$400 Amazon Gift Card with OnDemand Training through March 10 - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Tracking Down the Cyber Criminals: Revealing Malicious Infrastructures with Umbrella

  • Thursday, June 18, 2020 at 12:30 PM EDT (2020-06-18 16:30:00 UTC)
  • Chris Bilodeau


  • Cisco Umbrella

You can now attend the webcast using your mobile device!



Cyber criminals are exploiting the Internet to build agile and resilient infrastructures. The Internet is open and info to expose these infrastructures is out there. The challenge is making sense of the fragmented data out there. Connecting the dots, by analyzing data (DNS queries, BGP anomalies, ASN reputation, network prefixes/IP fluctuations), allows us to map out where malicious infrastructure is and attacks are staged. This gives the defender the upper hand by letting them pivot through the criminal infrastructure. This session will explain how some of the Cisco Umbrella classifiers work and provide examples of threats that have been detected using this technology. First we focus on the detection models that can be built and applied (such as co-occurrences, NLPRank, Spike Detectors, Malvertising-clustering), and how these can expose malicious infrastructures and APTs. The next part provides a practical use case on how this innovative approach can be used to pivot through attackers' infrastructure and protect organizations from advanced threats. Examples include crypto phishing and crypto jacking. Finally, we will show some of this analysis visualized in 3D.

Speaker Bio

Chris Bilodeau

With over 15 years’ experience, Chris has done everything from answering calls at the support desk to managing network and security teams. He has a passion for connecting technology to business needs and a knack for explaining advanced concepts in a way that makes sense to the engineer and the executive. During his six years with Cisco, Chris has worked with hundreds of customers globally to create training and certification programs, end-user documentation, and system integrations.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.