Join us for in-depth talks, exclusive networking, and world-class training at Security Awareness Summit Dec 1-4!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

SANS 2017 Incident Response Survey Results - Part 1: Attack, Response and Maturity

  • Tuesday, June 13, 2017 at 12:00 PM EDT (2017-06-13 16:00:00 UTC)
  • Danielle Russell, Matt Bromiley, Riana Smalberger, James Carder


  • AlienVault
  • Anomali
  • Guidance Software
  • IBM
  • LogRhythm
  • Mcafee LLC

You can now attend the webcast using your mobile device!



Expand your knowledge even further, consider attending the Threat Hunting and Incident Response Summit, April 2017 or the Digital Forensics and Incident Response Summit, June 2017

SANS' 2016 survey of incident response (IR) capabilities indicated that the IR landscape was ever changing. Advanced industries were able to maintain effective IR teams, but it identified hurdles responders face to increase the efficiency of their IR teams. This year's edition of the SANS Incident Response Survey focuses on providing insight into the maturity of IR processes and functions spanning a broad variety of environments.

Attendees at this first of two results webcasts will learn:

  • Types of attacks experienced and nature of the breaches
  • Time needed to detect, contain and remediate breaches
  • Maturity of network visibility infrastructures and security operations centers' response capabilities

The second part of this webcast, on Wednesday, June 14, will focus on the use of threat intelligence in incident response and how organizations can improve their response capabilities. Click here to register for Part 2.

Click here to be among the first to receive the associated whitepaper written by SANS Analyst and incident response expert Matt Bromiley.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Danielle Russell

Danielle Russell is a Senior Product Marketing Manager at AlienVault, responsible for product messaging and positioning, go-to-market strategy, and sales enablement. Prior to AlienVault, Danielle held a marketing leadership position with an IT software company in the telecommunications industry. Danielle earned a B.S. in life sciences communication from the University of Wisconsin.

James Carder

James Carder, CISO & VP of LogRhythm Labs, brings more than 19 years of experience working in corporate IT security and consulting for the Fortune 500 and U.S. government. At LogRhythm, he develops and maintains the company's security governance model and risk strategies; protects the confidentiality, integrity and availability of information assets; oversees both threat and vulnerability management, as well as the Security Operations Center (SOC). He also directs the mission and strategic vision for the LogRhythm Labs machine data intelligence, threat and compliance research teams.

Riana Smalberger

Riana Smalberger, Practice Lead for IR Crisis Response and Foundstone Education at Intel, has roughly 9 years’ of experience in the digital forensic and incident response field. With a strong focus on intellectual property, digital and mobile forensics, fraud and white collar crime investigations, she has assisted numerous special law enforcement agencies in the South Africa in developing their digital forensic capabilities through technology delivery and investigative techniques. Riana was instrumental in developing the Emergency Incident Response program at Intel Security NA, where she led and managed multiple concurrent incidents. She has lectured at prominent Universities in South Africa and spoken at numerous cyber and fraud conferences.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.