Make a Difference in the Cyber Community
This year, SANS is fortunate enough to partner with the Blind Institute of Technology to make a difference in the cyber community. Currently, 81% of people with disabilities are unemployed. The Blind Institute of Technology (BIT) Academy is committed to changing these statistics by working diligently with their candidates and their corporate partners to place people with disabilities in meaningful careers with a clear path for growth. The services offered through the BIT Academy are complimentary for all of their candidates with disabilities. However, it costs BIT $5,400 for each candidate to go through their 16 week Salesforce and Cisco certification classes. As a 501(c)(3) non-profit organization, they are highly dependent on corporate donations, individual donations, and grants. With a retention rate of 93% of its candidates that are placed in meaningful careers, every $5,400 raised enables them to change a person's life forever.
SANS and BIT would greatly welcome and appreciate your financial support to help them continue to change the lives of people with disabilities.
Attendee Information
Rub virtual shoulders with professionals in your field and zero-in on the most relevant cyber solutions by registering for one of our four topic tracks. This event will bring together cyber security professionals of all experience levels from around the world for this two-day immersion into the latest cyber solutions, tools, and techniques to combat today’s threats.
Take a sneak peek of what you can expect from the experts themselves, when you join us to elevate your cyber skills and solutions know-how.
Continuing Professional Education (CPE) Credits are earned by participation in the event!
- 6 CPEs are earned each day for attending Cyber Solutions Fest 2022
- Yes, that's correct. You will earn 12 CPEs total for spending October 13th and 14th with us!
Agenda | October 13, 2022 | 8:30 AM - 5:00 PM EDT
Timeline (EDT) | Session Details |
---|---|
8:30 AM | Kickoff & WelcomeJake Williams, Senior Instructor, SANS Institute |
8:45 AM | Utilizing Intelligence-Driven XDR for Pro-Active Threat HuntingSecurity teams are constantly on the lookout for the next hack or vulnerability. With today’s adversaries and attacks becoming more sophisticated, the need for a more proactive approach has never been greater. The problem is that most security teams are stretched thin and overwhelmed, chasing alerts and false positives. Threat hunting is one of the key activities organizations can utilize to proactively identify threats and look for traces of attackers, past and present, within their environment. Unfortunately, most struggle with visibility and collaboration across silos and the prioritization of threat hunting activities. In addition, they often employ a manual, analyst-centric approach that can be time-consuming and bring fewer results. In this session, Mark Alba, Anomali Chief Product Officer, will introduce how a threat intelligence-driven XDR solution can help accelerate threat-hunting activities as well as demonstrate how The Anomali Platform can help organizations develop an automated threat-hunting workflow in minutes, enabling them to:
Join the session and start proactively hunting threats with threat intel-driven detection and response. Mark Alba, Chief Product Officer, Anomali |
9:25 AM | Syns of OmissionThere are twenty different definitions of threat hunting and ten different ways to do it. Organizations vary from having no presence in their threat hunting framework to multiple full-time hunters, but often many critical pieces are being missed. Threat hunting is a challenge to get right, with many potential pitfalls. There are plenty of things you can do to start a threat hunting program or be inspired to take a fresh look at your current hunting framework. James Pope, Director of Customer Training, Corelight |
10:05 AM | Break |
10:20 AM | Pentera 101: Changing the Game of Offensive SecurityThis session is to walk through a demonstration of Pentera: The Automated Security Validation solution. Organizations over the years have been following a defense in depth model to protect their critical assets. While this strategy makes sense; the tools, processes, and procedures surrounding this initiative have grown significantly. How confident can organizations be that each layer and the enormous effort undertaken is working effectively? Jay Mar-Tang will take the time to walk through how Pentera can validate which risks are present, which mitigative efforts are working efficiently, and how security practitioners of all expertise can leverage Pentera both internally and externally to know with certainty how strong the security posture actually is. Dan Blankenship, Sales Engineer, Pentera |
10:50 AM | All That is Gold Does Not Glitter: Cross Data Source Detection of Golden SAMLThe Golden SAML attack takes place through a complex set of steps and allows an actor to abuse the trust between on-premise and cloud components. We will deep dive into the internals of ADFS and the unique properties associated with the attack, while sharing how to efficiently detect it today through cross-correlation of different data sources over enterprise, SaaS and Cloud surfaces in addition to raising research questions about the difficulties of traditional single-surface solutions to detect it. Yonatan Khanashvili, Threat Hunting Expert, Hunters |
11:20 AM | ZTA and Threat Actors; Where Do We Go from HereNIST SP 800-207 lays out what a Zero Trust Architecture should be like within an enterprise. While doing this they have put clear guidance for the network as place of mistrust. This places the endpoint and the use of IDAM as a source of truth and trust within the infrastructure, as a result EDR has become the main advocated tool for effectiveness to ensure compliance. Does this make EDR the next AV? What about the devices that I cannot run EDR on? Did NIST fail to properly provide guidance for the next generation of network design? All of this and more will be discussed on how the Threat Actors will continue to engage and win in this environment. Peter Steyaert, Senior Manager, Sales Engineering, Gigamon |
11:50 AM | Break |
