Last Day to Save $400 on 4-6 Day Courses at SANS Cyber Defense Initiative 2017!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Threat Hunting with Endpoints: A Methodology for Effective Detection and Agile Response

  • Thursday, August 31st, 2017 at 1:00 PM EDT (17:00:00 UTC)
  • John Pescatore and Jack "Wes" Riley
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • RSA

You can now attend the webcast using your mobile device!

Overview

In today's environment, the most powerful tool available to security and incident response professionals is visibility. The better an analyst's visibility, the more effectively they can bring their own knowledge, experience, and methodologies to bear during an incident, hunting investigation, or evaluation of current legitimate security and operational IT mechanisms. In this talk, Wes Riley with RSA's Incident Response Practice will discuss a simple, adaptable, and extremely effective threat hunting methodology that allows security practitioners to accomplish two goals: 1) Proactively detect both known and unknown threats and 2) utilize non-standard IOCs on-the-fly to effectively scope newly discovered threats at scale. Mr. Riley will present a case study involving advanced actors to demonstrate the effectiveness of this methodology.

Speaker Bios

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013 after more than 13 years as lead security analyst for Gartner, 11 years with GTE, and service with both the National Security Agency, where he designed secure voice systems, and the U.S. Secret Service, where he developed secure communications and voice systems "and the occasional ballistic armor installation." John has testified before Congress about cyber security, was named one of the 15 most-influential people in security in 2008 and remains an NSA-certified cryptologic engineer.


Jack "Wes" Riley

Jack "Wes" Riley is an Advisory Researcher and Incident Response Consultant at RSA. In this capacity, Mr. Riley focuses on researching and investigating multifaceted network intrusions and analyzing complex malware sets. Prior to joining RSA, Mr. Riley worked as an Incident Response analyst for the U.S. Army Corps of Engineers Cyber Incident Response Team (CIRT). Mr. Riley began his career training law enforcement personnel at the National Forensics Training Center at Mississippi State University, as well as acting as an Information Assurance and Security Officer for the DoD Supercomputing Resource Center.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.