Catch, Investigate, Repeat: Automating Incident Response with Behavior-Based IOCs

  • Webcast Aired Friday, November 3, 2017 at 3:30 pm EDT (2017-11-03 19:30:00 UTC)
  • Speakers: Jake Williams, Joseph Pizzo

Every security incident brings a lesson. But without the proper tools in place, security analysts are left having to learn the same lesson every time an incident occurs, spending just as much time as they did when the first incident took place.

In this webinar, SANS Instructor Jake Williams joins SECDO Cybersecurity Engineering Leader Joseph Pizzo to show how leveraging behavior-based indicators of compromise (BIOCs) can automate incident response to ensure your security workflow takes advantage of lessons learned. Attendees will learn:

What are BIOCs and how they work

  • The importance of thread-level visibility into endpoint activity to thoroughly identify BIOCs in the enterprise
  • How to create, configure, and run rules to detect BIOCs
  • What the proper incident response action should be for common BIOCs

Our speakers will host a Q&A session at the end of the webinar. Attendees can elect to receive CPE credit toward their SANS certification following the webinar.