Special Offer w/ OnDemand: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training thru Jan 27


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

ICS Asset Identification: It's More Than Just Security: A SANS Report

  • Thursday, June 25, 2020 at 1:00 PM EDT (2020-06-25 17:00:00 UTC)
  • Mark Bristow


  • Cisco Systems Inc.
  • Palo Alto Networks
  • PAS
  • Tenable

You can now attend the webcast using your mobile device!



You can't defend what you don't know you have! Without a solid understanding of what assets are on their ICS networks, its impossible for OT/plant managers to develop and implement a plan to manage risk. Yet, asset identification was the top concern among 338 ICS security professionals participating in the SANS 2019 State of OT/ICS Cybersecurity Survey.

Historically, asset identification has been associated with time-consuming and costly cybersecurity efforts. The business often views these efforts as sunk costs.

In this new SANS webcast, Mark Bristow, SANS ICS Active Defense and Incident Response certified instructor, will provide recommendations and guidance from his experience in the field covering how to:

  • Get resources needed to start an asset identification program
  • Support operations beyond cybersecurity with asset identification
  • Change the narrative about asset identification from a cost to something the business values
  • Provide ongoing asset identification maintenance with limited human resources
  • Get quick wins by leveraging information you already have to bootstrap an asset identification program

Webcast attendees will learn how to articulate to senior management and board members that asset identification is not just a security need: It can also enhance return on investment through such benefits as improved maintenance, reduced mean-time-to-repair, and increased availability.

Register now and be the first to get the associated whitepaper.

Click here to register for panel discussion webcast to be held at 1 PM ET on Wednesday, July 15, 2020.

Speaker Bio

Mark Bristow

Mark Bristow, a SANS instructor for ICS515: ICS Active Defense and Incident Response, is Branch Chief for Cyber Defense Operations at the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), using his expertise in incident response (IR), industrial control systems, network monitoring and defense to support national security interests. Before that, Mark was Chief of the ICS Cyber Emergency Response Team (ICS-CERT) incident response. He also worked for CSRA and Securicon, supporting a variety of private and public sector clients. Mark has been involved in high-profile IR efforts, including the Ukrainian power grid attack, intrusions into U.S. election infrastructure and Russian attempts to access the U.S. power grid.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.