Learn real-world cyber security skills directly from top industry experts during SANS Live Training events. Explore options.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

How the new Preemptive Incident Response methodology can slash end-to-end IR time for SOC teams to minutes and solve alert fatigue

  • Tuesday, March 14, 2017 at 3:00 PM EST (2017-03-14 19:00:00 UTC)
  • Gil Barak, John Pescatore



You can now attend the webcast using your mobile device!



The SOC is doing its best to cope with the everyday deluge of alerts, but the sheer numbers are overwhelming. It is becoming increasingly difficult to investigate, validate and remediate accurately. Even as we continue to grow the SOC, amass great expertise, and buy another round of detection solutions, we waste time on false positives, miss real threats and take longer to respond.

By adopting Preemptive Incident Response (PIR) methodology - proactively anticipating and preparing for threats BEFORE they happen - enterprises can boost the effectiveness of the SOC. PIR involves automated, continuous evidence-collection and context establishment that lead to speedy investigation and highly accurate threat validation. Complemented by a suite of highly precise, remote tools, PIR speeds the process of remediation while maintaining business productivity.

In this webinar you will learn about:

  • Preemptive Incident Response - the proactive methodology for preparing for inevitable hordes of incidents before they occur
  • Continuous forensic data collection and placing of all activities and events in context
  • Correlation of alerts with their already-established context
  • Automated investigation and validation to multiply many times the number of alerts that analysts can handle
  • Quantum leap in remote remediation capabilities

Speaker Bios

Gil Barak

Gil Barak, Co-Founder and Chief Technology Officer of SECDO Ltd. Gil played for the last 15 years both offense and defense in the cyber security field. After serving in the Intelligence unit 8200, Gil was a software architect at Apple and a private consultant to Fortune 500 companies such as Amazon and Texas Instruments, as well as the Israel Ministry of Defense.

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.