Advance your Career with Hands-on Cyber Security Training in San Francisco. Save $350 thru 5/29.

Boston 2017

Boston, MA | Mon, Aug 7 - Sat, Aug 12, 2017
This event is over,
but there are more training opportunities.

Quality not Quantity: Continuous Monitoring's Deadliest Events

  • Eric Conrad
  • Wednesday, August 9th, 7:15pm - 8:15pm

Most Security Operations Centers are built for compliance, not security. One well-known retail firm suffered the theft of over a million credit cards. 60,000 true positive events were reported to their SOC during that breach... and missed: lost in the noise of millions. If you are bragging about how many events your SOC "handles" each day: you are doing it wrong.

During this talk we will show you how to focus on quality instead of quantity, and provide an actionable list of the deadliest events that occur during virtually every successful breach. We will also provide an overview of DeepBlueCLI, a PowerShell framework for automatically detecting the deadliest events.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Lunch & Learn: Short presentations given during the lunch break.
Monday, August 7
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Monday, August 7th, 8:00am - 8:30am Special Events
Exploitation Throughout the Ages: Stacks, Canaries, ASLR, ROP and More! David Hoelzer Monday, August 7th, 7:15pm - 9:15pm Keynote
Tuesday, August 8
Session Speaker Time Type
Recorded Future Lunch and Learn Tuesday, August 8th, 12:30pm - 1:15pm Lunch and Learn
HTTPDeux Adrien de Beaupre Tuesday, August 8th, 7:15pm - 8:15pm SANS@Night
Collecting and Exploiting Your 'Private' Internet Data using OSINT Micah Hoffman Tuesday, August 8th, 8:15pm - 9:15pm SANS@Night
Wednesday, August 9
Session Speaker Time Type
Quality not Quantity: Continuous Monitoring's Deadliest Events Eric Conrad Wednesday, August 9th, 7:15pm - 8:15pm SANS@Night