SANS Network Security offers 40+ cyber security courses in Las Vegas or Live Online. Save $300 thru tomorrow.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Detecting Malicious Activity in Large Enterprises

  • Thursday, September 10, 2020 at 1:00 PM EDT (2020-09-10 17:00:00 UTC)
  • Matt Bromiley, Anton Chuvakin

Sponsor

  • Chronicle

You can now attend the webcast using your mobile device!

  

Overview

Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed.

In this webcast, SANS author Matt Bromiley and Chronicle Security’s Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:

  • In your current state, how much data are you ingesting/analyzing?
  • How is your team writing detections? What types of metadata points are they looking for?
  • How do you detect threats?
  • Can you effectively scale detections across your data sets?
  • How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant?

Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.


Anton Chuvakin

Dr. Anton Chuvakin is involved with security solution strategy at Google Cloud, where he arrived via Chronicle Security (an Alphabet company) acquisition in July 2019. Anton was, until recently, a Research Vice President and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies team. Anton is a recognized security expert in the field of log management, SIEM and PCI DSS compliance.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.