Ending Soon! Get an iPad Air with Smart Keyboard, Surface Go, or $300 Off thru Dec 11 with OnDemand or vLive Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

How to Build a Threat Hunting Capability in AWS

  • Thursday, December 5th, 2019 at 3:30 PM EST (20:30:00 UTC)
  • Shaun McCullough and David Aiken
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • AWS Marketplace

You can now attend the webcast using your mobile device!

Overview

 

Threat hunting offers proactive ways to detect anomalous behavior in your environment. Do you know how to build an effective threat hunting program in your AWS environment? In this webinar, you will learn how threat hunting differs from alerts and SOC monitoring, and what threats to look for. You will also discover real-life examples that demonstrate how threat hunters can apply cloud infrastructure best practices to reduce the noise in often chaotic environments, making it easier to detect potential events. Leveraging detailed use cases, this webinar can help you develop an effective threat hunting program.

Attendees will learn to:

  • Use the threat hunting loop to identify what to look for, which tools you need to analyze available data, and ways to tease out patterns that indicate potential events
  • Strike the right balance of how much data to capture, identify gaps in information, and determine how best to collect that information
  • Analyze logs efficiently and effectively using Amazon CloudWatch, AWS CloudTrail, and Amazon GuardDuty
  • Automate the process of evaluating and enriching complex data sets by utilizing SIEM and SOAR solutions to detect possible threats

Register for this webcast to be among the first to receive the associated whitepaper written by security expert Shaun McCullough.

Speaker Bios

Shaun McCullough

Shaun McCullough is a community instructor for the SEC545 Cloud Security Architecture and Operations class and gives back to his profession by mentoring and supporting the next generation of cyber professionals. With 25 years of experience as a software engineer, he has been focusing on information security for the past 15 years. Shaun is a consultant with H&A Security Solutions, focusing on secure cloud operations, building DevSecOps pipelines and automating security controls in the cloud. He also served as technical director of red and blue team operations, researched advanced host analytics, and ran threat intelligence on open source platforms in his work with the U.S. Department of Defense.


David Aiken

David Aiken is a Solutions Architect Manager at AWS Marketplace and is an AWS Certified Solutions Architect. He leads a team of specialist SA’s that help customers implement security and governance best practices. His skills include cloud computing, enterprise architecture, agile methodologies, web services, and software design and development. David has also worked as a product manager, technical specialist, and architect evangelist.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.