Don't Miss Out on the Best Specials of the Year Available Now - Top Training, Top Instruction!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.


  • Tuesday, May 26, 2020 at 10:30 AM EDT (2020-05-26 14:30:00 UTC)
  • Jess García, Ippolito Forni


  • EclecticIQ

You can now attend the webcast using your mobile device!



The ransomware landscape is evolving at a rapid pace as Threat Actors are bringing about new Modi Operandi and new Tactics, Techniques and Procedures to the table. The best approach to mitigate these new threats is to apply countermeasures specific to these news M.O.s and TTPs. In order to be able to accomplish these tasks, organizations IT Security Departments need to be in the position to fully understand how ransomware Threat Actors operate and they can do so by leveraging Cyber Threat Intelligence.

In this webinar we will review how CTI can be leveraged in practical terms from a tactic and a strategic point of view. For SOC analysts and Incident Responders, we will review how, by leveraging CTI, a single malicious indicator detected by the SIEM can lead to the discovery of an ongoing attack in progress, the malware and tools being used all the way up to the campaign behind the attack and the Threat Actor leveraging it. For IT Security Departments, we will see how CTI powered advanced knowledge of Threat Actors TTPs allows to focus on strengthening specific sections of the IT infrastructure and/or provide relevant trainings to IT staff and/or the user community. For high level managers and stakeholders, we will see how CTI can provide the strategic awareness necessary to assess the threat level specific for their organization and allocate the appropriate resources to increase the security posture where it is most necessary.

Speaker Bios

Jess García

Jess Garcia is the founder and technical lead of One eSecurity, a global Information Security company specialised in Incident Response and Digital Forensics. With near 20 years in the field, and an active researcher in the area of innovation for Digital Forensics, Incident Response and Malware Analysis, Jess is today an internationally recognized digital forensics and cybersecurity expert, having led the response and forensic investigation of some of the world's biggest incidents in recent times.

Ippolito Forni

Ippolito Forni is a Senior Threat Intelligence Analyst at EclecticIQ. His specialties include Ransomware Attacks, Financial Cyber Crime, Cyber Espionage and Cyber Warfare. He has been working in IT for 25 years, with 7 years of experience in Threat Intelligence field.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.