Cyber Skills Training at SANS Seattle Fall 2018. Save $400 thru 8/22!


To attend this webcast, login to your SANS Account or create your Account.

Six stages of an attack: The Art of Detection

  • Wednesday, April 5th, 2017 at 1:00 PM EDT (17:00:00 UTC)
  • Richard Harlan and Matt Bromiley
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • Cybereason

You can now attend the webcast using your mobile device!


The organizations keeping customer data safe don't necessarily spend more on security, but have learned to artfully balance resources across prevent more, detect faster, mitigate more accurately, and minimize damage.

While initial network penetration is quick and difficult to detect, attackers perform a series of actions once they're inside the network, offering a window of opportunity for detection early in the attack life-cycle. This gives enterprise defenders a chance to act quickly to stop or minimize business impact. Doing threat lifecycle management effectively takes a mix of mature security processes, analyst skills, and "force multiplier" tools.

In our upcoming webinar, SANS and Cybereason will discuss the attack lifecycle post-penetration and offer an approach for successful detection.

Join us to learn:

  • A more in-depth look at the six stages of the attack lifecycle
  • How to avoid the pitfalls that cause network infiltration detection to fail
  • An effective approach for accurate detection throughout the entire attack lifecycle, not just an infiltration

Speaker Bios

Richard Harlan

Richard Harlan, is a knowledgeable sales technical engineer. He has built an small ISP in Western Kansas from the ground up. From there, he moved over to work at John Deere, specializing in their Application Infrastructure group working mostly with f5 and iRules. Richard also spent 9 years working at f5 working heavily with iRules and Security products. At Cybereason, he focuses on network-based threats from an endpoint prospect.

Matt Bromiley

Matt Bromiley is a SANS Certified Digital Forensics and Incident Response instructor, teaching Advanced Digital Forensics, Incident Response, and Threat Hunting (FOR508) and Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response (FOR572), and a GIAC Advisory Board member. He is also a principal incident response consultant at a major incident response and forensic analysis company, combining experience in digital forensics, incident response/triage and log analytics. His skills include disk, database, memory and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.