Ends March 1! GIAC Certification Attempt Included or $400 Off with SANS OnDemand and vLive Training!

Threat Hunting and IR Summit

New Orleans, LA | Tue, Apr 18 - Tue, Apr 25, 2017
Event starts in 51 Days

Featured Threat Hunting and IR Summit Information

icon Webcasts

Threat Hunting and IR Summit Chairman

Rob Lee

icon Featured Presentation

Featured
Presentation

Billions and Billions of Logs; Oh My!
Tuesday, April 18th - 10:15-10:50 am
More Information

icon Summit Speakers

Summit
Speakers


View our Summit
Speaker biographies here!

Summit Agenda


We strive to present the most relevant, timely and valuable content. As a result, this agenda is subject to change. Please check back frequently for changes and updates.

Tuesday, April 18, 2017
Time Presentation Speaker
9:00-9:45 am Welcome, Introductions & Opening Keynote

Rob Lee, Lead - DFIR Curriculum, SANS Institute @robtlee

9:45-10:15 am Networking Break and Vendor Expo
10:15-10:50 am Billions and Billions of Logs; Oh My!

Jack Crook, Principal Incident Responder, General Electric @jackcr

10:55-11:30 am Real-Time Threat Hunting

Tim Crothers, Senior Director - Cybersecurity, Target Corporation

11:35 am - 12:10 pm Biting into the Jawbreaker: Pushing the Boundaries of Threat Hunting Automation

Alex Pinto, Chief Data Scientist, Niddel @alexcpsec

12:10-1:30 pm Lunch
1:30-2:05 pm The Myth of Automated Hunting and Case Studies in ICS/SCADA Networks

Robert M. Lee, CEO & Founder, Dragos, Inc. @RobertMLee

2:10-2:45 pm So Many Ducks, So Little Time

2:45-3:15 pm Networking Break and Vendor Expo
3:15-3:50 pm Hunting on AWS

Alex Maestretti, Engineering Manager, Netflix @maestretti

3:55-4:30 pm Hunting Webshells on Microsoft Exchange Server

Josh Bryant, Cybersecurity Architect, Microsoft @FixTheExchange

4:35-5:10 pm Toppling the Stack: Outlier Detection for Threat Hunters

David Bianco, Principal Engineer, Cyber Security, Target@DavidJBianco

5:10-5:15pm Day 1 Wrap-Up
5:15-6:15pm Networking Reception & Vendor Expo

Wednesday, April 19, 2017
Time Presentation Speaker
9:00-9:15 am Day 2 Overview & Opening Remarks
9:15-10:00 am Keynote to be announced

JJ Guy, Senior Director & Founding Team, Carbon Black @jjguy

10:00-10:30 am Networking Break and Vendor Expo
10:30-11:05 am ShimCache and AmCache enterprise-wide hunting, "evolving beyond grep" Matias Bevilacqua, Senior Incident Response Consultant, Mandiant
11:10-11:45 am Deriving Successful Hunting Strategies with the Diamond Model

Sergio Caltagirone, Director – Threat Intelligence & Analytics, Dragos, Inc. @cnoanalysis

11:50 am - 12:25 pm Taking Hunting to the Next Level: Hunting in Memory
12:25-1:30 pm Lunch
1:30-1:45 pm SANS Threat Hunting Survey Results

Rob Lee, Lead - DFIR Curriculum, SANS Institute@robtlee

1:45-2:20 pm The Mind of a Hunter: A Cognitive, Data-Driven Approach

Chris Sanders, Senior Analyst, FireEye @chrissanders88

2:20-2:55 pm Framing Threat Hunting in the Enterprise

Joseph Ten Eyck, Lead Information Security Analyst, Target Corporation @joseph_teneyck

2:55-3:25 pm Networking Break and Vendor Expo
3:25-4:00 pm Threat Hunting with Network Flow

Austin Whisnant, Member of the Technical Staff, Software Engineering Institute

4:00-4:35 pm Session to be announced

Heather Adkins, Manager of Information Security, Google

4:35-4:45 pm Closing Remarks

Rob Lee, Lead - DFIR Curriculum, SANS Institute @robtlee