Welcome to Threat Hunting and IR Summit
- In-depth threat hunting talks
- Six hands-on, immersion-style courses
- Exclusive networking opportunities
Help SANS identify those types of organizations most concerned about insider threats, the characteristics of those threats and what is being done to prepare for—and respond to—an actual insider incident. Take the SANS 2017 Survey on Insider Threats and register for a chance to win a $400 Amazon gift card: https://www.surveymonkey.com/r/2017SANSInsiderThreat
Threat Hunting & Incident Response Summit 2017
- Chairman: Rob Lee
- CPE Credits: 16
Summit Dates: April 18-19
Training Course Dates: April 20-25
Will you be the Hunter or the Prey?
The Threat Hunting & Incident Response Summit will focus on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. SANS, along with the Threat Hunting Summit's founding partner, Carbon Black is excited to provide attendees the opportunity to collaborate with and learn from incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations.
Chances are very high that hidden threats already exist inside your organization's networks. Organizations can't afford to assume that their security measures are impenetrable, no matter how thorough their security precautions might be. Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools.
The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress rather than after attackers have attained their objectives and done worse damage to the organization. For the incident responder, this process is known as "threat hunting." Threat hunting uses known adversary behaviors to proactively examine the network and endpoints and identify new data breaches.
Threat Hunting & Incident Response Summit & Training
The Summit will explore the following:
- The effectiveness of threat hunting in reducing the dwell time of adversaries
- Threat hunting - Buzzword or Actionable Strategy?
- Automated threat hunting: Fact or fiction
- Threat hunting tools, tactics, and techniques that can be used to improve the defense of your organization
- Case studies on the application of threat hunting to security operations
- Innovative threat hunting tactics and techniques
- New tools that can help threat hunting for both endpoints and networks
- Perspectives and case studies that challenge threat hunting assumptions and can result in a shift in understanding
In addition to two days of in-depth threat hunting discussions, you'll have the opportunity to network with fellow attendees at breaks and social events. Attendees tell us time and again that one of the greatest takeaways from these events is the many industry connections they forge or deepen during their time with us. Last year's networking event was held at the House of Blues, where attendees enjoyed food, drinks, and live music performed by a New Orleans Jazz band!
"Awesome material and presenters with a wide degree of coverage and content on threat hunting." - Dallas Moore, Threat Hunter, PepsiCo
2016 Summit Keynote: Hunting as a Culture Ben Johnson, Co-Founder, Carbon Black
View other Summit Talks from the 2016 Summit.
After the two-day Summit, choose from six hands-on, immersion-style SANS courses to help you expand your information security expertise. SANS courses are taught by experienced industry practitioners who are among the best cybersecurity instructors in the world. They will provide you with the guidance and skills you need to defend your organization from ever-evolving threats.
Who Should Attend?
- Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and counter the tradecraft of adversaries.
- Incident Response Team Members who regularly respond to complex security incidents and intrusions by advanced persistent threat (APT) adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across an enterprise.
- Security Operations Center Personnel and Information Security Practitioners who support hunting operations that aim to identify attackers in their network environments.
- Digital Forensic Analysts who want to consolidate and expand their understanding of filesystem forensics, investigations of technically advanced adversaries, incident response tactics, and advanced intrusion investigations.
- System Administrators who are on the front lines defending their systems and responding to attacks
- Federal Agents and Law Enforcement Officials who want to master advanced intrusion investigations and incident response, as well as expand their investigative skills beyond traditional host-based digital forensics.