Choose from Eight InfoSec Courses at SANS Las Vegas 2018. Save $200 thru 12/27.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Shrinking Attack Dwell Times - A Phishing Case Study Demo

  • Tuesday, October 3rd, 2017 at 1:00 PM EDT (17:00:00 UTC)
  • John Pescatore and John Jolly
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Syncurity

You can now attend the webcast using your mobile device!

Overview

Security Operations team struggle to quickly prioritize their alert queues to find true positives and rapidly respond to minimize damage. Quickly finding the alerts that represent real attacks presenting the most risk, is key to reducing business disruption as attack surface increases with cloud and mobile, and alert surface increases with new tools like EDR.†This session will demonstrate a practical approach to accelerate this process through thoughtful automation and risk scoring using a user-submitted phishing email use case.†Attendees will see how the attack dwell time can be compressed using a Security Automation & Orchestration platform, that leverages the existing security stack and SOC tribal knowledge.

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and voice systems "and the occasional ballistic armor installation." John has testified before Congress about cyber security, was named one of the 15 most-influential people in security in 2008 and remains an NSA-certified cryptologic engineer.


John Jolly

John Jolly, President and CEO of Syncurity and has over 30 years of experience in the security industry.†Prior to joining Syncurity John was a Vice President and General Manager at General Dynamics where he led a large portfolio of commercial and Federal cybersecurity business, including the digital forensics incident-response practice responsible for responding to and resolving some of the largest security breaches in history.†John also led the acquisition of Fidelis Security Systems, a market leading network software security business, in order to reposition General Dynamics existing digital forensics and incident response business within the commercial network security space.

John is a contributing author to the first edition of the†Cybercrime Investigation Body of Knowledge, which was published in May 2017 by Trend Micro, and a member of the advisory boards at the University of Maryland Baltimore County Cybersecurity Incubator and the Maryland Center for Entrepreneurship. He is also a mentor at the Mach37 Center for Innovative Technology (CIT) Cybersecurity Accelerator in Herndon VA, and a member of the advisory board for CounterTack, a next-generation endpoint company located in Boston, MA.†John holds a bachelorís degree with honors in Computer and Information Science from the University of Maryland Baltimore County, a masterís degree in Program and Organization Management from Johns Hopkins University, and an MBA in Finance with honors from The Wharton School, University of Pennsylvania.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.