Gain Top-Notch InfoSec Skills at SANS Las Vegas 2018. Save $400 thru 12/6.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Threat Hunting

  • Tuesday, February 2nd, 2016 at 1:00 PM EST (18:00:00 UTC)
  • Rob Lee, Robert M. Lee, Luis Maldonado
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Sqrrl Data, Inc.

You can now attend the webcast using your mobile device!

Overview

The threats facing organizations today mean that the analysts in security operations centers can no longer sit passively waiting for alerts to come through. Sophisticated attacks require a more active role in detecting and isolating them. That's where threat hunting comes in.

Firewalls, intrusion detection systems and SIEMs all depend on alerts to spur action. But alerts can be difficult to prioritize, largely because they are limited in what they can tell the SOC about what is going on. They are like pieces of a puzzle that leave analysts reactively digging through log files and jumping from repository to repository as they try to get a clear picture of the event that precipitated the alert.

In contrast, threat hunting is a proactive approach designed to uncover threats that lie hidden in a network or system, evading more traditional security tools.

In this webcast, you will learn how threat hunts are initiated, the skills that threat hunters must have, and the differences between structured and unstructured hunts. In addition, you will hear the latest developments in threat hunting from Sqrrl including a live demo of use-cases with their Sqrrl Threat Hunting Platform.

Be among the first to receive the associated whitepaper written by Robert M. Lee and Rob Lee.

View the associated whitepaper here.


Don't miss the Threat Hunting Season! Learn how to hunt your enemy before it hunts you.

Threat Hunting & Incident Response Summit | New Orleans, LA
Summit Dates: April 12-13
Training Course Dates: April 14-19
For more information or to register visit: sans.org/ThreatHuntingSummit

The Threat Hunting & Incident Response Summit was created to provide you with the methodic preparation needed to cull your adversaries from your network before you become their prey. In just two days of talks & five days of courses, you will learn from incident response and detection experts who are actively hunting for threats and stopping the most recent, sophisticated, and dangerous attacks against organizations.


Speaker Bios

Rob Lee

Rob Lee is the curriculum lead and author for digital forensic and incident response at the SANS Institute. With more than 19 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services via HARBINGERS LLC. in the Boston, MA. area. Before directing services at HARBINGERS, Rob worked with government agencies in law enforcement, defense, and intelligence communities as a lead for vulnerability discovery and exploit development teams supporting Title10/50 cyber operations. Following his work in the intel community, he worked at the incident response firm MANDIANT for 5 years. Notably, he co-authored MANDIANT's first detail threat intelligence reports on Chinese APT activity titled "M-Trends: The Advanced Persistent Threat."


Robert M. Lee

Robert M. Lee, a SANS certified instructor and author of the "ICS Active Defense and Incident Response" and "Cyber Threat Intelligence" courses, is the founder and CEO of Dragos, a critical infrastructure cyber security company, where he focuses on control system traffic analysis, incident response and threat intelligence research. He has performed defense, intelligence and attack missions in various government organizations, including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Author of SCADA and Me and a nonresident National Cyber Security Fellow at New America, focusing on critical infrastructure cyber security policy issues, Robert was named EnergySec's 2015 Energy Sector Security Professional of the Year.


Luis Maldonado

Luis Maldonado has been designing, building and productizing enterprise software products for over 20 years. With a keen focus on creating business value from large-scale computing systems, Luis has shaped technologies that include middleware, cloud computing, security and big data into business-driven products. As vice president of products, Luis is responsible for Sqrrl's product strategy, management and marketing efforts. Prior to Sqrrl, Luis led the product management efforts for HP's Vertica business unit and previously held product leadership positions for companies such as Akamai, Progress Software and Imprivata. Luis holds a B.S. in computer science and engineering from MIT.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.