Join us for the FREE DFIR Summit | Live Online on July 16-17

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Improving ICS/OT Visibility and Threat Detection with the Dragos Platform

  • Tuesday, June 02, 2020 at 12:00 PM EDT (2020-06-02 16:00:00 UTC)
  • Ben Miller, John Lavender

Sponsor

  • Dragos, Inc.

You can now attend the webcast using your mobile device!

  

Overview

Our 2019 ICS Year In Review research revealed that adversaries are expanded their targeting and capabilities and increasingly focused on remote connectivity - a trend with particular relevance with the uptick in COVID-mandated remote work. As cyber threats like these continue to grow, it has become more important than ever for ICS owners and operators to have a clear, accurate picture of their OT/ICS environments. This is easier said than done, however.

Join Dragos Vice President of Product Tim Helming and Dragos Vice President of Professional Services & R&D Ben Miller as they share observations from our 2019 ICS Year In Review research from threat hunts, incident response and real-world engagements. They'll show how we incorporated this research and lessons learned working with customers into the Dragos platform to provide better visibility and threat detection of your industrial environment.

They'll cover:

  •    How to build a comprehensive view of the assets in your environment
  •    How to triage detections and respond to known or suspected dangerous events
  •    How to use MITRE's ATT&CK framework for ICS to improve your security posture
  •    How to use asset identification and characterization for better situational awareness

Speaker Bios

Ben Miller

Ben leads a team of analysts in performing active defense inside of ICS/SCADA networks. He is responsible for a range of services including threat hunting, incident response, penetration testing and assessments for the industrial community as well as advanced research and innovation within ICS security.


John Lavender

Jon Lavender is the Chief Technology Officer, head of engineering and Founder of the critical infrastructure cyber security company Dragos, Inc. In this role he is responsible for delivering the Dragos Platform and Customer Portal as well as the development of ICS/SCADA specific technologies as well as the technologies that enable the Dragos Threat Operations Center analysts to hunt advanced threats. His focus is on the automation of processes to help scale engineering, incident response and threat hunting efforts to cover a wide range of industries and networks.

Previously, Jon was a member of the National Security Agency where he led diverse teams in challenging environments experiencing both red and blue team type operations. Notably, he was lead of a hand-selected team tasked with developing analytics, tools, and best practices for identifying national-level cyber adversaries breaking into U.S. government and infrastructure networks. There he managed and built relationships with key partners around the U.S. Intelligence Community and its allied partners. Jon received his bachelors in Management Information Systems from Wake Forest School of Business and later his Masters in Cyber Security from the University of North Carolina at Charlotte.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.