Top Instructors Share Their Expertise ONLINE at SANS - Special Offers Available NOW!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Detecting Malicious Activity in Large Enterprises

  • Thursday, September 10, 2020 at 1:00 PM EDT (2020-09-10 17:00:00 UTC)
  • Matt Bromiley, Anton Chuvakin


  • Chronicle

You can now attend the webcast using your mobile device!



Modern enterprises are extremely diverse and complex. Yet, security data collection, correlation, and analysis has not kept up with these complexities. It often seems like organizations collect too much without ever truly finding value in the vast amounts of data they have amassed.

In this webcast, SANS author Matt Bromiley and Chronicle Securitys Dr. Anton Chuvakin focus on concepts to effectively detect malicious activity within large enterprises. They will review how to bring giga-/tera-/petabytes togethers, correlating them into actionable intel by using YARA-L to craft efficient detections that can be used across these vast data sets. The webcast will help attendees answer important questions such as:

  • In your current state, how much data are you ingesting/analyzing?
  • How is your team writing detections? What types of metadata points are they looking for?
  • How do you detect threats?
  • Can you effectively scale detections across your data sets?
  • How do you manage the lifecycle of those detections, tune them, keep them relevant, remove them when no longer relevant?

Register today and be among the first to receive the associated whitepaper written by Matt Bromiley.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Anton Chuvakin

Dr. Anton Chuvakin is currently Head of Solution Strategy at Chronicle Security, a division of Google Cloud. 

Until recently, Dr. Anton Chuvakin was a Research VP and Distinguished Analyst at Gartner for Technical Professionals (GTP) Security and Risk Management Strategies (SRMS) team. He is a recognized security expert in the field of SIEM, log management and PCI DSS compliance. He is an author of books \"Security Warrior\", \"PCI Compliance\", \"Logging and Log Management\" and a contributor to \"Know Your Enemy II\", \"Information Security Management Handbook\" and many others. Anton has published dozens of papers on log management, SIEM, correlation, security data analysis, PCI DSS, honeypots, etc. His blog was one of the most popular in the industry. 

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.