One Week Left to Get an 11" iPad Pro, a Surface Go 2, or $300 Off with OnDemand Training

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

The Four Types of Threat Detection for ICS Security

  • Tuesday, November 21, 2017 at 1:00 PM EST (2017-11-21 18:00:00 UTC)
  • Robert M. Lee

Sponsor

  • Dragos, Inc.

You can now attend the webcast using your mobile device!

  

Overview

Threat detection can be summarized into four types: Configuration, Modeling (Anomalies), Indicators, and Behavioral Analytics. Understanding the difference in these types and how to use each enables industrial control system (ICS) security teams to defend their environments appropriately. 

As companies try to invest in different type of security technologies they must understand what approaches are right for them before they invest poorly. This presentation will educate on the four types of detection and uses for each while also showcasing the Dragos, Inc. team's approach. The Dragos Platform, Dragos WorldView ICS Threat Intelligence, Dragos Threat Operations Center, and CyberLens assessment tool give the community unique insights into their environments, the ICS threat landscape, and how to respond.

Speaker Bio

Robert M. Lee

Rob is a recognized pioneer in the industrial security incident response and threat intelligence community. He started in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).

Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.