Top Cybersecurity Instructors and Best Offers of the Year Available Now - Learn More!


To attend this webcast, login to your SANS Account or create your Account.

SANS WhatWorks: How VCU uses FireEye for Advanced Threat Detection and Prevention

  • Tuesday, February 10, 2015 at 1:00 PM EST (2015-02-10 18:00:00 UTC)
  • John Pescatore


  • FireEye

You can now attend the webcast using your mobile device!



About the User
Dan Han is the Information Security Officer for Virginia Commonwealth University (VCU) and is responsible for the development and management of the information security program for the University. With over 15 years of experience, Dan has spent a majority of his career working in the higher education and healthcare sectors, within various roles of IT ranging from application development to infrastructure management. He has been focused in the information security field for nearly 10 years, with an emphasis in information security architecture and security risk and compliance. In addition to various industry recognized IT and security certifications, Dan holds a MS and MBA in Information Systems and IT Management.

About VCU and the VCU Medical Center
Virginia Commonwealth University is a major, urban public research university with national and international rankings in sponsored research. Located in downtown Richmond, VCU enrolls more than 31,000 students in 222 degree and certificate programs in the arts, sciences and humanities. Sixty-seven of the programs are unique in Virginia, many of them crossing the disciplines of VCU's 13 schools and one college. MCV Hospitals and the health sciences schools of Virginia Commonwealth University comprise the VCU Medical Center, one of the nation's leading academic medical centers. For more, see

SANS Summary
A University with a centralized Internet connection but decentralized PC operations found that it was experienced too high a level of malware events at user PCs. They decided to look at network advanced threat detection devices that could inspect traffic at the Internet border point to address the problem. After a bakeoff they selected technology from Fireye, which gave them visibility into malware that existing AV solutions was not detecting and allowed them to more quickly respond to malware events before major damage was incurred. The FireEye product was integrated with VCU's SIEM product for day to day reporting and monitoring. To deal with the high speed (10 G) network speeds at VCU, over time the University moved to 3 FireEye appliances in a load balancing configuration.

Speaker Bio

John Pescatore

John Pescatore joined SANS as director of emerging security trends in January 2013. He has 35 years experience in computer, network and information security. Prior to joining the SANS Institute, Mr. Pescatore was Gartnerís lead security analyst for 13 years, working with global 5000 corporations and major technology and service providers. Before joining Gartner, Mr. Pescatore was Senior Consultant for Entrust Technologies and Trusted Information Systems, where he started, grew and managed security consulting groups focusing on firewalls, network security, encryption and Public Key Infrastructures. Prior to that, Mr. Pescatore spent 11 years with GTE developing secure computing and telecommunications systems. Mr. Pescatore began his career at the National Security Agency, where he designed secure voice systems, and the United States Secret Service, where he developed secure communications and surveillance systems. He holds a Bachelor's degree in Electrical Engineering from the University of Connecticut and is a NSA Certified Cryptologic Engineer. He is also an Extra class amateur radio operator, callsign K3TN.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.