Three More Days to Get an iPad Air w/ Smart Keyboard with any 5 or 6 Day SANS Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Attack Attribution: It’s Complicated

  • Thursday, April 27, 2017 at 11:00 AM EDT (2017-04-27 15:00:00 UTC)
  • Ross Rustici, Jake Williams


  • Cybereason

You can now attend the webcast using your mobile device!



After every major data breach, the security community engages in a game of whodunit. Its human nature to want some sort of closure and to see the perpetrators brought to justice, but its time to discuss the truth about attributing a source cyber attacks: its not as straightforward as one would think. 

Recent research proves that threat actors use a variety of techniques to create misattribution of the attacks. In our upcoming webinar, Cybereasons Ross Rustici, Sr. Manager Threat Intel, and SANS will discuss examples of attack misattribution and figure out if correct attribution is still possible.

Join us to learn:

  • Why attack attribution is a complex mission
  • The variety of techniques used by nation-state and criminal actors to disguise their involvement
  • An approach to help organizations better harness the power of attribution

Speaker Bios

Ross Rustici

Ross Rustici is Senior Manager of Cybereason Intel Team. He has extensive team management experience with expertise in strategic analysis, qualitative and quantitative analysis, and intrusion analysis who has leveraged 12 years of experience with East Asian geopolitics and cyber security to build from the ground up one of the most capable cyber analytic team for the US Government. Extensively mentored and provided analytic expertise for my team to provide context and actionable assessments (including attribution, motivation, and operational vulnerabilities of our adversaries) to policymakers on some of the most high profile breaches of the last three years.

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.