- This event has passed.
How to build a detection and response strategy for insider threats
August 19 @ 2:00 pm EDTFree
Available Live Regional Presentations:
Thursday, August 19th
11:00AM PT | 2:00PM ET
10:00AM BST | 11:00AM CET
11:00AM SGT | 2:00PM AEST
Effective threat detection strategies consider a wide range of scenarios where unauthorized information can be disclosed by overprivileged accounts, misconfigured security controls, or other vectors.
In this webinar, SANS and AWS Marketplace will overview building a detection and threat hunting workflow, focusing on preventing insider activity. The speakers will cover monitoring techniques and controls, event logging, and examples of scenarios illustrating common vulnerabilities and insider tactics in cloud environments.
Attendees will learn how to:
- Configure monitoring and event logging for privilege escalation, data exfiltration, permissions abuse, and other anomalous behavior
- Identify common vulnerabilities with a focus on DevOps and identity and access management (IAM) vectors
- Build a detection and threat hunting workflow to respond to insider activity
- Develop and implement guardrails to help reduce instances of unauthorized activity and access
Who Should Attend?
Security Analysts, Security Architects, Security Engineers, Cloud Security Architects, and the office of the CISO
Dave Shackleford, Analyst and Senior Instructor at SANS
Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director, and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as a chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.
Nam Le, Specialist Solutions Architect at AWS
Nam Le is a Specialist Solutions Architect at AWS covering AWS Marketplace, Service Catalog, Migration Services, and Control Tower. He helps customers implement security and governance best practices using native AWS Services and Partner products. He is an AWS Certified Solutions Architect, and his skills include security, compliance, cloud computing, enterprise architecture, and software development. Nam has also worked as a consulting services manager, cloud architect, and as a technical marketing manager.
About the SANS Institute:
The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world—from auditors and network administrators, to chief information security officers—sharing the lessons they learn and jointly finding solutions to the challenges they face.
About AWS Marketplace:
AWS Marketplace is a digital software catalog that makes it easy to find, try, buy, deploy, and manage software that runs on AWS. AWS Marketplace has a broad and deep selection of security solutions offered by hundreds of independent software vendors, spanning infrastructure security, logging and monitoring, identity and access control, data protection, and more. These products can be integrated with AWS Services and other existing technologies, enabling you to deploy a comprehensive security architecture across your AWS and on-premises environments. Visit aws.amazon.com/marketplace to learn more.
*The views and opinions of the SANS Institute and their presenter, Dave Shackleford, are their own, and do not necessarily reflect the positions of AWS.