How to build a detection and response strategy for insider threats

Effective threat detection strategies consider a wide range of scenarios where unauthorized information can be disclosed by overprivileged accounts, misconfigured security controls, or other vectors.

In this webinar, SANS and AWS Marketplace will overview building a detection and threat hunting workflow, focusing on preventing insider activity. The speakers will cover monitoring techniques and controls, event logging, and examples of scenarios illustrating common vulnerabilities and insider tactics in cloud environments.

Register today to be among the first to receive the accompanying whitepaper written by SANS senior instructor, Dave Shackleford.

Attendees will learn how to:

Configure monitoring and event logging for privilege escalation, data exfiltration, permissions abuse, and other anomalous behavior
Identify common vulnerabilities with a focus on DevOps and identity and access management (IAM) vectors
Build a detection and threat hunting workflow to respond to insider activity
Develop and implement guardrails to help reduce instances of unauthorized activity and access

Who Should Attend?

Security Analysts, Security Architects, Security Engineers, Cloud Security Architects, and the office of the CISO

Speakers

Dave Shackleford, Analyst and Senior Instructor at SANS

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Nam Le, Specialist Solutions Architect at AWS

Nam Le is a Specialist Solutions Architect at AWS covering AWS Marketplace, Service Catalog, Migration Services, and Control Tower. He helps customers implement security and governance best practices using native AWS Services and Partner products. He is an AWS Certified Solutions Architect, and his skills include security, compliance, cloud computing, enterprise architecture, and software development. Nam has also worked as a consulting services manager, cloud architect, and technical marketing manager.

Register for the webinar

Website Referral Code:

Z-[OP]-Form Validation Bot Verification:

Last Web Form Update:

_mkto_trk

Suppress SFDC Auto-Response Email:

Z-[OP]-URL Tracking TRK Campaign:

Z-[OP]-URL Tracking SiteCatalyst Campaign:

Z-[OP]-URL Tracking SiteCatalyst Segment:

Z-[OP]-URL Tracking SiteCatalyst Channel:

Z-[OP]-URL Tracking SiteCatalyst Geo:

Z-[OP]-URL Tracking SiteCatalyst Content:

Z-[OP]-URL Tracking SiteCatalyst Medium:

Z-[OP]-URL Tracking SiteCatalyst Outcome:

Z-[OP]-URL Tracking SiteCatalyst Publisher:

Z-[OP]-URL Tracking SiteCatalyst S_FID:

Z-[OP]-Form Terms and Conditions Copy:

Z-[OP]-Email Validation Hygiene:

Z-[OP]-URL Tracking Lead ID:

Z-[OP]-DB-Annual Revenue:

Z-[OP]-DB-City:

Z-[OP]-DB-Company Size:

Z-[OP]-DB-Company:

Z-[OP]-DB-Country:

Z-[OP]-DB-Employee Range:

Z-[OP]-DB-Industry:

Z-[OP]-DB-Internet Service Provider:

Z-[OP]-DB-IP Address:

Z-[OP]-DB-Lead ID:

Z-[OP]-DB-PostalCode:

Z-[OP]-DB-StateProv:

Z-[OP]-DB-Website Domain:

Z-[OP]-Form Unique ID:

Reason For Registering:

Business Email Address:

First Name:

Last Name:

Phone Number:

Company Name:

Country / Region:

State/Province:

Postal Code:

Industry:

Job Role:

Job Title:

Level of AWS Usage:

Use Case:

I am completing this form in connection with my:

Z-[OP]-APN Form Completion String:

About the SANS Institute:

The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world—from auditors and network administrators, to chief information security officers—sharing the lessons they learn and jointly finding solutions to the challenges they face.

About AWS Marketplace:

AWS Marketplace is a digital software catalog that makes it easy to find, try, buy, deploy, and manage software that runs on AWS. AWS Marketplace has a broad and deep selection of security solutions offered by hundreds of independent software vendors, spanning infrastructure security, logging and monitoring, identity and access control, data protection, and more. These products can be integrated with AWS Services and other existing technologies, enabling you to deploy a comprehensive security architecture across your AWS and on-premises environments. Visit aws.amazon.com/marketplace to learn more.

*The views and opinions of the SANS Institute and their presenter, Dave Shackleford, are their own, and do not necessarily reflect the positions of AWS.

On-Demand Webinar: