Digital Threat Management (DTM); Advanced Hunter and Defender Techniques
- Benjamin Powell, Technical Marketing Manager
- Monday, April 10th, 12:30pm - 1:15pm
80% of attacks happen outside of your firewall. How can you further optimize external threat investigation and understand your active attack surface? In this session, you will learn how to more rapidly correlate digital breadcrumbs to hunt down attackers, exploits and infrastructure. Examining recent publicized attacks with RiskIQ DTM platform, we will dive into the attack, adversary and analysis.
Bonus Sessions
The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:
- SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
- Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
- Vendor: Events hosted by external vendor exhibitors.
- Lunch & Learn: Short presentations given during the lunch break.
- Master's Degree Presentation: Presentations given by SANS Technology Institute's Master's Degree candidates.
Friday, April 7
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Friday, April 7th, 8:00am - 5:30pm | Special Events |
Saturday, April 8
| Session | Speaker | Time | Type |
|---|---|---|---|
| GSE Lab Examination | — | Saturday, April 8th, 8:00am - 5:30pm | Special Events |
Sunday, April 9
| Session | Speaker | Time | Type |
|---|---|---|---|
| General Session - Welcome to SANS | Eric Conrad | Sunday, April 9th, 8:00am - 8:30am | Special Events |
| Quality not Quantity: Continuous Monitoring's Deadliest Events | Eric Conrad | Sunday, April 9th, 7:15pm - 9:15pm | Keynote |
Monday, April 10
| Session | Speaker | Time | Type |
|---|---|---|---|
| DDoS, password policies, and spam: What do they all have in common? | Nathan McKay, Security Marketing Solutions Architect | Monday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Launch, Detect, Evolve: The Mutation of Malware | Michael Hernandez, Senior Sales Engineer, Malwarebytes | Monday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Digital Threat Management (DTM); Advanced Hunter and Defender Techniques | Benjamin Powell, Technical Marketing Manager | Monday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Threat Hunting 102: Beyond the Basics, Maturing Your Threat Hunting Program | Jayson Wehrend, Solutions Engineer | Monday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Perils of Shadow IT 2.0: The Mobile App-to-Cloud Security Gap | James Plouffe, Lead Solutions Architect, MobileIron | Monday, April 10th, 12:30pm - 1:15pm | Lunch and Learn |
| Threat Hunting Workshop | Benjamin Powell, Technical Marketing Manager | Monday, April 10th, 5:30pm - 7:30pm | Vendor Event |
| GIAC Program Presentation | Jeff Frisk | Monday, April 10th, 6:15pm - 7:15pm | Special Events |
| Securing Your Kids | Lance Spitzner | Monday, April 10th, 7:15pm - 8:15pm | SANS@Night |
| Taking Control of Your Application Security | Eric Johnson | Monday, April 10th, 7:15pm - 8:15pm | SANS@Night |
| Indicators of Compromise Ransomware TeslaCrypt Malware | Kevin Kelly, Master's Degree Candidate | Monday, April 10th, 7:15pm - 7:55pm | Master's Degree Presentation |
| The Three C's to Building a Mature Awareness Program | Lance Spitzner | Monday, April 10th, 8:15pm - 9:15pm | SANS@Night |
| Be the Cheatsheet. Know Memory. | Alissa Torres | Monday, April 10th, 8:15pm - 9:15pm | SANS@Night |
| Learning Normal with the Kansa PowerShell Incident Response Framework | Jason Simsay, Master's Degree Candidate | Monday, April 10th, 8:15pm - 8:55pm | Master's Degree Presentation |
Tuesday, April 11
| Session | Speaker | Time | Type |
|---|---|---|---|
| Vendor Solutions Expo | — | Tuesday, April 11th, 12:00pm - 1:30pm | Vendor Event |
| CyberTalent Lunch and Learn | — | Tuesday, April 11th, 12:30pm - 1:15pm | Lunch and Learn |
| Vendor Solutions Expo | — | Tuesday, April 11th, 5:30pm - 7:30pm | Vendor Event |
