Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Threat Hunting

  • Tuesday, February 02, 2016 at 1:00 PM EST (2016-02-02 18:00:00 UTC)
  • Luis Maldonado, Robert M. Lee, Rob Lee


  • Sqrrl Data, Inc.

You can now attend the webcast using your mobile device!



The threats facing organizations today mean that the analysts in security operations centers can no longer sit passively waiting for alerts to come through. Sophisticated attacks require a more active role in detecting and isolating them. That's where threat hunting comes in.

Firewalls, intrusion detection systems and SIEMs all depend on alerts to spur action. But alerts can be difficult to prioritize, largely because they are limited in what they can tell the SOC about what is going on. They are like pieces of a puzzle that leave analysts reactively digging through log files and jumping from repository to repository as they try to get a clear picture of the event that precipitated the alert.

In contrast, threat hunting is a proactive approach designed to uncover threats that lie hidden in a network or system, evading more traditional security tools.

In this webcast, you will learn how threat hunts are initiated, the skills that threat hunters must have, and the differences between structured and unstructured hunts. In addition, you will hear the latest developments in threat hunting from Sqrrl including a live demo of use-cases with their Sqrrl Threat Hunting Platform.

Be among the first to receive the associated whitepaper written by Robert M. Lee and Rob Lee.

View the associated whitepaper here.

Don't miss the Threat Hunting Season! Learn how to hunt your enemy before it hunts you.

Threat Hunting & Incident Response Summit | New Orleans, LA
Summit Dates: April 12-13
Training Course Dates: April 14-19
For more information or to register visit:

The Threat Hunting & Incident Response Summit was created to provide you with the methodic preparation needed to cull your adversaries from your network before you become their prey. In just two days of talks & five days of courses, you will learn from incident response and detection experts who are actively hunting for threats and stopping the most recent, sophisticated, and dangerous attacks against organizations.

Speaker Bios

Rob Lee

Rob Lee is the curriculum lead and author for digital forensic and incident response training at the SANS Institute. With more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention and incident response, he provides consulting services in the Washington, D.C. area. Before starting his own business, Rob worked with government agencies in the law enforcement, defense and intelligence communities as a lead for vulnerability discovery and exploit development teams, a cyber forensics branch, and a computer forensic and security software development team. He also worked for a leading incident response service provider and co-authored Know Your Enemy: Learning About Security Threats, 2nd Edition.

Robert M. Lee

Robert M. Lee, a SANS certified instructor and author of ICS515 ICS Active Defense and Incident Response and FOR578 Cyber Threat Intelligence courses, is the founder and CEO of Dragos, a critical infrastructure cyber security company, where he focuses on control system traffic analysis, incident response and threat intelligence research. He has performed defense, intelligence and attack missions in various government organizations, including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Author of SCADA and Me and a nonresident National Cyber Security Fellow at New America, focusing on critical infrastructure cyber security policy issues, Robert was named EnergySec’s 2015 Energy Sector Security Professional of the Year.

Luis Maldonado

Luis Maldonado has been designing, building and productizing enterprise software products for over 20 years. With a keen focus on creating business value from large-scale computing systems, Luis has shaped technologies that include middleware, cloud computing, security and big data into business-driven products. As vice president of products, Luis is responsible for Sqrrl's product strategy, management and marketing efforts. Prior to Sqrrl, Luis led the product management efforts for HP's Vertica business unit and previously held product leadership positions for companies such as Akamai, Progress Software and Imprivata. Luis holds a B.S. in computer science and engineering from MIT.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.