SANS Security West 2021 is right around the corner! Choose from over 30 interactive courses, plus Core & Cyber Defense NetWars.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Taking a behavioral approach to security- how to stay one step ahead of your adversaries

  • Wednesday, April 07, 2021 at 3:30 PM EDT (2021-04-07 19:30:00 UTC)
  • Jake McCabe, Ismael Valenzuela


  • Logpoint

You can now attend the webcast using your mobile device!



Join LogPoint's Jake McCabe as he discusses how thinking about security from the perspective of adversary behavior can help organizations better prepare for, detect, and respond to threats.

Too often, security organizations focus on signatures and IOCs to alert them to threats in their environment, however this myopic focus can often leave them blind to the bigger picture- unable to see the forest for the trees. By focusing instead on adversary behavior, security teams can make it more difficult for their adversaries to evade detection and they can even begin to predict where their adversaries might strike next.

The MITRE ATT&CK framework is one tool organizations can use to help take a behavioral security posture. The framework can help security teams assess risk, drive informed decisions, and help them to better understand how their adversaries typically behave.

User and entity behavioral analytics (UEBA) provides another avenue by which security teams can take a behavioral approach to security. UEBA complements and improves the fidelity of traditional signature-based detection methods to enable security teams to distinguish adversary behavior from normal behavior. UEBA does so by looking for anomalies or changes in behavior and then analyzing sets of anomalies which together could be indicative of particular adversary techniques.

Jake will discuss how these two approaches to behavioral security can be taken together and how LogPoint can help organizations improve their security posture by helping them take a more behavioral-focused approach to security.

Speaker Bios

Ismael Valenzuela

Ismael Valenzuela is co-author of the cyber defense and blue team operations course, SANS SEC530: Defensible Security Architecture and Engineering. Ismael is a Senior Principal Engineer at McAfee, where he leads research on threat hunting using machine-learning and expert system–driven investigations. Ismael Valenzuela has participated as a security professional in numerous projects across the globe in the past 20 years, which included being the founder of one of the first IT Security consultancies in Spain.

Jake McCabe

Jake McCabe leads the presales efforts for LogPoint in North America. Jake has been helping companies improve their security posture across various domains of information security for more than 15 years including RSA, Optiv Inc and VSS Monitoring.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.