Top Cybersecurity Training Protects Your Assets - Learn From the BEST and Apply New Knowledge Immediately!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

2020 SANS Enterprise Cloud Incident Response Survey Results

  • Tuesday, September 15, 2020 at 1:00 PM EDT (2020-09-15 17:00:00 UTC)
  • Chris Dale, Matt Bromiley


  • Cisco Systems Inc.
  • ExtraHop
  • Gigamon
  • Infoblox
  • RSA

You can now attend the webcast using your mobile device!



Our 2020 Enterprise Cloud Incident Response Survey investigated the data sources and services that organizations are leveraging to detect, respond to and remediate incidents in the multi-cloud world. The survey focused less on which cloud service organizations are using, and more on what data sources they are taking advantage of, what services they find useful, and what methods are working in their programs.

Attendees at this webcast will learn about the experiences of survey participants with regard to:

  • What components are being breached
  • Preferred sources of evidence in concluding cloud compromise
  • Most prevalent cloud detection capabilities
  • Containment strategies used to control and limit damages from compromise
  • Ways forward in terms of commitment, improvement and impediments

Be among the first to receive the associated whitepaper written by SANS instructor Chris Dale with advice from SANS digital forensics and incident response (DFIR) instructor Matt Bromiley.

Click here to register for a panel discussion webcast with Chris, Matt and selected sponsors, as they explore the survey results more deeply at 1 PM ET on Tuesday, September 22, 2020.

Speaker Bios

Chris Dale

Chris, currently a certified instructor for SANS and a SANS Analyst, began his career in 2009 working for NextGenTel doing development and IT operations. “I really learned about how all things interconnect and work,” he says. Since then he’s worked for six companies and is last job was the head of cyber security at Netsecurity where he managed several teams, including pen testing and incident response. In 2020, Chris founded his own company, River Security, specializing in offensive services and cyber consulting.

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.