SANS Protects is a series of papers focused on the most prevalent threats to specific, critical components of your environment as well as actions you can take to mitigate those threats and thwart threat actors. In this webcast, sponsored by Corelight, SANS Certified Instructor Matt Bromiley will examine current, prevalent network threats and how adversaries use them to take advantage of, and maintain footholds in, victim environments.

In this webcast, SANS certified instructor Matt Bromiley will explore the concept of zero trust and what it means to security teams and your overall security posture. As a concept, zero trust is relatively straightforward: Trust no one until verified, inside or outside the network. However, this is often easier said than done, especially for systems built on legacy authentication models. Matt will also examine what a zero trust implementation looks like, how this can stop adversaries dead in their tracks, and what your organization can do to begin moving toward a state of zero trust.

Many organizations want to start threat hunting but struggle with knowing where to begin, how to measure success, and how to scale an effective program. This presentation draws on the experience of elite hunters and teams around the world and will discuss an actionable threat hunting maturity model and help you prepare for each step of the journey with specific guidance, concrete examples, and sample threat hunts.

Open source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, and the global communities behind these tools can also serve as a force multiplier for security teams, such as accelerating their response times to zero-day exploits via community-driven detection engineering and intel sharing. This presentation will review popular open source technologies used in network DFIR and cover use cases, integrations, and open source design patterns.

Learn how to tackle a common problem known as “MAC Spoofing” faced by many security teams looking to control access to the network. In this video you will gain an understanding what MAC Spoofing is, why it's a problem, and how Forescout is uniquely positioned to help detect it. You will be able to differentiate between the two primary MAC Spoofing scenarios and the strategies used for detection and learn how to configure Forescout to detect both scenarios and test successfully.

Benchmarking EDR/MDR Solutions presented by Tom Ellson, Head of Offensive Security We recently completed a review of a number of industry-recognised EDR and MDR solutions. This led us to take a novel approach that addresses many of the limitations and constraints typically met when undertaking this type of assessment. You will learn why context is key to threat detection, and how the different vendors performed in our realistic and representative environment against goal-focused attack paths.

UK Threat Landscape Trends - Presented by John Fitzpatrick, CTO John Fitzpatrick reflects on the last six months, examining the key threats and trends we have observed affecting UK institutions. Specifically, we will delve into ransomware threat evolution, presenting and discussing. This will build upon our predictions made at the last briefing, reviewing how the landscape has changed, how our predictions fared, and how it has been influenced by major cyber security events and developments.