Develop invaluable cybersecurity skills through interactive training during SANS 2021 - Live Online. Register now.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Six stages of an attack: The Art of Detection

  • Wednesday, April 05, 2017 at 1:00 PM EDT (2017-04-05 17:00:00 UTC)
  • Richard Harlan, Matt Bromiley


  • Cybereason

You can now attend the webcast using your mobile device!



The organizations keeping customer data safe don't necessarily spend more on security, but have learned to artfully balance resources across prevent more, detect faster, mitigate more accurately, and minimize damage.

While initial network penetration is quick and difficult to detect, attackers perform a series of actions once they're inside the network, offering a window of opportunity for detection early in the attack life-cycle. This gives enterprise defenders a chance to act quickly to stop or minimize business impact. Doing threat lifecycle management effectively takes a mix of mature security processes, analyst skills, and "force multiplier" tools.

In our upcoming webinar, SANS and Cybereason will discuss the attack lifecycle post-penetration and offer an approach for successful detection.

Join us to learn:

  • A more in-depth look at the six stages of the attack lifecycle
  • How to avoid the pitfalls that cause network infiltration detection to fail
  • An effective approach for accurate detection throughout the entire attack lifecycle, not just an infiltration

Speaker Bios

Richard Harlan

Richard Harlan, is a knowledgeable sales technical engineer. He has built an small ISP in Western Kansas from the ground up. From there, he moved over to work at John Deere, specializing in their Application Infrastructure group working mostly with f5 and iRules. Richard also spent 9 years working at f5 working heavily with iRules and Security products. At Cybereason, he focuses on network-based threats from an endpoint prospect.

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.