Learn from expert instructors with real-world experience in Anaheim! Choose from 7 courses.


To attend this webcast, login to your SANS Account or create your Account.

Seeing Over the Horizon: Predictive and Preventive Security Based on the Kill-Chain Model

  • Monday, November 7th, 2016 at 1:00 PM EST (18:00:00 UTC)
  • Mike Cloppert and Tim Helming
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • DomainTools

You can now attend the webcast using your mobile device!


The Kill Chain model is a useful way to understand how adversaries are able to compromise their victims. During the earliest stages of preparation for an attack, the reconnaissance phase, attackers have not yet breached the victim environment, but they are, in fact, leaving subtle clues behind. These clues can be detected and enriched to help an organization prepare defenses ahead of the first directly invasive move by the adversary.

Join SANS instructor and Kill Chain Model co-author Mike Cloppert, and DomainTools Director of Product Management Tim Helming, to learn how DNS and domain profile information can enable network defenders to defend ahead of time, to detect breaches in progress, and to carry out effective incident response and forensics

Speaker Bios

Mike Cloppert

Michael has been a security and threat intelligence analyst since 2001, and has been an IT practitioner since 1997. He is an original author of the SANS FOR578 Cyber Threat Intel Analysis course, the seminal paper Intel-driven CND Through Analysis of Adversary Campaigns and Intrusion Kill Chains, and has co-chaired the SANS CTI Summit since its inception in 2013. Michael holds a B.S. in Computer Engineering from The University of Dayton and an M.S. in Computer Science from The George Washington University. He has also earned GIAC GCFA gold and GCIA gold certifications (among others) throughout his career. Michael presently works as a consultant for PriceWaterhouseCoopers after over a decade with Lockheed Martin, where he helped build their world-class CIRT from the ground up, and supported clients in the pharmaceutical, energy, DoD, and Intelligence Community. Previous to LM, he worked full time in the federal government and financial industry. He is a professional member of ACM and IEEE, and in his spare time is an amateur bassist and semi-professional jazz trombonist.

Tim Helming

Tim Helming, DomainTools director of product management, has over 15 years of experience in cybersecurity, from network to cloud to application attacks and defenses. At DomainTools, he applies this background to helping define and evangelize the company's growing portfolio of investigative and proactive defense offerings. At WatchGuard, he helped define and launch some of the best-selling SMB security appliances in the market. At Symform, he led definition and messaging efforts for that company's unique peer-to-peer cloud storage solution. Tim has spoken at security conferences, media events, and technology partner conferences worldwide.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.