SANS Debuts Significantly Updated ICS Active Defense and Incident Response Security Training Course

Bethesda, Md. – To address the increase in industrial threats, SANS Institute, the global leader in cyber security training, today announced significant updates to its ICS515: ICS Active Defense and Incident Response course. While the ICS515: ICS Active Defense and Incident Response course is periodically updated to remain current, this is the first time a significant portion of the course has been updated all at once. New tools, techniques and skills for operating in an ICS environment are some of the things students can look forward to in addition to a whole new lab environment.

"In the past year alone we've seen two really concerning pieces of malware, CRASHOVERRIDE which targeted the Ukraine power grid and Trisis targeting a petrochemical facility. We are also seeing new threat groups starting in the industrial sector," said Robert M. Lee (@RobertMLee), CEO of Dragos and a SANS Instructor and author of the ICS515 course. "The updates to this course are significant and timely as there is a lot to learn from these attacks. We have taken what we know and codified this knowledge to better prepare ICS professionals for the increased level of attacks on industrial environments."

ICS515: ICS Active Defense and Incident Response is the only training in the world that certifies a person's knowledge in hunting and responding to threats in an ICS environment. It is quickly becoming an industry standard for ICS monitoring and incident response. The updated aspect of this course provides a more robust training opportunity than ever before. Over 40 percent of the course has changed including an extremely complex new water utility lab that takes students through four days of dealing with their own incidents in a real, controlled environment.

There is a corresponding GIAC Certification available for the ICS515 course. The exciting GRID Certification is for professionals who want to demonstrate that they can effectively perform Active Defense strategies specific to and appropriate for an Industrial Control System (ICS) network and systems. Get more information here:

For additional information on the newly updated ICS515: ICS Active Defense and Incident Response course, or to register for an upcoming course run, please visit:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions world-wide. Renowned SANS instructors teach more than 60 courses at in-person and virtual cyber security training events and on demand. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system–the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (