Get the Skills you need from Home with SANS Online Training - Special Offers Available Now


To attend this webcast, login to your SANS Account or create your Account.

Behavior-Based IOCs: A New Approach for Automated Incident Response

  • Tuesday, September 19, 2017 at 3:30 PM EDT (2017-09-19 19:30:00 UTC)
  • Joseph Pizzo, Jake Williams



You can now attend the webcast using your mobile device!



Every security incident brings a lesson. But without the proper tools in place, security analysts are left having to learn the same lesson every time an incident occurs, spending just as much time as they did when the first incident took place.

In this webinar, SANS Instructor Jake Williams joins SECDO Cybersecurity Engineering Leader Joseph Pizzo to show how leveraging behavior-based indicators of compromise (BIOCs) can automate incident response to ensure your security workflow takes advantage of lessons learned. Attendees will learn:

  • What are BIOCs and how they work
  • The importance of thread-level visibility into endpoint activity to thoroughly identify BIOCs in the enterprise
  • How to create, configure, and run rules to detect BIOCs 
  • What the proper incident response action should be for common BIOCs

Our speakers will host a Q&A session at the end of the webinar. Attendees can elect to receive CPE credit toward their SANS certification following the webinar.

Speaker Bios

Jake Williams

Jake Williams is a SANS analyst, senior SANS instructor, course author and designer of several NetWars challenges for use in SANS' popular, "gamified" information security training suite. Jake spent more than a decade in information security roles at several government agencies, developing specialties in offensive forensics, malware development and digital counterespionage. Jake is the founder of Rendition InfoSec, which provides penetration testing, digital forensics and incident response, expertise in cloud data exfiltration, and the tools and guidance to secure client data against sophisticated, persistent attacks on-premises and in the cloud.

Joseph Pizzo

Joseph Pizzo is an information security professional with over 20 years of experience and a sophisticated record of contribution with government organizations and global corporations in the sale, design, deployment, and management of security, data discovery, and protection systems. He joined Secdo in 2017 as Cybersecurity Engineering Leader. Prior to Secdo, Joseph held various engineering roles for security and digital forensics companies such as RSA, Guidance Software, AccessData, HB Gary, Norse, and Securonix.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.