Sharpen your skills with interactive cyber security training In-Person or Live Online. Learn more.


To attend this webcast, login to your SANS Account or create your Account.

Hunting Attackers with Network Audit Trails

  • Friday, December 06, 2013 at 1:00 PM EST (2013-12-06 18:00:00 UTC)
  • Tom Cross


  • Lancope

You can now attend the webcast using your mobile device!



Sophisticated, targeted attacks have become increasing difficult to detect and analyze. Attackers can employ 0-day vulnerabilities and exploit obfuscation techniques to evade detection systems and "fly under the radar" for long periods of time.

Gartner estimates 85% of breaches go completely undetected and 92% of the detected breaches are reported by third parties. New strategies for identifying network attack activity are necessary.

Learn how network logging technologies such as NetFlow and IPFIX can be applied to the problem of detecting sophisticated, targeted attacks and used to create an audit trail of network activity that can be analyzed, both automatically and by skilled investigators, to uncover anomalous traffic.

Lancope will demonstrate how to these records can be used to:

  • Discover active attacks in each phase of the attacker's "kill chain."
  • Determine the scope of successful breaches and document the timeline of the attacks

Speaker Bio

Tom Cross

Tom Cross is Director of Security Research at Lancope. He has over a decade of experience as a security researcher and thought leader. Tom was previously manager of the IBM X-Force Advanced Research team. He is credited with discovering a number of critical security vulnerabilities in enterprise class software and has written papers on topics including security issues in Internet routers, securing wireless LANs and protecting Wikipedia from vandalism. He frequently speaks on security issues at conferences around the world.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.