Train From Home on Your Schedule with OnDemand - Special Offers Available Now


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS Institute to Debut New Security Training Course to Help Security Professionals Turn the Table on Attackers who Successfully Infiltrate a Network

Breakthrough Course Teaches Proven Techniques for Active Defense, Offensive Countermeasures and Cyber Deception

  • Bethesda, MD
  • June 1, 2015

Once an adversary gains initial access into a network the vast majority, many of whom are maneuvering adroitly throughout the organization with stolen credentials, go undetected; sometimes for years. SANS Institute, the global leader in information security training, today announced the addition of a new security training course that provides security professionals with the critical tools and skills needed to frustrate, deceive and catch these malicious actors. The SEC550: Active Defense, Offensive Countermeasures and Cyber Deception course will make its debut at SANS San Jose 2015 taking place July 20 - 25. This course explores proven anticipatory and active defense techniques that are missing from most security programs today.

"Traditional defenses are failing organizations. While firewalls, intrusion detection systems, end-point security suites and other traditional defenses provide a critical first line of defense, they are no longer enough. Advanced persistent threat (APT) groups bypass traditional defenses as a course of business," said Bryce Galbraith, SANS instructor and contributing author of the SEC550: Active Defense, Offensive Countermeasures and Cyber Deception course. "As our adversaries get better, so must we. The SEC550 course is unique in many ways and is specifically designed to empower defenders to take their defenses to the next level as they systematically and deliberately thwart, frustrate, and deceive their adversaries. Students will learn techniques that are designed to ruin adversaries' day."

Students participating in this new course will learn:

  • How to force an attacker to take more moves to attack a network - moves that in turn may increase a defender's ability to detect that attacker
  • How to gain better attribution as to who is attacking and why
  • How to gain access to a bad guy's system
  • Most importantly, they will learn how to do the above legally

SEC550: Active Defense, Offensive Countermeasures and Cyber Deception is based on the Active Defense Harbinger Distribution live Linux environment funded by the Defense Advanced Research Projects Agency (DARPA). This virtual machine is built from the ground up for defenders to quickly implement Active Defenses in their environments. The course is filled with hands-on activities focusing on active defenses which students will be able to quickly and easily implement in their own network environment.

For a complete list of courses offered at SANS San Jose 2015, or to register for the training event, please visit:

SANS Media Contact

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (