Don't Miss: MacBook Air, Surface Pro 7, or $350 Off with SANS Online Training - Register Now!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Vetting Your Intel - Techniques and Tools for False Positive Analysis

  • Wednesday, May 15, 2019 at 1:00 PM EDT (2019-05-15 17:00:00 UTC)
  • Robert M. Lee, Tarik Saleh

Sponsor

  • DomainTools

You can now attend the webcast using your mobile device!

  

Overview

For blue teams and network defenders, false positives are a common challenge, and often result in alert fatigue. A consequence of alert fatigue, according to a study conducted by Cloud Security Alliance, is that 31.9% of IT security professionals ignore alerts. Alternatively, some security professionals blindly trust all alerts, which if not validated correctly can bring dire consequences to your network . Join DomainTools Senior Security Engineer, Tarik Saleh, and SANS instructor, Robert M. Lee, to explore areas where blue teams can identify false positives, methods of validating alerts, and real world applications of these examples.

In this webinar you will learn how to:

  • Set up your own analysis environment
  • Vet your IDS alerts
  • Evaluate your A/V alerts

Speaker Bios

Robert M. Lee

Rob is a recognized pioneer in the industrial security incident response and threat intelligence community. He started in security as a U.S. Air Force Cyber Warfare Operations Officer tasked to the National Security Agency where he built a first-of-its-kind mission identifying and analyzing national threats to industrial infrastructure. He went on to build the industrial community’s first dedicated monitoring and incident response class at the SANS Institute (ICS515) and the industry recognized cyber threat intelligence course (FOR578).

Forbes named Robert to its 30 under 30 (2016) list as one of the “brightest entrepreneurs, breakout talents, and change agents” in Enterprise Technology. He is a business leader but also technical practitioner. Robert helped lead the investigation into the 2015 cyber attack on Ukraine’s power grid, he and his team at Dragos helped identify and analyze the CRASHOVERRIDE malware that attacked Ukraine’s grid in 2016 and the TRISIS malware deployed against an industrial safety system in the Middle East in 2017.


Tarik Saleh

Tarik Saleh is the Senior Security Engineer at DomainTools. He has been a technology hobbyist since he got his first computer at age 10 and has over 7 years experience in Information Security in various blue-team roles such as leading a Threat Hunting team, Incident Response and Security Operations. Tarik has worked in the Security space for enterprise companies such as Amazon and Expedia. Security is more of a passion than a ‘9-5’ job for Tarik. Outside of work, you’ll see Tarik and his dog Roland out enjoying the beautiful Pacific Northwest.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.