Hunting Your Adversary - How to Operate and Leverage an Incident Response Hunt Team
- Rob Lee, Fellow, SANS Institute
- Monday, August 3rd, 7:15pm - 9:15pm
Over 80% of all breach victims learn of a compromise from third-party notifications, not from internal security teams. In most cases, adversaries have been rummaging through your network undetected for months or even years. Incident response tactics and procedures have evolved rapidly over the past several years. Data breaches and intrusions are growing more complex. Adversaries are no longer compromising one or two systems in your enterprise; they are compromising hundreds. To counter this, many incident response teams are either responding to incidents or hunting for the next ones. As a result, Incident Response Hunt teams have become a dedicated component to most modern SOCs. Incident response techniques that collect, classify, and exploit knowledge about these adversaries - collectively known as cyber threat intelligence - enable network defenders to establish a state of information superiority that decreases the adversary's likelihood of success with each subsequent intrusion attempt. Learn how IR/Hunt teams are formed, operate, best practices, and how they engage their targets across the enterprise. Learn how to hunt your adversaries or simply become another victim.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Lunch & Learn: Short presentations given during the lunch break.
Wednesday, August 5
Session |
Speaker |
Time | Type |
Adopting an Attacker Mindset with Core Impact Pro® |
Joe DiGregorio, Customer Experience Engineer, Core Security |
Wednesday, August 5th, 12:30pm - 1:15pm |
Lunch and Learn |
Identity is the New Perimeter |
Dean Thompson, VP of Technical Services |
Wednesday, August 5th, 12:30pm - 1:15pm |
Lunch and Learn |
Instant Layered Security For Your Cloud Servers |
Michael Young, Cloud Security Evangelist |
Wednesday, August 5th, 12:30pm - 1:15pm |
Lunch and Learn |
Uncovering "Unknown Unknowns": Detecting Compromise Before it Becomes a Crisis |
Jim Penrose, EVP of Cyber Intelligence |
Wednesday, August 5th, 12:30pm - 1:15pm |
Lunch and Learn |
The 14 Absolute Truths of Security |
Keith Palmgren |
Wednesday, August 5th, 7:15pm - 8:15pm |
SANS@Night |
The Internet of Evil Things |
Johannes Ullrich |
Wednesday, August 5th, 8:15pm - 9:15pm |
SANS@Night |