Join us at the Rocky Mountain Hackfest, Live Online!! Virtual summit and courses take place June 4-13.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right.Once you register, you can download the presentaion slides below.

Seeing Over the Horizon: Predictive and Preventive Security Based on the Kill-Chain Model

  • Monday, November 07, 2016 at 1:00 PM EST (2016-11-07 18:00:00 UTC)
  • Tim Helming, Mike Cloppert


  • DomainTools

You can now attend the webcast using your mobile device!



The Kill Chain model is a useful way to understand how adversaries are able to compromise their victims. During the earliest stages of preparation for an attack, the reconnaissance phase, attackers have not yet breached the victim environment, but they are, in fact, leaving subtle clues behind. These clues can be detected and enriched to help an organization prepare defenses ahead of the first directly invasive move by the adversary.

Join SANS instructor and Kill Chain Model co-author Mike Cloppert, and DomainTools Director of Product Management Tim Helming, to learn how DNS and domain profile information can enable network defenders to defend ahead of time, to detect breaches in progress, and to carry out effective incident response and forensics

Speaker Bios

Mike Cloppert

Michael has been a security and threat intelligence analyst since 2001, and has been an IT practitioner since 1997. He is an original author of the SANS FOR578 Cyber Threat Intel Analysis course, the seminal paper Intel-driven CND Through Analysis of Adversary Campaigns and Intrusion Kill Chains, and has co-chaired the SANS CTI Summit since its inception in 2013. Michael holds a B.S. in Computer Engineering from The University of Dayton and an M.S. in Computer Science from The George Washington University. He has also earned GIAC GCFA gold and GCIA gold certifications (among others) throughout his career. Michael presently works as a consultant for PriceWaterhouseCoopers after over a decade with Lockheed Martin, where he helped build their world-class CIRT from the ground up, and supported clients in the pharmaceutical, energy, DoD, and Intelligence Community. Previous to LM, he worked full time in the federal government and financial industry. He is a professional member of ACM and IEEE, and in his spare time is an amateur bassist and semi-professional jazz trombonist.

Tim Helming

Tim has nearly 20 years of experience in cybersecurity and leads the Dragos product team comprised of product managers, user experience (UX) designers, and technical writers focused on delivering world-class products to the ICS community.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.