, mil hosts o mas? Durante este webcast, analizaremos las herramientas y tecnicas que le permitiran obtener de forma rapida y eficaz la visibilidad que tanto necesita en los hosts sospechosos o que estan comprometidos. Podra utilizar estas hermientas para utilizar cualquier proceso o servicio, asi como recopilar cualquier cosa de uno o todos esos hosts de forma remota y consecutiva. Acompaneme en este webcast de una hora mientras revisamos las herramientas de respuesta a incidentes y analisis forense digital como KAPE, Kansa y Velociraptor para una clasificacion y recopilacion de datos rapida y escalable durante un incidente.

WebinarDigital Forensics and Incident Response
Webcast Abstract Image
  • 24 Nov 2020
  • 11:00 UTC
  • Carlos Cajigas
View details

Cloud Shared Responsibility: A SANS Whitepaper

As the use of cloud computing has grown, so has the concept of the 'shared responsibility model ' for data protection and cybersecurity in general. While not a new concept, the nature of shared security responsibilities has changed with the advent of the cloud. While all cloud providers are wholly responsible for physical security of their data center environments, data center disaster recovery planning, business continuity, and legal and personnel requirements that pertain to security of their operating environments, cloud customers still need to plan for their own disaster recovery and continuity processes, particularly in IaaS clouds where they 're building infrastructure. ' 'If any of this sounds confusing, that's because it is! There are many challenges facing us as the pace of cloud implementation accelerates. There's an enormous amount of complexity with new services and software-defined infrastructure. 'today, there's no doubt at all that the attackers have discovered new attack paths and techniques that target cloud environments. The nature of today's security operations has to change as we move to the cloud. With this webcast, we will discuss the definitive lack of skills in cloud technologies (and security specifically, leading to deficiencies in cloud detection and response workflows), the much faster deployments and changes to keep pace with, and a need for new and better controls to help combat these systemic challenges. To begin figuring out what to do about them, we need a better grounding in exactly who is responsible for what in the cloud, and what kinds of security controls and services are best suited to helping cloud security operations mature and grow. 'Register today to be among the first to receive the associated whitepaper written by SANS analyst, Dave Shackleford.

WebinarCloud Security
Webcast Abstract Image
  • 9 Dec 2020
  • 15:30 UTC
View details

Building Your Own Kickass Home Lab - SANS@Mic

Building your own home lab is a great way to keep up with the ever-changing IT world. Well, how does one actually go about building a home lab? That's the part that gets more complicated. Do you really need a whole rack full of off-lease servers and some enterprise-grade switches? No! New-ish high-end servers and workstations are surprisingly powerful, capable of mocking up a pretty complicated network, including attacker systems and even incorporating wireless communications. In this talk, Jeff will walk through both the hardware and software stacks he uses and recommends, including a number of ways to incorporate Microsoft software without paying exorbitant licensing fees. Jeff will also outline several lab designs that can be used for a number of scenarios, including defense, offense, and forensics.

WebinarCyber Defense
Webcast Abstract Image
  • 10 Dec 2020
  • 19:30 CST
  • Jeff McJunkin
View details

Rekt Casino Hack Assessment Transformational Series Weak Security Program, Unprotected Systems, and Poor Detection & Response Part 2 of 4

The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personal identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with properly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to the enterprise risk management approach. The mistake organizations often make is to focus on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of what the threats actually are. It's as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet. ' If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, employees ' approach to protecting company assets, or even attending security-related conferences, they would have gotten the message that security had become a critical concern due to the threat landscape. It's not enough to acknowledge that security requires more attention, you also have to act on that knowledge. In this Part 2 of 4 webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into what could have been done to prevent the breach from occurring in the first place in regards to a security program built to protect data, systems, networks. We will dive into topics such as:Building a strong security programHow best to protect networks, systems, and dataLeading Modern Security InitiativesDetecting and Responding to Attacks Don't wait! Register now for the other webcasts in the series!Part 1: Business Security Strategy, Policies, and Leadership Gone WrongPart 3: Feeble Security Culture Disconnected from Business ObjectivesPart 4: Rekt Casino Hack Assessment Transformational Series: Pulling It All Together

WebinarCyber Defense
Webcast Abstract Image
  • 10 Feb 2021
  • 11:59 UTC
  • Kevin Garvey
View details

Unpacking the Hype - What You Can (and Can't) Do to Prevent/Detect Software Supply Chain Attacks

It's been almost two months since the software supply chain attack on SolarWinds was discovered. Now that the dust has settled, let's take a look at what happened, what can('t) be done to prevent future software supply chain attacks, and how to detect a supply chain attack in your environment. There will be no snake oil here, just down-to-earth recommendations for increasing security in your environment. Technology will help with the process, but process matters more for detecting these attacks.This webcast and whitepaper will be valuable collateral for those with recalcitrant leadership teams. If you're battling objections such as \we can't just spend our way into software supply chain security by buying another widget," this webcast is for you. Join us to learn industry leading strategies and get your questions answered.Be among the first to receive the associated whitepaper written by Jake Williams.

