Got GIAC? Free GIAC Cert Attempt Included with OnDemand 5 or 6 Day Training thru July 7


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Automating the Hunt for Network Intruders

  • Friday, October 02, 2015 at 11:00 AM EDT (2015-10-02 15:00:00 UTC)
  • Jamie Butler, Eric Cole


  • Endgame

You can now attend the webcast using your mobile device!



As adversaries - whether criminal or otherwise - make use of increasingly sophisticated attack methods, network defenses have not kept pace; they remain focused on signature-based, reactive measures that close the barn door after the horses have escaped. Automated threat detection offers the opportunity for truly proactive network defense, by reducing the amount of time an intruder remains undetected and introducing remedies earlier than otherwise possible. Automation can also enable better use of scarce resources and reduced exposure to network-based threats. This webcast discusses how to automate the hunt for network threats and move an organization's security posture to the next level.

Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing the automation of threat detection.

View the associated whitepaper here.

Please send questions about this webcast to

Speaker Bios

Eric Cole

Eric Cole, PhD, is a SANS faculty fellow, course author and instructor who has served as CTO of McAfee and chief scientist at Lockheed Martin. He is credited on more than 20 patents, sits on several executive advisory boards and is a member of the Center for Strategic and International Studies' Commission on Cybersecurity for the 44th Presidency. Eric's books include Advanced Persistent Threat, Hackers Beware, Hiding in Plain Sight, Network Security Bible and Insider Threat. As founder of Secure Anchor Consulting, Eric puts his 20-plus years of hands-on security experience to work helping customers build dynamic defenses against advanced threats.

Jamie Butler

Jamie Butler is the chief scientist at Endgame, where he leads Endgame's research on advanced threats, vulnerabilities and attack patterns. He has directed research teams at some of the most prominent and successful security companies of the last decade. Most recently, Butler was chief architect at FireEye and chief researcher at Mandiant. A recognized leader in attack and detection techniques, he has over 17 years of experience and knowledge in operating system security. Butler was a computer scientist at the National Security Agency and co-authored the bestseller "Rootkits: Subverting the Windows Kernel." Butler is also a frequent speaker at computer security conferences and serves as a Review Board member for Black Hat. He co-developed and instructs the popular security courses "Advanced Memory Forensics in Incident Response," "Advanced 2nd Generation Digital Weaponry," and "Offensive Aspects of Rootkit Technology."

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.