Live, interactive cybersecurity training available through SANS Live Online. View upcoming events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Redefining Endpoint Incident Response with Behavioral Analysis

  • Friday, December 02, 2016 at 1:00 PM EST (2016-12-02 18:00:00 UTC)
  • Michael Angelo Vien, John Pescatore


  • CounterTack

You can now attend the webcast using your mobile device!



Its no revelation that cybersecurity teams and incident responders face an uphill challenge in getting accurate intelligence about specific security incidents. Teams need to be able to drill down into information on incidents, often to respond quickly, and in doing so, determine root cause.


The art of incident responses contains three key components typically:


1)           Understanding the threats you are dealing with so you can eradicate them quickly and with confidence

2)           Determining through deep investigation the root cause of security incidents, and the broader impact incidents that are not triaged

3)           Applying forensic-level analysis to add a layer of intelligence based on what was found, and what can be predictably analyzed


CounterTack delivers incident response capabilities built for analyzing todays threats, and for drilling down forensically into incidents that might stem from varying levels of malicious code associated with malware and other IOCs. Leveraging behavioral traits and predictive analytics through its products, CounterTack is dedicated to continually improving IR for organizations globally.


This webinar will feature key trends on how the discipline of incident response has shifted toward needing more definitive analysis. The presentation will provide detail on real-world use cases with CounterTack technology across multiple common and uncommon types of threats from a forensic point of view, so attendees can learn some new techniques to bring into their IR workflow.

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, running consulting groups at Trusted Information Systems and Entrust, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and surveillance systems and "the occasional ballistic armor installation." John has testified before Congress about cybersecurity, was named one of the 15 most-influential people in security in 2008 and is an NSA-certified cryptologic engineer.

Michael Angelo Vien

Michael Angelo Vien has extensive experience in security consulting for organizations in the Financial, Military, Government, Consumer, Gaming, and Telecommunications sectors. His technical strengths include the ethical hacking/penetration testing of web applications, desktop applications and networks, social engineering, operating system security, digital forensics, networking protocols and scripting languages.


Additionally, Mr. Vien has extensive experience in malware analysis including reverse engineering, detection and trending. He has performed penetration tests, network design/implementations, and application development for some of the largest corporations in the world, in addition to researching and developing viruses to help organizations better understand advanced threats.


Currently the Head of Cyber for Measured Risk, Vien has held positions with key organizations including CounterTack, where he serves as a key trainer in our malware analysis curriculum.


As a takeaway, we’ll leave you with a set of best practices to leverage, as well as an easy way to acquire our Responder PRO tool for detailed incident investigation.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.