WebinarCyber Defense
Man presenting webcast to laptop screen
  • 26 Feb 2021
  • 10:30 UTC
  • Jake Williams
View details

Tech Tuesday Workshop - Use Terraform to Provision Your Own Cloud-Based Remote Browsing Workstation

Abstract: This workshop will teach you everything you need to know to provision your own Cloud-Based Ubuntu Workstation in AWS for Remote Browsing. Sometimes there are valid security and privacy reasons to use a temporary workstation for potentially malicious websites or to avoid tracking. Prerequisites: Attendees will need an AWS Account and should be comfortable launching an EC2 instance and connecting to it. Here is a tutorial on launching an EC2 virtual machine instance: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html During the session we will briefly cover some basic git commands as well as Terraform basics, including installation. System Requirements:Link to Sign Up for an AWS Account: https://aws.amazon.com/freeTerraform is available for download here: https://www.terraform.io/downloads.htmlUp to date Web BrowserFor a consistent experience, we will be using the new AWS CloudShell.Mac users will need to add RDP capability per https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-mac *Due to the nature of these workshops, many have a capacity limit. To help us offer this opportunity to as many people as possible, we are asking that you please only register if you plan to attend live.

WebinarCloud Security
Webcast Abstract Image
  • 2 Mar 2021
  • 13:00 UTC
  • Kenneth G. Hartman
View details

Rekt Casino Hack Assessment Operational Series Vulnerability Management Gone Wrong Part 1 of 4

The fictitious Rekt Casino fell victim to a ransomware attack which resulted in personally identifiable information, HR records, and financial information being exfiltrated. The root cause of the problem was a lack of governance, risk, and compliance, along with improperly configured technical and administrative controls. It could also be argued that Rekt Casino lacked a strategic plan as well as an inherent security culture. Looking at the history of Rekt Casino, we are going to identify when the transition from the old school approach of information security could have been transitioned to a more mature enterprise risk management approach. The mistake organizations often make is to focus too much on defenses such as endpoint protection, firewalls, and intrusion prevention without a good understanding of current threats. Its as if Rekt Casino fortified their castle to protect against bows and arrows, yet the adversaries attacked with a trebuchet. If the executives, technology team, and board of directors had been paying attention to news stories, security guidance, the organizations current approach to protecting company assets, or even attending security related conferences, they would have better understood how critical security has become and how much the threat landscape has grown. Its not enough to acknowledge that security requires more attention, you also have to act on that knowledge. In this webcast, we will quickly review the overarching history of Rekt Casino, what they had in place for protections, and the outcome. Then we will dive deep into how Rekt Casino could have better managed their vulnerabilities and how this would have helped prevent the breach from occurring. We will dive into topics such as: Where Rekt Casino could have done a better job identifying and managing their assets and vulnerabilities Rekt Casinos challenges in analyzing, communicating, and resolving their problems. How establishing and maturing a vulnerability management program would have helped Dont wait! Register now for the other webcasts in the series! Part 2: What?! There are Critical Security Controls We Should Follow? Part 3: Operations Center Ill-equipped and Unprepared Part 4: Rekt Casino Hack Assessment Operational Series: Pulling It All Together

WebinarCybersecurity and IT Essentials
Webcast Abstract Image
  • 3 Mar 2021
  • 11:59 UTC
View details

An Interactive Pentest Experience

Finding value in security operations is a primary goal for organizations. Consistent testing of security controls is one way to ensure that solutions are delivering on expectations. However, penetration testing is thought of as an \external" or "hands-off" service performed, often reducing impact and findings to a final report. What if organizations could turn external testing into an interactive experience, they could use to regularly evaluate and increase their security posture? In this webcast, SANS instructor Matt Bromiley describes how Cobalt's "pentest as a service" platform provides a unique, hands-on approach to this traditional security capability. Specifically, Bromiley shares his experiences using Cobalt to:Define assets and schedule penetration tests to achieve results within a matter of days, not weeks.Gain insights into current and previous operations by using detailed key metrics.Work one-on-one with Cobalt's live testers, providing an impactful, interactive experience.Evaluate the results of penetration tests via up-to-date reports purposed for compliance.Create and prioritize actionable steps to quickly remediate vulnerabilities. Register today to be among the first to receive the associated whitepaper written by Matt Bromiley.

WebinarCyber Defense
Webcast Abstract Image
  • 16 Mar 2021
  • 10:30 UTC
View details

Artificial Intelligence Solutions Forum

You will earn 4 CPE credits for attending this virtual event. Forum Format: Virtual Event Overview There is little doubt that we have entered the information age. In recent years, the human race has generated more information than in all previous human history - and the pace of information generation is accelerating. The security industry is no different, our data processing requirements are increasing on a near daily basis. As one example, consider Windows event logs. In Windows Server 2003, there were three event logs: System, Application, and Security. While those event logs remain today, the event log folder now looks like an extended family reunion with 337 total event logs in place. Whatever processes organizations were using to successfully process security related data previously clearly wont scale for today. Organizations need tools that can distill meaning from large data sets that are constantly increasing in size. Organizations that suffer data breaches typically don't suffer from a lack of data, they simply struggle to discover actionable findings in the data. To that end, Artificial Intelligence (AI) and Machine Learning (ML) can help. Example uses for AI/ML include:Discovering anomalous activity (e.g. UBA/UEBA, IDS, etc.)Identifying malicious content (e.g. phishing detection)Discovering previously unseen patterns (e.g. correlating observed network traffic with apparently unrelated service account usage) Renewed focus on supply chain security suggests that organizations will be storing their security data for longer periods as well. The SolarWinds breach was not discovered until victims had been infected for as long as nine months. Simply searching nine months of data for known indicators doesn't require AI or ML. But if you already have the data, why not do more with it? AI and ML hold the keys to unlocking the potential of this data. As the quantity of security data continues to increase, AI and ML solutions hold the promise of delivering actionable recommendations to security professionals. Come learn from our featured vendors how their solutions deliver on the promises of increased security through this fascinating technology.

WebinarCyber Defense
Webcast Abstract Image
  • 19 Mar 2021
  • 10:30 UTC
View details