Rewind, Revisit, Reinforce, Retain with OnDemand - Special Offer Available Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

You Can't Discover a Malware Pandemic by Diagnosing One Patient

  • Monday, October 27, 2014 at 1:00 PM EDT (2014-10-27 17:00:00 UTC)
  • Andrew Hay

You can now attend the webcast using your mobile device!



Examining one infected host cannot likely allow for the diagnoses of a global bacterial or viral outbreak. It takes the testing of multiple patients with similar symptoms, environmental conditions, and other commonalities to determine whether the infection affects only one host or threatens the global community.

The same can be said for malware. Security analysts and incident responders often find themselves at a disadvantage when it comes to determining attribution related to a particular infection. Generally speaking, a malware investigation is often limited to the systems owned by the individual or organization with limited visibility into the global community at large.

This presentation will introduce healthcare-related research conducted in 2014. In addition, several methodologies and freely available tools will be detailed to help better investigate whether youre the victim of an opportunistic infectionor Patient 0 in the next global malware pandemic.

Join SANS and the National Health Information Sharing & Analysis Center (NH-ISAC) at the Healthcare Cyber Security Summit December 3-4, 2014 in San Francisco. The Summit is for CIOs, CTOs, CISOs, cyber security professionals, security architects and risk managers as well as compliance professionals. The ONLY event to discuss information sharing of cyber security intelligence specific to the health care industry to meet the ever growing need in securing health care.

The Summit will feature pioneering health care CIOs, CISOs and technology leaders who have faced issues head on and who will share the lessons they learned, combined with intensive training courses that will allow your technical staff to get up to speed quickly. Network among senior information security leaders, learn emerging and leading practices within cyber security and build relationships to promote more effective information sharing. Download the full agenda including session descriptions and participating vendors.

Register today to secure your seat!

Speaker Bio

Andrew Hay

Andrew Hay is an information security industry veteran with close to 20 years of experience as a security practitioner, industry analyst, and executive. As the Co-Founder & Chief Technology Officer (CTO) for LEO Cyber Security, he is a member of the senior executive leadership team responsible for the creation and driving of the strategic vision for the company. One of his primary responsibilities is the development and delivery of the company's comprehensive cyber security, digital forensics, incident response, cloud architecture, and advanced research centers of excellence.

Andrew has served in various roles and responsibilities at several companies including DataGravity, OpenDNS (a Cisco company), CloudPassage, Inc., 451 Research, the University of Lethbridge, Capital G Bank Ltd. (now Clarien Bank Bermuda), Q1 Labs (now IBM), Nokia (now Check Point), Nortel Networks, Magma Communications (now Primus Canada), and Taima Corp (now Convergys).

Andrew is frequently approached to provide expert commentary on security-industry developments, and has been featured in such publications as Forbes, Bloomberg, Wired, USA Today, International Business Times, Sacramento Bee, Delhi Daily News, Austin Business Journal, Ars Technica, RT, VentureBeat, LeMondeInformatique, eWeek, TechRepublic, Infosecurity Magazine, The Data Center Journal, TechTarget, Network World, Computerworld, PCWorld, and CSO Magazine.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.