Register by tomorrow to save $300 on cutting-edge cyber security training at SANS Miami 2020!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

From the Front Lines: Practical Application of DNS Threat Intel Data

  • Wednesday, January 13th, 2016 at 1:00 PM EST (18:00:00 UTC)
  • Tim Helming and Robert M. Lee
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • DomainTools

You can now attend the webcast using your mobile device!

Overview

Every day, security teams must make fast, accurate decisions about which threats represent the highest risk, and how to defend against them. Attacks today are more targeted and our adversaries often control sophisticated, distributed networks. Goals range from data exfiltration to control or compromise of industrial infrastructure. But even the most stealthy and advanced attackers leave a trail behind them and these breadcrumbs from DNS and Open Source Intelligence (OSINT) offer a wealth of data for use in active defense.

In this webcast, we'll cover:

  • How DNS intelligence exposed the attack infrastructure behind one of the most sophisticated ICS (Industrial Control Systems) malware families
  • Other examples of breaches and attack scenarios where domain profile information could have helped detect or prevent the attacks
  • Specific indicators of attack and potential compromise that can be found in DNS, both internally and externally
  • Ways to better defend against attacks and data exfiltration using DNS and large-scale threat intelligence

Speaker Bios

Tim Helming

Tim Helming, DomainTools Director of Product Management, has over 14 years of experience in cybersecurity, from network to cloud to application attacks and defenses. At WatchGuard, he helped define and launch some of the best-selling SMB security appliances in the market. At Symform, he led definition and product evangelism efforts for that company's unique peer-to-peer cloud storage solution. Tim has spoken at security conferences, media events, and technology partner conferences worldwide.


Robert M. Lee

Robert M. Lee is the CEO and Founder of the critical infrastructure cyber security company Dragos Security LLC where he has a passion for control system traffic analysis, incident response, and threat intelligence research. He is a SANS Certified Instructor and the course author of SANS ICS515 - "Active Defense and Incident Response" and the co-author of SANS FOR578 - "Cyber Threat Intelligence." Robert is also a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cyber security of critical infrastructure and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcode's Influencers, awarded EnergySec's 2015 Cyber Security Professional of the Year, and named to the 2016 Forbes' 30 Under 30 list.

Robert obtained his start in cyber security in the U.S. Air Force where he served as a Cyber Warfare Operations Officer. He has performed defense, intelligence, and attack missions in various government organizations including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Robert routinely writes articles in publications such as Control Engineering and the Christian Science Monitor's Passcode and speaks at conferences around the world. Lastly, Robert, is author of the book "SCADA and Me" and the weekly web-comic http://www.LittleBobbyComic.com.

"Rob is the best instructor I have seen. Real world examples, humor, time efficient, [and] effective."
- Toni Benson, Cyber Analyst

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.