SANS Live Training is Available In-Person OR Live Online! Explore Upcoming Events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

You Canít Respond If You Canít See: Building Sophisticated Detection Mechanisms Leveraging Patterns of Compromise

  • Thursday, August 20, 2015 at 3:00 PM EDT (2015-08-20 19:00:00 UTC)
  • Dave Shackleford


  • Carbon Black

You can now attend the webcast using your mobile device!



In the last several years, information security forensics and incident response teams have been fighting a losing battle. The attacks are coming more frequently, they're getting more sophisticated, and we always seem to be a step behind our adversaries. Despite this, we're learning some lessons along the way. The use of specific indicators of compromise (IOCs) to look for intrusion evidence has helped us, and we're getting better all the time. Unfortunately, we're not getting better fast enough, and we need to adopt some new approaches in order to be more effective at combating the advanced attacks we're seeing today. In this webcast, Dave Shackleford, senior SANS instructor and founder and principal consultant of Voodoo Security, will discuss the following:

  • How indicators of compromise (IOCs) are proving useful in helping defenders discover and respond to advanced attacks
  • Why we need to build on IOCs with the concept of "patterns of compromise" to develop more effective defense tactics
  • How information sharing and threat intelligence will enable information security teams to detect and respond faster and more effectively than ever

Speaker Bio

Dave Shackleford

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, possessing extensive experience designing and configuring secure infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies. Dave is the author of the Sybex book Virtualization Security, the coauthor of Hands-On Information Security from Course Technology, and currently serves on the board of directors at the SANS Technology Institute and helps lead the Atlanta chapter of the Cloud Security Alliance.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.