Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Using Anti-Evasion to Block Stealth Attacks with Minerva Labs

  • Thursday, December 07, 2017 at 1:00 PM EST (2017-12-07 18:00:00 UTC)
  • Lenny Zeltser, Eric Cole, PhD


  • Minerva Labs

You can now attend the webcast using your mobile device!



Successful attackers routinely use evasion to evade baseline anti-malware tools and ultimately compromise endpoints. Evasion techniques involve shunning automated analysis environments, concealing malicious code inside document files that exist solely in memory of otherwise-legitimate applications. How can enterprises prevent such intrusions without relying on after-the-fact detection?

This webcast will explain a unique approach to preventing evasive malware from infecting endpoints. Learn how Minerva's Anti-Evasion Platform automatically blocks threats without ever scanning files or processes. Instead, it simulates an environment in which malicious software "decides" not to run or is otherwise rendered ineffective. After the malware fails to execute, Minerva captures useful, and often never-before-seen, threat intelligence that enterprises can integrate with other security functions.

In addition, see how Minerva's solution stands up against a series of attack technologies that attempt to bypass anti-malware tools, including forms of:

  • Ransomware
  • Fileless or in-memory attacks
  • Advanced backdoors
  • Malicious document files

SANS Reviewer Eric Cole, PhD, will explain the types of malicious software that succeeded at bypassing traditional and next-generation endpoint security tools. He will share his findings regarding the ability of Minerva's Anti-Evasion Platform to block such evasive threats. He will also discuss how Minerva's solution interacted with other endpoint security controls to stop attack attempts and derive new intelligence.

Attend this webcast and be among the first to receive access to Eric Cole's accompanying white paper about combating evasive malware.

View the associated white paper here.

Speaker Bios

Eric Cole, PhD

Eric Cole, PhD, is a SANS faculty fellow, course author and instructor who has served as CTO of McAfee and chief scientist at Lockheed Martin. He is credited on more than 20 patents, sits on several executive advisory boards and is a member of the Center for Strategic and International Studies' Commission on Cybersecurity for the 44th Presidency. Eric's books include Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible and Insider Threat. As founder of Secure Anchor Consulting, Eric puts his 20-plus years of hands-on security experience to work helping customers build dynamic defenses against advanced threats.

Lenny Zeltser

Lenny Zeltser is the Chief Information Security Officer at Axonius. Prior to Axonius, Lenny led security product management at Minerva Labs and NCR. Before that, he spearheaded the U.S. security consulting practice at a leading cloud services provider acquired by CenturyLink. Zeltser also helps shape global cybersecurity practices by teaching at SANS Institute and sharing knowledge through writing, public speaking, and community projects. He has earned the prestigious GIAC Security Expert designation and developed the Linux malware analysis toolkit REMnux.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.