Take $400 Off Any SANS OnDemand or vLive Course Through Feb. 17

Hacker Guard

Hacker Guard

Detect System Breaches

The first line of defense
Get system administrator training to serve as the first line of defense - human intrusion detectors.

SEC464: Hacker Guard - Security Resources for IT Adminstrators and Operations

Given that there are 10 times as many system and network administrators as there are security professionals today, the SANS Hacker Guard program trains system and networks operations professionals to serve as the first line of defense, a "Human Sensor Network", in the struggle to detect unauthorized access to your organization's systems, applications, and networks.

The SANS SEC464 Hacker Guard program has three key learning objectives for system and network administrators. The program teaches the importance of:

  • Baselining
  • Continuous Monitoring of Baselines for Anomalies
  • Documenting these anomalies (breaches) and communicating them to the Incident Response Team

The program gives system and network administrators the skills to use tools already provided by Microsoft and open source tools for both Windows and Unix systems to detect what is "not normal" in a system. During the initial 12 hours of instruction, we run 10 hands-on labs that help attendees gain the skills necessary to baseline, continuously monitor, and communicate properly with the Incident Response team.

The SANS community has requested that this training be a program rather than a one time training event.

Therefore, following the initial 12 hours of instruction, SANS includes 4 quarterly threat briefs and tools updates which leverage the core skills learned in the initial training. Students can leverage and apply what has been learned to current real life threats as they occur. One year of these quarterly briefings is included in the initial training fee.

What You Get

  • Instruction
    • 2 Days of hands-on instruction
    • Includes 10, intensive labs
    • Quarterly 90 minute threat briefings (1 year access - 4 updates)

Mission Statement

The mission of the SANS Hacker Guard program is to have the great majority of breaches in an organization's information systems be detected early on by system administrators, before serious damage has been done to your organization.

Current State

There are not enough well-trained network security professionals to meet the daily onslaught of cyber criminal and cyber terrorist activities. Major Anti-Virus Vendors report dealing with more than one million pieces of malware weekly. Today the issue is not "If we will be hacked," but "When we will be hacked, are we prepared to manage and contain the incident?" On October 3, 2012, 53 Universities suffered unauthorized access to their networks. The hacktivist group that took responsibility for the hack acknowledged: "When we got there, we found most University servers already had malware injected."


We can best do this by providing system administrators and others in IT Operations with the skills they need to baseline their systems, continuously monitor these systems for abnormalities, and then alert the security team to these deviations from the baseline for resolution by the security team.