SANS 2021 features 30+ Interactive Courses, Three NetWars Tournaments, Trivia Night, and Bonus Talks. Save $150 thru Tomorrow!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Identifying Emerging Threats with Security Analytics

  • Wednesday, February 20, 2019 at 1:00 PM EST (2019-02-20 18:00:00 UTC)
  • Chris McNab


  • AlphaSOC, Inc.

You can now attend the webcast using your mobile device!



An entire industry exists to serve threat feeds that are used within SIEM and SOAR platforms to identify infected systems and campaigns with known signatures (e.g. IP addresses, domain names, and file hashes). Indicator lists are used in a one-dimensional fashion: the raw data is correlated with threat feeds, and an alert is generated if theres a hit.

Adversaries are aware of this level of maturity within enterprise SOCs. As such, attackers avoid re-using domain names and other indicators between campaigns. To defend against evolving threats and unknown actors, security teams must leverage analytics to dive into their data.

This webcast details common SOC blindspots that adversaries exploit, and how you can measure the visibility of your existing SIEM apparatus using free, open source tools. Attendees will also learn about the data processing steps required to flag red teams, state-sponsored adversaries, and emerging threats within their environments using the AlphaSOC Analytics Engine.

Speaker Bio

Chris McNab

Chris McNab is the author of Network Security Assessment (O'Reilly Media) and co-founder of AlphaSOC, a security analytics software company founded in 2013 with offices in the United States and Poland. Chris has presented at events including FIRST, OWASP, InfoSecurity Europe, InfoSec World, and the Cloud Security Alliance Congress, and works with client organizations around the world to understand and mitigate vulnerabilities within their environments.

During 2012 and 2013, Chris performed incident response and forensics work for organizations targeted by Alexsey Belan, who occupies a spot on the FBI Cyber Most Wanted list and is subject to US Department of Treasury OFAC sanctions. In 2011, Chris worked closely with the Attorney General of Guatemala under a United States Agency for International Development (USAID) project to secure the computer systems that underpin the legal system within the country.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.