Choose from Eight InfoSec Courses at SANS Las Vegas 2018. Save $200 thru 12/27.

Network Security 2017

Las Vegas, NV | Sun, Sep 10 - Sun, Sep 17, 2017
This event is over,
but there are more training opportunities.

Stuck in the Box, a SIEM's Tale

  • Justin Henderson
  • Monday, September 11th, 8:15pm - 9:15pm

Organizations often spend excessive amounts of money on SIEM products only to end up with a log collection box when they thought they purchased a tactical detection system. Most organizations find themselves with a SIEM but unsure how to use its capabilities. Point solutions are quick to defend deficiencies by stating each environment is different so you, the customer, must tell them what you want the SIEM to do and then they'll help with professional services or by replacing your current SIEM with something "better and more advanced." This is complete hogwash. Organizations tend to have a lot of overlap such as the use of Windows systems or network protocols such as DNS. As such there are high fidelity detects that can be implemented in every organization.

Enough is enough. If you are looking for techniques and methods to get value out of your current SIEM or are interested in seeing how a new open source big data solution such as the Elastic Stack, formerly ELK, most likely can beat what you have today then this talk is for you. Fact is that it is time to think outside the box. Come find out how one organization spent fourteen months deploying a top magic quadrant SIEM solution to have it beaten by ELK in two weeks.


