Learn real-world skills from real-world cyber security practitioners. View upcoming Live Online Events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Detecting advanced persistent threats with behavior-based intrusion detection

  • Tuesday, June 23, 2020 at 3:30 PM EDT (2020-06-23 19:30:00 UTC)
  • Andrey Yesyev, Michael Rezek


  • Accedian

You can now attend the webcast using your mobile device!



Real-world examples of advanced, targets cyber attacks, how they successfully evade legacy IDS and perimeter solutions, and how you can catch them

The numbers are in. 80% of alerts generated by signature- and policy-based security solutions are unreliable and take resources away from the most critical alerts. Dwell time in 2019 exceeded 190 days. And, more than 80% of malware signature strands are used only once by an attacker.

When it comes to advanced persistent threats, it is time to arm ourselves with a new solution.

In this webinar, we will show you how the key analytics capabilities of a next-gen, behavior-based IDS allow you to detect advanced, targeted cyber attacks and other evasive attacks that are notably more difficult to find and prevent. These key analytics capabilities include:

  •    Use of statistical, signature and anomaly detections
  •    Detection, investigation, hunting, and alert management
  •    Early cyber kill chain warning signals for threats, Indicators of Compromise (IoCs), attacks, and more
  •    High fidelity forensic source data  

We will also discuss and demonstrate tactics used by todays cyber attackers, and insider threats, to slip past legacy IDS solutions unnoticed. Some of the detections discussed will be data exfiltration, detection of DNS tunnels, and DB attacks, such as SQL injections, etc.

Join us to learn more about behavior-based IDS and see why these solutions, like our Accedian Skylight next-gen IDS, are ideal for todays expansive virtual and perimeter-less attack surfaces. You need the power to see into the darkest reaches of your network with an agile, easy-to-deploy and cost-effective cyber security visibility solution.

Speaker Bios

Michael Rezek

VP Business Development & Cybersecurity Strategy

Michael leverages sales, strategy, and engineering experience to direct business case development involving multidisciplinary teams to translate technology and innovation into commercial enterprise value including M&A. His expertise includes Layer 2-7 network technologies; cybersecurity; and performance management. Michael holds a Bachelor’s degree in electrical engineering from Youngstown State University, and a Master’s degree in electrical engineering from the Georgia Institute of Technology. He is a former professionally-licensed engineer in multiple states, and is a published author of the Cisco Press book, "Building Multiservice Transport Networks."

Andrey Yesyev

Director of Cybersecurity Solutions

Before joining Accedian as the Director of Cybersecurity Solutions, Andrey spent nearly 6 years at IBM as a security engineer and a threat analytics architect working on QRadar Incident Forensics and DNS Analytics projects. He was also a part of the IBM team that supports collaboration with Quad9, a secure public DNS service which was created as a collaboration between PCH, IBM and the Global Cyber Alliance. With more than 10 years of experience in deep packet inspection and traffic analytics, Andrey placed 1st, 2nd, 3rd and 2nd in the Network Forensic Puzzle Contest at DefCon 21, 22, 23 and 24, respectively.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.