SANS DFIRCON Spring 2021 features eight DFIR courses, plus DFIR NetWars and Coin Slayer! Register now for best offers.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

SANS @MIC Talk - Take Back The Advantage - Cyber Deception for the Win

  • Wednesday, April 08, 2020 at 8:30 PM EDT (2020-04-09 00:30:00 UTC)
  • Kevin Fiscus

You can now attend the webcast using your mobile device!



Depending on the study you site, attacker exist on our networks for nearly seven months before detection, which is often the result of third-party notification. Unfortunately, there is a direct relationship between the cost of a breach and the time it takes to detect and respond meaning the longer it takes to address a breach, the more that breach costs. The obvious question thus becomes how can we reduce the time it takes to detect and effectively respond to attackers on our networks? There are many possible answers. Among the best - we need to start lying. Cyber deception has been shown to dramatically reduce the time it takes to detect and respond to attacks from months to days (possibly minutes). So what is cyber deception? How does it fit into an organizational security posture? Isn't cyber deception just honeypots? Join this talk and learn how you can take back the advantage.

Speaker Bio

Kevin Fiscus

Kevin Fiscus, a principal instructor for the SANS Institute, regularly teaches SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling and SEC560 Network Penetration Testing and Ethical Hacking and is the author of an upcoming class on cyber deception. Kevin has founded two consultancies through which he conducts security and risk assessments, compliance gap analysis, penetration testing, security policy development, security program design, and security roadmap development, including planning and implementing cyber deception as part of a larger security program, for client organizations. Kevin currently holds multiple SANS certifications, including the prestigious GIAC Security Expert, and was named a SANS Cyber Guardian for both red and blue teams.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.