| Operating an ICS/SCADA Security Operations Center | Robert M. Lee | Tuesday, April 11th, 7:15pm - 8:15pm | SANS@Night |
| The Tap House | Philip Hagen | Tuesday, April 11th, 7:15pm - 8:15pm | SANS@Night |
| Arming SMB's Against Ransomware Attacks | Timothy Ashford, Master's Degree Candidate | Tuesday, April 11th, 7:15pm - 7:55pm | Master's Degree Presentation |
| The End of Banking as We Know It: How Crypto Currencies and e-Payments are Breaking Up a Centuries-Old Monopoly | G. Mark Hardy | Tuesday, April 11th, 8:15pm - 9:15pm | SANS@Night |
| Logs Unite! - Forensic Analysis of Apple Unified Logs | Sarah Edwards | Tuesday, April 11th, 8:15pm - 9:15pm | SANS@Night |
| Impediments to Adoption of Two-Factor Authentication by Home End-Users | Preston Ackerman, Master's Degree Candidate | Tuesday, April 11th, 8:15pm - 8:55pm | Master's Degree Presentation |
Wednesday, April 12
| Session | Speaker | Time | Type |
|---|---|---|---|
| How to Become a SANS Instructor | Eric Conrad | Wednesday, April 12th, 12:30pm - 1:15pm | Lunch and Learn |
| The Dark Web: What It Is, What's on It, and How to Find It | Tyler Carbone, COO Terbium Labs | Wednesday, April 12th, 12:30pm - 1:15pm | Lunch and Learn |
| "So you've got Threat Intelligence - Now what? An introduction to making use of indicator expansion, workflows, and context." | Daniel Katz , Sales Engineer | Wednesday, April 12th, 12:30pm - 1:15pm | Lunch and Learn |
| The Night of the Living XP: Attacks on Legacy and Embedded Systems | Paul Schofield, Director of Customer Experience | Wednesday, April 12th, 12:30pm - 1:15pm | Lunch and Learn |
| Keep Calm and Prioritize: Five Requirements for Streamlining Vulnerability Remediation | Jimmy Graham, Director of Product Management | Wednesday, April 12th, 12:30pm - 1:15pm | Lunch and Learn |
| Anatomy of an Attack | Mark Stanford, Systems Engineer Manager, Cisco | Wednesday, April 12th, 12:30pm - 1:15pm | Lunch and Learn |
| Stop the Exploits. Stop the Attacks. Keep threats off your devices, before they can run | Steve Weber, Sales Engineer, Sophos, Inc. | Wednesday, April 12th, 12:30pm - 1:15pm | Lunch and Learn |
| Cyber-Hygiene and Standards of Care: Practical Defenses against Advanced Attacks | James Tarala | Wednesday, April 12th, 7:15pm - 8:15pm | SANS@Night |
| You've Got Ransomeware! Managing the Legal Risk of Cyber Fraud | Benjamin Wright | Wednesday, April 12th, 7:15pm - 8:15pm | SANS@Night |
| Influence and Implementation | Wesley Earnest, Master's Degree Candidate | Wednesday, April 12th, 7:15pm - 7:55pm | Master's Degree Presentation |
| Mobile Application Assessment | Chris Crowley | Wednesday, April 12th, 8:15pm - 9:15pm | SANS@Night |
| Prioritizing Your Security Program | Keith Palmgren | Wednesday, April 12th, 8:15pm - 9:15pm | SANS@Night |
| SS7 - Teleco's Fallen Wall | Hassan Mourad, Master's Degree Candidate | Wednesday, April 12th, 8:15pm - 8:55pm | Master's Degree Presentation |
Thursday, April 13
| Session | Speaker | Time | Type |
|---|---|---|---|
| The Internet of Things is Turning Against Us | Johannes Ullrich, Ph.D. | Thursday, April 13th, 7:15pm - 8:15pm | SANS@Night |
| Breaking Next Next (Next?) Gen Security Software | John Strand | Thursday, April 13th, 7:15pm - 8:15pm | SANS@Night |
| Simple Approach to Access Control: Port Control and MAC Filtering | William Knaffl, Master's Degree Candidate | Thursday, April 13th, 7:15pm - 7:55pm | Master's Degree Presentation |
| HTTPDeux | Adrien de Beaupre | Thursday, April 13th, 8:15pm - 9:15pm | SANS@Night |
| Ten Tenets of CISO Success | Frank Kim | Thursday, April 13th, 8:15pm - 9:15pm | SANS@Night |
| Database Activity Monitoring (DAM): How It Works, And What You Need To Know To Implement It | Charles Brodsky, Master's Degree Candidate | Thursday, April 13th, 8:15pm - 8:55pm | Master's Degree Presentation |