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
  • Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Sunday, September 10
Session Speaker Time Type
General Session - Welcome to SANS Bryan Simon Sunday, September 10th, 8:00am - 8:30am Special Events
Actionable Detects: Blue Team Cyber Defense Tactics Seth Misenar Sunday, September 10th, 7:15pm - 9:15pm Keynote
Monday, September 11
Session Speaker Time Type
Does your current firewall rise above the Evasion Gap? Michael Knapp, Director, Network Security Architects for the Americas Monday, September 11th, 12:30pm - 1:15pm Lunch and Learn
How ForeScout Supports the Critical Security Controls Peter Underwood, Systems Engineer, ForeScout Technologies Monday, September 11th, 12:30pm - 1:15pm Lunch and Learn
Data Breaches on the Dark Web: Between Defense and Response Alex Viana, VP of Engineering, Terbium Labs Monday, September 11th, 12:30pm - 1:15pm Lunch and Learn
The Next Evolution of Protection: Introduction to Deep Learning Cameron Byers, Enterprise Sales Engineer Monday, September 11th, 12:30pm - 1:15pm Lunch and Learn
How to Beat Evasive Malware at Its Own Game Lenny Zeltser, VP Products Monday, September 11th, 12:30pm - 1:15pm Lunch and Learn
Smartphone and Network Forensics Goes Together Like Peas and Carrots Heather Mahalik and Phil Hagen Monday, September 11th, 7:15pm - 8:15pm SANS@Night
The 14 Absolute Truths of Security Keith Palmgren Monday, September 11th, 7:15pm - 8:15pm SANS@Night
Industrial Control System Active Defense and Threat Intelligence Robert M. Lee Monday, September 11th, 7:15pm - 8:15pm SANS@Night
Introduction to Reversing with IDA Stephen Sims Monday, September 11th, 7:15pm - 8:15pm SANS@Night
Stuck in the Box, a SIEM's Tale Justin Henderson Monday, September 11th, 8:15pm - 9:15pm SANS@Night
Be the Cheat Sheet. Know Memory. Alissa Torres Monday, September 11th, 8:15pm - 9:15pm SANS@Night
Increase Network Visibility: Methods to Feed IDS Sensors Brandon Peterson, Master's Degree Candidate Monday, September 11th, 8:15pm - 8:55pm Master's Degree Presentation
Tuesday, September 12
Session Speaker Time Type
Vendor Solutions Expo Tuesday, September 12th, 12:00pm - 1:30pm Vendor Event
Vendor Solutions Expo Tuesday, September 12th, 5:30pm - 7:30pm Vendor Event
Women's CONNECT Event Hosted by SANS COINS program and ISSA WIS SIG Tuesday, September 12th, 6:00pm - 9:15pm Special Events
GIAC Program Presentation Jeff Frisk Tuesday, September 12th, 6:15pm - 7:15pm Special Events
Introducing DeepBlueCLI, a PowerShell Module for Hunt Teaming via Windows Event Logs Eric Conrad Tuesday, September 12th, 7:15pm - 8:15pm SANS@Night
The Seven Deadly Sins of Incident Response Jake Williams Tuesday, September 12th, 7:15pm - 8:15pm SANS@Night
You've Got Ransomware! Managing the Legal Risk of Cyber Fraud Benjamin Wright Tuesday, September 12th, 7:15pm - 8:15pm SANS@Night
Lets Go Hunting Bad Guys. John Strand Tuesday, September 12th, 8:15pm - 9:15pm SANS@Night
Ten Tenets of CISO Success Frank Kim Tuesday, September 12th, 8:15pm - 9:15pm SANS@Night
Control Things Platform Justin Searle Tuesday, September 12th, 8:15pm - 9:15pm SANS@Night
Wednesday, September 13
Session Speaker Time Type
How to Become a SANS Instructor Eric Conrad Wednesday, September 13th, 12:30pm - 1:15pm Lunch and Learn
Looking Beyond Your Four Walls: Periphery Threat intelligence Josh Fu, Sr. Sales Engineer Wednesday, September 13th, 12:30pm - 1:15pm Lunch and Learn
Why a Holistic Approach is Crucial in Cyber Security Keith Buswell, Sales Engineer Wednesday, September 13th, 12:30pm - 1:15pm Lunch and Learn
ICS Down...It's Go Time! Jason Dely, Professional Services Technical Director, ICS and Critical Infrastructure Wednesday, September 13th, 12:30pm - 1:15pm Lunch and Learn
Visibility and Security in the age of Digital Transformation Gill Langston, Director of Product Management, Qualys Wednesday, September 13th, 12:30pm - 1:15pm Lunch and Learn
Response Policy Zones (RPZ):Using DNS to Choke Malware, Botnets, and Ransomware Matt Stith, Product Manager, Spamhaus Technology; Arnie Bjorklund, SecurityZones Wednesday, September 13th, 12:30pm - 1:15pm Lunch and Learn
Using In-Memory Techniques to Battle Linux Malware Nolan Karpinski, Product Lead. Wednesday, September 13th, 12:30pm - 1:15pm Lunch and Learn
So, You Wanna be a Pentester? Adrien de Beaupre Wednesday, September 13th, 7:15pm - 8:15pm SANS@Night
Three Keys to Mobile Security: Are You Doing Everything You Can to Protect Your Apps? Gregory Leonard Wednesday, September 13th, 7:15pm - 8:15pm SANS@Night
Malware Analysis for Incident Responders: Getting Started Lenny Zeltser Wednesday, September 13th, 7:15pm - 8:45pm SANS@Night
Anti-Ransomware G. Mark Hardy Wednesday, September 13th, 8:15pm - 9:15pm SANS@Night
Secure DevOps: Static Analysis & the Puma‚s Tail Eric Johnson Wednesday, September 13th, 8:15pm - 9:15pm SANS@Night
Don't Always Judge a Packet by Its Cover Gabriel Sanchez, Master's Degree Candidate Wednesday, September 13th, 8:15pm - 8:55pm Master's Degree Presentation
Thursday, September 14
Session Speaker Time Type
The Three Cs to Building a Mature Awareness Program Lance Spitzner Thursday, September 14th, 7:15pm - 8:15pm SANS@Night
Selling Your Information Security Strategy David Todd, Master's Degree Candidate Thursday, September 14th, 7:15pm - 7:55pm Master's Degree Presentation
Securing Your Kids Lance Spitzner Thursday, September 14th, 8:15pm - 9:15pm SANS@Night
Privacy and Legal Dimensions in Increasingly Connected Digital World Muzamil Riffat, Master's Degree Candidate Thursday, September 14th, 8:15pm - 8:55pm Master's Degree Presentation