Learn cyber security skills you can implement immediately! Seven courses offered Jan. 20-25 in Anaheim, CA

Threat Hunting & IR Summit 2019

New Orleans, LA | Mon, Sep 30, 2019 - Mon, Oct 7, 2019
This event is over,
but there are more training opportunities.

Gain the Upper Hand: Leveraging Telemetry and Response Actions to Close the "Breakout" Window

  • David French, Threat Researcher
  • Tuesday, October 1st, 12:15pm - 1:25pm

As organizations implement additional tools and security controls, security operations teams gain increased visibility into their environment that can be leveraged during threat detection, hunting, and incident response. However, as the volume and types of telemetry increases, security analysts can be overwhelmed and struggle to find the signal in the noise.

Security operations teams that understand their telemetry and what "normal" looks like in their environment, can focus on hunting for and detecting malicious behavior before their organizationās assets are impacted.

Join Endgameās lunch and learn session where we will discuss how security practitioners can:

  • Understand the telemetry that is available to them before hunting for adversary behavior in their environment
  • Use Endgameās Reflex technology along with the publicly released Event Query Language (EQL) to alert, hunt, and even prevent malicious activity
  • Form additional hypotheses for threat hunting after analyzing a real intrusion campaign
Endgame

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Vendor: Events hosted by external vendor exhibitors.
  • Lunch & Learn: Short presentations given during the lunch break.
Monday, September 30
Session Speaker Time Type
Vendor Showcase Monday, September 30th, 10:40am - 11:20am Vendor Event
Evade Me If You Can: An Inside Look at Malware Evasion Techniques Ben Abbott, Solutions Engineer Monday, September 30th, 12:35pm - 1:40pm Lunch and Learn
Domain & DNS-based Adversarial Threat Intelligence in the SOC/CSIRT Corin Imai, Senior Security Advisor & Senior Product Marketing Manager Monday, September 30th, 12:35pm - 1:40pm Lunch and Learn
Vendor Showcase Monday, September 30th, 3:05pm - 3:40pm Vendor Event
Threat Hunting & Incident Response Summit Night Out! Monday, September 30th, 6:00pm - 8:00pm Special Events
Tuesday, October 1
Session Speaker Time Type
Vendor Showcase Tuesday, October 1st, 10:25am - 10:55am Vendor Event
Gain the Upper Hand: Leveraging Telemetry and Response Actions to Close the "Breakout" Window David French, Threat Researcher Tuesday, October 1st, 12:15pm - 1:25pm Lunch and Learn
The Anatomy of an Attack Daniel Bates, Systems Architect Tuesday, October 1st, 12:15pm - 1:25pm Lunch and Learn
Vendor Showcase Tuesday, October 1st, 3:25pm - 3:45pm Vendor Event
Wednesday, October 2
Session Speaker Time Type
DIY Software Supply Chain Monitoring Robert Perica, Principal Engineer Wednesday, October 2nd, 12:30pm - 1:15pm Lunch and Learn
Fidelis Product Test Drive Justin Swisher, MDR Threat Hunting and Charles Twardowski, Manager - Incident Response Wednesday, October 2nd, 6:30pm - 8:30pm Special Events
Thursday, October 3
Session Speaker Time Type
Network Based Threat Hunting: A Case Study in Analyzing an Advanced Threat Matt Pieklik, Sr. Consulting Analyst Thursday, October 3rd, 12:30pm - 1:15pm Lunch and Learn
Malware Analysis: A Deep Dive Experience Anuj Soni Thursday, October 3rd, 6:00pm - 8:00pm Keynote
Friday, October 4
Session Speaker Time Type
DFIR Community Night Friday, October 4th, 6:00pm - 8:00pm Special Events