Four Days Left to Get an iPad (32G), Galaxy Tab A, or $250 Off Online Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Threat Hunting with Consistency - A SANS Whitepaper

  • Monday, December 9th, 2019 at 10:30 AM EST (15:30:00 UTC)
  • Matt Bromiley and Chris Morales
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Vectra Networks

You can now attend the webcast using your mobile device!

Overview

SANS instructor Matt Bromiley presents a new way of thinking about threat hunting. The common practice today is that most analysts search for threats based on hunches and previous knowledge, which leaves an open opportunity for attackers. Bromiley proposes an alternative approach where we utilize a common language. This approach creates a stronger internal process and builds a security team that begins to see things holistically instead of piece by piece. This also breaks from the usual threat hunting techniques centered around an analysts knowledge, hunches, and predictions and relies on evidence-based security research to provide vision and efficiency instead.

Using the beautiful vocabulary in MITREs ATT&CK Matrix, Bromiley proposes we can change the language to start to speak ATT&CK. Rather continue with things as they have been by using varying and sparse definitions for things, lets apply a uniformed vocabulary that focuses on our environment and threat hunting, where groupings and indications of malicious activity can give us insight into what we dont already know. Utilizing one common language over an operating system perspective will bring great efficiencies and develop stronger borders against malicious activity. Together with Chris Morales from Vectra, Bromiley will guide participants through this new thinking, and provide takeaways to apply this thinking to their own situations.

Register today to be among the first to receive the associated whitepaper written by security expert Matt Bromiley.

Speaker Bios

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.


Chris Morales

Chris Morales is the Head of Security Analytics at Vectra, where he advises and designs incident response and threat management programs for Fortune 500 enterprise clients. He has nearly two decades of information security experience in an array of cybersecurity consulting, sales, and research roles. Christopher is a widely respected expert on cybersecurity issues and technologies and has researched, written and presented numerous information security architecture programs and processes.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.