12:00 PM | Technology is the Reasonable Accommodation: PanelJoin us for this one of a kind keynote session taking place at the 2022 SANS Cyber Solutions Fest where Mike Hess & Michael Patellis from the Blind Institute of Technology (BIT) and Meaghan Roper from SANS will be discussing the life-changing career opportunities that are available for blind/visually impaired (BVI) and other professionals with disabilities (PWD). The BIT Mission & Goals: Blind Institute of Technology™ is a nonprofit organization with boots on the ground across the United States working hard to advance the professional opportunities for people with disabilities. We’re a small, passionate team with a dynamic blend of backgrounds, disabilities, experiences, and motivations, doing whatever we can to get the job done. Our message is that professionals with disabilities possess skills and abilities that corporations have overlooked or have yet to discover. Mike Hess, Founder and Executive Director, Blind Institute of Technology |
1:00PM | Afternoon Kick-offJake Williams, Senior Instructor, SANS Institute |
1:10 PM | Threat Hunting and Intelligence Informed Decision-Making with XDRThreat hunting has historically been a challenging activity, requiring hunters to manually prioritize potential threats, use expensive & long-running queries, and pivot between multiple tools to gather context. Anomali XDR combines proven intelligence management capabilities with innovative threat detection tools to provide rich context and insights for the SOC, ease the burden of manual prioritization, and accelerate the threat hunting process. Join the Anomali team to explore this in detail, and learn the value of intelligence-led XDR. Patrick McNaught, Solutions Architect at Anomali |
1:30 PM | How Apex Defenders Manage Risk and Threat Hunt With Network EvidenceAs new information surfaces about attacker behaviors, defenders are often peppered with questions like “did this affect us?”, “do we have that exposed?”, and “what’s our level of risk around that?” We’ll show you how Apex Defenders easily search Corelight network evidence to answer all those nagging questions in seconds, without deploying a single agent or adding another in-line network tool. Packets don’t lie, so network evidence should be the first thing you check when you need a fast answer. Mark Overholser, Systems Engineer, Corelight |
1:50 PM | Honeypot Investigations: Using Data to Analyze Mass Exploitation AttacksIt’s easier than ever to scan the internet and run exploits opportunistically. At GreyNoise, we run a global sensor network that helps identify mass scanning activity, to separate threats from background noise. But what happens after that? Using medium interaction honeypots can provide additional details about what an attacker is doing. For this talk, we’ve built out a small network that provides additional attack paths to see things like how an attacker operates in a more realistic environment, to better understand the next steps after mass scanning and exploitation, and to understand if an attacker is only trying to compromise the initial host or if additional reconnaissance is being performed once a foothold has been established. Come join us for this interactive session where you will learn:
Nick Roy, Sales Engineer, Greynoise Intelligence |
2:20 PM | Threat Hunting with Network DataIn this session, Michael Morris and Cary Wright from Endace will look at why continuous packet capture provides such an invaluable resource for hunting down and analyzing network threats. With full packet data at your fingertips from all your security tools, it’s possible to investigate and analyze even advanced threats to conclusively piece together the full scope of an attack in a way that log data and metadata just cannot do. Find out what you can see with packets that you can’t see without them. Michael Morris, Director Global Technologies Alliances and Business Development, Endace |
2:50 PM | Using Intelligence to Understand the Convergence of Cyber & Physical ThreatsOrganizations of all sizes and from nearly every industry are facing a never ending set of challenges when trying to protect their digital and physical assets from adversaries. The use and implementation of threat intelligence is a critical component of today’s modern security teams, and when used to its full potential, it is often the difference between preventing an incident from happening vs. being a victim of a cyber incident. Join Recorded Future to understand how you can leverage external intelligence to understand and protect your entire attack surface. Jake Munroe, Principal Product Marketing Manager, Recorded Future |
3:20 PM | Break |
3:35 PM | Threat Hunting 101: Best Practices for Threat Hunting and InvestigationsBy tricking users, compromising hosts and executing many other underhanded schemes, attackers can infiltrate any organization they set their eyes on. Even the best-protected organizations can fall victim to these skilled and stealthy attackers. So how can you find these hidden adversaries and root them out fast before the damage is done? Join our presentation to learn the latest techniques for more efficient threat hunting and accelerated investigations. You’ll learn how to: Uncover cloud and on-premises threats quickly Investigate alerts swiftly and thoroughly Assess the scope and severity of an attack accurately Turn threat hunting discoveries into automated detection You’ll also get an inside peek into the tools and techniques the Palo Alto Networks Unit 42 team leverage to discover the stealthiest threats. Save your seat now! Veronika Senderovych, Threat Hunter, Palo Alto Networks |
4:05 PM | Adopting an Intelligence-Driven Security ModelIntelligence driven security is the model of the future. Too many organizations today only use cyber threat intelligence in a reactive mode (if at all). But threat intelligence can (and should) drive the way security teams create and tune their controls in the first place. In this session, our panel of industry leaders will discuss how they use threat intelligence to drive their security operations, from architecture, to operations, all the way to response. Bring your questions for our speakers and learn how to change your mindset around threat intelligence from reactive to proactive! Moderator: |
4:55 PM | Wrap-UpJake Williams, Senior Instructor, SANS Institute |