Get the Skills you need from Home with SANS Online Training - Special Offers Available Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Tracking and Observation-How-To and What To Watch For

  • Wednesday, July 29, 2015 at 1:00 PM EDT (2015-07-29 17:00:00 UTC)
  • Jason Trost, J. Michael Butler, Stephen Northcutt


  • Anomali

You can now attend the webcast using your mobile device!



In a landscape where attackers roam corporate networks seemingly at will, are the existing ways of monitoring adversaries enough? Enhancing internal visibility through the use of honeynets and technologies such as targeted web crawling can make a difference in organizational readiness and response. This webcast discusses the various paradigms of tracking and observation, how methods in use reflect these paradigms, and ways organizations can avoid ethical and legal pitfalls.

Sign up for this webcast and be among the first to receive an advance copy of a SANS whitepaper discussing tracking and observation.

Please send questions about this webcast to

View the associated whitepaper here.

Speaker Bios

J. Michael Butler

J. Michael Butler is an information security consultant with a leading provider of technical services for the mortgage industry. Butler's responsibilities have included computer forensics, information security policies (aligned to ISO and addressing federal and state disclosure laws), enterprise security incident management planning, internal auditing of information systems and infrastructure, service delivery and distributed systems support. He has also been involved in authoring SANS security training courseware, position papers, articles and blogs.

Jason Trost

Jason Trost, vice president of Threat Research at Anomali, has worked in security for more than 10 years, including several years of experience leveraging big data technologies for security data mining and analytics. Jason is currently focused on building highly scalable systems for processing, analyzing and visualizing high-speed network/security events in real time, as well as systems for analyzing massive amounts of malware. He is a regular attendee at big data and security conferences and has spoken at Blackhat, BSidesSF, BSidesLV, FloCon, and Hadoop Summit. Jason has contributed to several security- and big-data–related open source projects.

Stephen Northcutt

Stephen Northcutt founded the GIAC certification and is the former president of the SANS Technology Institute, a postgraduate college focusing on IT security. He is the author or co-author of Incident Handling Step-by-Step, Intrusion Signatures and Analysis, Inside Network Perimeter Security (2nd edition), IT Ethics Handbook, SANS Security Essentials, SANS Security Leadership Essentials and Network Intrusion Detection (3rd edition). He was the original author of the Shadow intrusion detection system before accepting the position of chief for information warfare at the Ballistic Missile Defense Organization. Stephen is a graduate of Mary Washington College. Before entering the field of computer security, he worked as a Navy helicopter search and rescue crew member, whitewater raft guide, chef, martial arts instructor, cartographer and network designer.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.