One Day Left to Get an iPad Pro w/ Smart Keyboard, HP ProBook, or $350 Off with OnDemand and vLive Training!

New York Metro Winter 2019

Jersey City, NJ | Mon, Feb 18 - Sat, Feb 23, 2019
This event is over,
but there are more training opportunities.

Proactive Threat Analysis and Correlation

  • David Hoelzer
  • Monday, February 18th, 7:15pm - 9:15pm

Many of our organizations are trying hard to do all of the correlation at the SIEM. While this is a great goal, creating all of the digestors, interpreting the events, and writing correlations is very time consuming! At least in my opinion, it's better to do the correlation as close to the originator of the data as possible since the originator likely best understands the context. In this talk we will look at using an awesome open-source network intelligence framework to turn threat analyses into correlations at the network level, allowing us to find a variety of threats without needing to know their "signature"!


Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
Monday, February 18
Session Speaker Time Type
General Session - Welcome to SANS Jon Gorenflo Monday, February 18th, 8:00am - 8:30am Special Events
Proactive Threat Analysis and Correlation David Hoelzer Monday, February 18th, 7:15pm - 9:15pm Keynote
Tuesday, February 19
Session Speaker Time Type
Infosec Rock Star: Geek Will Only Get You So Far Ted Demopoulos Tuesday, February 19th, 7:15pm - 8:15pm SANS@Night
Wednesday, February 20
Session Speaker Time Type
Passing GIAC Exams for Fun and Professional Growth Jon Gorenflo Wednesday, February 20th, 7:15pm - 8:15pm SANS@Night