Learn How to Thwart Cyber Attackers with Training in New Orleans. Save $350 thru 3/27.


To attend this webcast, login to your SANS Account or create your Account.

How to achieve autonomous (and optimized) hunting and detection

  • Thursday, September 13th, 2018 at 10:30 AM EST (14:30:00 UTC)
  • Alex Vaystikh and Matt Bromiley
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • SecBI

You can now attend the webcast using your mobile device!


Network traffic analysis provides the best visibility and coverage of the possible attack surface, and remote attacker dwell environment. It is extremely hard to analyze this data as it is extremely large, ever-changing, and represents servers, laptops, smart appliances, IoT, and everything in between.

In this session you will learn how to analyze this data using advanced machine learning that mimics human analysts at machine speed, what type of machine learning is required to achieve this, and will speed up your detection, investigation, and hunting operations.

Speaker Bios

Alex Vaystikh

As a co-founder and CTO of SecBI, Alex Vaystikh is the innovator behind the full scope incident model. A cybersecurity veteran with considerable expertise in applied research and product development, Alex experienced the hardship of the lack of advanced breach tools while at RSA. Joining RSA upon acquisition of Cyota, he built the company’s advanced reverse engineering lab for financial malware and crimeware. He also served as the company’s Principal Research Scientist, where he led the development of innovative machine learning on big data solutions for the company’s cyber security products. Alex holds 15 patents in security hardening, machine learning, network analysis, data obfuscation, and published numerous peer reviews. Alex served in the IDF military Intelligence Corps.

Matt Bromiley

Matt Bromiley is a SANS Certified Digital Forensics and Incident Response instructor, teaching Advanced Digital Forensics, Incident Response, and Threat Hunting (FOR508) and Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response (FOR572), and a GIAC Advisory Board member. He is also a principal incident response consultant at a major incident response and forensic analysis company, combining experience in digital forensics, incident response/triage and log analytics. His skills include disk, database, memory and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.