Online Training Special: Get a GIAC Certification Attempt Included or $350 Off through 5/29!


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS Debuts Significantly Updated ICS Active Defense and Incident Response Security Training Course

Major Updates in Response to Concerning New Malware and Threat Groups in the Industrial Sector

  • Bethesda, MD
  • April 26, 2018

To address the increase in industrial threats, SANS Institute, the global leader in cyber security training, today announced significant updates to its ICS515: ICS Active Defense and Incident Response course. While the ICS515: ICS Active Defense and Incident Response course is periodically updated to remain current, this is the first time a significant portion of the course has been updated all at once. New tools, techniques and skills for operating in an ICS environment are some of the things students can look forward to in addition to a whole new lab environment.

"In the past year alone we've seen two really concerning pieces of malware, CRASHOVERRIDE which targeted the Ukraine power grid and Trisis targeting a petrochemical facility. We are also seeing new threat groups starting in the industrial sector," said Robert M. Lee (@RobertMLee), CEO of Dragos and a SANS Instructor and author of the ICS515 course. "The updates to this course are significant and timely as there is a lot to learn from these attacks. We have taken what we know and codified this knowledge to better prepare ICS professionals for the increased level of attacks on industrial environments."

ICS515: ICS Active Defense and Incident Response is the only training in the world that certifies a person's knowledge in hunting and responding to threats in an ICS environment. It is quickly becoming an industry standard for ICS monitoring and incident response. The updated aspect of this course provides a more robust training opportunity than ever before. Over 40 percent of the course has changed including an extremely complex new water utility lab that takes students through four days of dealing with their own incidents in a real, controlled environment.

There is a corresponding GIAC Certification available for the ICS515 course. The exciting GRID Certification is for professionals who want to demonstrate that they can effectively perform Active Defense strategies specific to and appropriate for an Industrial Control System (ICS) network and systems. Get more information here:

For additional information on the newly updated ICS515: ICS Active Defense and Incident Response course, or to register for an upcoming course run, please visit:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals at governments and commercial institutions world-wide. Renowned SANS instructors teach over 60 different courses at more than 200 live cyber security training events as well as online. GIAC, an affiliate of the SANS Institute, validates a practitioner's qualifications via over 30 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers master's degrees in cyber security. SANS offers a myriad of free resources to the InfoSec community including consensus projects, research reports, and newsletters; it also operates the Internet's early warning system--the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to help the entire information security community. (