One Week Left to Get an 11" iPad Pro with Apple Pencil w/ OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Threat Hunting for the Masses

  • Thursday, May 18, 2017 at 11:00 AM EDT (2017-05-18 15:00:00 UTC)
  • Frank McClain

You can now attend the webcast using your mobile device!



Threat Hunting is widely known as the art of applying new information to existing data in order to find previously unknown threats. If you work in or around Security Operations, Incident Response, or Forensics, chances are good that you have heard about threat hunting--perhaps from a vendor, coworker, blog post, webinar, or presentation like this one. Threat hunting, like "Threat Intelligence," is a popular catch-phrase with many different ideas on the "who, what, when, where, why, and how" of properly accomplishing it. Some vendors even offer a form of "threat hunting" as part of their services, which certainly makes it sound expensive and complicated--something beyond "mere mortals" (like you!) who work for a living.

The fact is that although activities related to threat hunting can be expensive and complicated, they don't have to be. This talk will outline the fundamental concepts of threat hunting, and present actionable ideas about how you can begin to hunt for threats in your own organization. Contrary to what you may have heard, an effective threat hunting program doesn't need to involve buying new and expensive platforms, hiring more personnel, or paying for comprehensive services. At its core, implementing these programs just takes some dedicated effort; a little "elbow grease" as the saying goes.

Although this is a broad topic, you'll get solid answers to core questions about threat hunting. More than that, you should have some actionable information to take with you and help you start taking ground against the bad guys--wherever your hunting grounds may be.

To learn more on this topic, attend the 10th annual SANS Digital Forensics & Incident Response (DFIR) Summit & Training. This training event brings together the most influential group of experts, the highest quality training, and the greatest industry networking opportunities in one place. Over the course of this eight-day training event, you'll enjoy:

  • Highly technical digital forensics and incident response presentations from the industry's top practitioners during the two-day Summit
  • Nine SANS DFIR courses to choose from to advance your training, build your arsenal of defenses, and learn how to better protect your organization
  • The opportunity to network with fellow attendees at receptions and community-building events
  • A DFIR NetWars tournament to sharpen your skills and solve incident-related challenges

Speaker Bio

Frank McClain

Frank McClain is a decorated US Army veteran who served in the first Gulf War, and an accomplished cyber investigator and information assurance practitioner with deep experience in digital forensics and incident response. He has worked as a DFIR consultant, managed security operations for a national financial services firm, and is currently a Senior Threat Analyst with Red Canary.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.