Get an iPad Air w/ Smart Keyboard, Pixel 4a Smartphone, or Take $350 Off with Online Training! Offer Ends Soon!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Reducing Attacks and Improving Resiliency: The SANS 2017 Threat Hunting Survey Results | Part 2

  • Thursday, April 27, 2017 at 1:00 PM EDT (2017-04-27 17:00:00 UTC)
  • Robert M. Lee, Toni Gidwani, Mike Scutt, Dana Torgersen


  • Anomali
  • DomainTools
  • Malwarebytes
  • Rapid7 Inc.
  • Sqrrl Data, Inc.
  • ThreatConnect

You can now attend the webcast using your mobile device!



Even though their processes aren't formal or mature, respondents reported benefits from their hunting practices, including reduce attack surfaces and detection of unknown threats in the enterprise, according to the 2016 SANS Survey on Threat Hunting. In that survey, 74% of respondents who use threat hunting said that hunting for threats reduced their attack surfaces, while 59% cited more accurate response, and 52% found previously undetected threats that were active in their enterprises.

This new 2017 survey, publishing in association with the SANS Threat Hunting and Incident Response Summit, further defines how organizations apply threat hunting to enterprise response and detection, while also bringing out new best practices for integration and use of threat-hunting information. During this session, the second in a two-part series, attendees will learn about:

  • Tools and skills utilized for successful hunts
  • Formality of threat-hunting programs and who staffs and leads teams
  • Required data feeds and collectors
  • Future uses for threat hunting
  • What respondents have on their wish lists

Click here to be among the first to receive access to full survey results paper, developed by SANS Fellow Rob Lee, publishing in association with the SANS Threat Hunting and Incident Response Summit.

Click here to register for the first part of this two-part webcast, being held Wednesday, April 26, to learn about the progress being made in threat-hunting practices, as well as the inhibitors holding organizations back from achieving the full benefits of proactive threat hunting in their enterprises.

Speaker Bios

Robert M. Lee

Robert M. Lee, a SANS certified instructor and author of ICS515 ICS Active Defense and Incident Response and FOR578 Cyber Threat Intelligence courses, is the founder and CEO of Dragos, a critical infrastructure cyber security company, where he focuses on control system traffic analysis, incident response and threat intelligence research. He has performed defense, intelligence and attack missions in various government organizations, including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Author of SCADA and Me and a nonresident National Cyber Security Fellow at New America, focusing on critical infrastructure cyber security policy issues, Robert was named EnergySec’s 2015 Energy Sector Security Professional of the Year.

Toni Gidwani

Toni Gidwani is the Director of Research Operations at ThreatConnect and leads ThreatConnect’s research team, an elite group of globally-acknowledged cyber security experts dedicated to tracking down existing and emerging cyber threats. Prior to joining ThreatConnect, Toni led analytic teams in the U.S. Department of Defense.

Mike Scutt

Mike Scutt leads Rapid7’s managed detection and response service at Rapid7, where he previously led incident response services. His primary focus areas include host-based forensics, malware analysis and threat research. Mike has spent a decade in information security and has held a variety of roles, from enterprise infrastructure hardening and threat mitigation to managing incident response engagements for Fortune 50 companies. Prior to joining Rapid7, Mike managed the global incident response team for Mandiant's managed services division.

Dana Torgersen

Dana Torgersen is a senior product marketing manager with Malwarebytes. He is a veteran product marketer who cut his teeth in network and data center security while at Secure Computing, McAfee, Intel Security, Palo Alto Networks and security startup Illumio. Dana regularly addresses the security community across businesses, schools and government agencies, illustrating how they can protect their endpoints against advanced threats including exploits, malware and ransomware attacks. Dana holds a BS degree in Business Computer Systems from Bradley University and is based in the San Francisco Bay Area.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.