Get an 11" iPad Pro, Surface Go 2, or $300 Off with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Preventing Persistent Attacks With Linux Micro Virtualization

  • Thursday, November 09, 2017 at 1:00 PM EDT (2017-11-09 18:00:00 UTC)
  • Tom Gillis, John Pescatore


  • Immutable Systems

You can now attend the webcast using your mobile device!



Online threats have evolved. In the early days hackers were just a nuisance. Today online breaches cost companies Billions of dollars, permanent damage to their reputation and even impact national security. Most of the recent high profile breaches in the news such as HBO and Equifax have one thing in common: persistence.

Join John Pescatore of Sans Institute and Tom Gillis, CEO at Bracket Computing for an interactive discussion about the reasons behind the meteoric rise in Linux malware attacks. You will also hear how micro virtualization for Linux servers stop persistent malware from carrying out malicious attacks once a host has been compromised.

During this webcast you will learn:

  • Why signature based solutions aren't enough
  • Remediation strategies for each of the stages of the attack chain after the compromise
  • How to stop in-memory privilege escalation, rootkits and file-level persistence

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Tom Gillis

Tom Gillis co-founded Bracket Computing with the goal of delivering enterprise computing driven by business needs, not hardware limitations. Prior to Bracket, Tom was VP/GM of Cisco's Security Technology Group, leading business units responsible for Cisco's entire Network and Content Security product portfolio.

Prior to Cisco, Tom was VP Marketing and part of the founding team at IronPort Systems, acquired by Cisco in 2007 for $830M. Previously, he was VP/GM of Media at IBEAM Broadcasting, which went public on NASDAQ in 2000. He has held leadership roles at Silicon Graphics, the Boston Consulting Group, and Raytheon Corporation. Tom holds a BSEE from Tufts, an MSEE from Northwestern, and an MBA from Harvard. His Forbes blog is widely followed by CIOs and global IT professionals.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.