Get the Skills you need from Home with SANS Online Training - Special Offers Available Now


To attend this webcast, login to your SANS Account or create your Account.

WhatWorks in Detecting and Blocking Advanced Threats at a Large Research Organization

  • Tuesday, August 06, 2013 at 1:00 PM EDT (2013-08-06 17:00:00 UTC)
  • John Pescatore


  • FireEye

You can now attend the webcast using your mobile device!



Learn how a leading national research lab ensures effective operations and cybersecurity capabilities, and how advanced threat protection from FireEye helps get the job done.

About the User

The user interviewed for this case study has requested anonymity to maintain confidentiality, but has allowed us to refer to him as a Cyber Security Analyst at a National Laboratory. The WhatWorks program can help more users make more informed decisions if we allow seasoned professionals from major user organizations to share their stories without revealing the name of the organization.

SANS Summary

A leading national research lab must allow users to collaborate online, manage their own IT environments, and rely on the Internet to perform their day to day activities - all high risk activities. The desire to take a more aggressive approach to detecting security incidents prompted them to look at new threat detection systems. The team found that FireEye performed as a proactive advanced threat protection platform that actively inspected traffic on their high speed networks and detected malicious events that were unseen by other installed network security systems. The FireEye solution installed easily, is monitored and maintained with very little personnel overhead, and has a very low rate of false positives.

Speaker Bio

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013. He has 35 years experience in computer, network and information security. Prior to joining the SANS Institute, Mr. Pescatore was Gartnerís lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Before joining Gartner, Mr. Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Mr. Pescatore spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is also an Extra class amateur radio operator, callsign K3TN.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.