Community SANS SEC503: Intrusion Detection In-Depth

This event qualifies for 46 CPEs


SEC503: Intrusion Detection In-Depth

Preserving the security of your site in today's threat environment is more challenging than ever before. The security landscape is continually changing from what was once only perimeter protection to protecting exposed and mobile systems that are almost always connected and sometimes vulnerable. Security-savvy employees who can help detect and prevent intrusions are therefore in great demand. Our goal in SEC503: Intrusion Detection In-Depth is to acquaint you with the core knowledge, tools, and techniques to defend your networks with insight and awareness. The training will prepare you to put your new skills and knowledge to work immediately upon returning to a live environment.


Who should attend:

Intrusion detection (all levels), system, and security analysts

  • Analysts will be introduced to or become more proficient in the use of traffic analysis tools for signs of intrusions.

Network engineers/administrators

  • Network engineers/administrators will understand the importance of optimal placement of IDS sensors and how the use of network forensics such as log data and network flow data can enhance the capability to identify intrusions.

Hands-on security managers


You will be able to: 

  • Hands-on security managers will understand the complexities of intrusion detection and assist analysts by providing them with the resources necessary for success.
  • Configure and run open-source Snort and write Snort signatures
  • Configure and run open-source Bro to provide a hybrid traffic analysis framework
  • Understand TCP/IP component layers to identify normal and abnormal traffic
  • Use open-source traffic analysis tools to identify signs of an intrusion
  • Comprehend the need to employ network forensics to investigate traffic to identify a possible intrusion
  • Use Wireshark to carve out suspicious file attachments
  • Write tcpdump filters to selectively examine a particular traffic trait
  • Craft packets with Scapy
  • Use the open-source network flow tool SiLK to find network behavior anomalies
  • Use your knowledge of network architecture and hardware to customize placement of IDS sensors and sniff traffic off the wire

Speaker and Presenter Information

Mohammed Asfar
Mohammed Asfar serves as a Principal Consultant for Leidos Cyber, where he assists clients with Security Operations Center (SOC) transformation services. Asfar got his start in consulting working for a Big 4 firm in their Forensics and Security practice. As a forensics consultant, Asfar worked on several engagements ranging from Electronic Discovery to Security breaches. During his work on an e-Discovery project, he was fortunate to work as a team lead for one of the largest litigation cases in the history of the U.S. As a security analyst, he worked numerous incidents, including nation-actor breaches, inappropriate use of the Internet, and employee hacking.

When he's not responding to cyber incidents, he's busy with Network Security Monitoring (NSM) review and improving data visibility gaps for his clients. Asfar takes pride in being an avid blue-teamer and specializes in threat hunting within large organizations. He teaches students leveraging stories from his experience and hands-on demonstration of the materials being presented in the class.

Asfar holds a master?s degree in Forensic Science, focusing on Digital Forensics, from Marshall University, as well as numerous Information security certifications, including CISSP, GCDA, GCFA, GCIH, GCIA, GMON, GREM, GPEN and ENCE.

Twitter: @m0_asfar



Expected Number of Attendees


Relevant Government Agencies

Air Force, Army, Navy & Marine Corps, Intelligence Agencies, DOD & Military, Office of the President (includes OMB), Dept of Agriculture, Dept of Commerce, Dept of Education, Dept of Energy, Dept of Health & Human Services, Dept of Homeland Security, Dept of Housing & Urban Development, Dept of the Interior, Dept of Justice, Dept of Labor, Dept of State, Dept of Transportation, Dept of Treasury, Dept of Veterans Affairs, EPA, GSA, USPS, SSA, NASA, Other Federal Agencies, Legislative Agencies (GAO, GPO, LOC, etc.), Judicial Branch Agencies, State Government, County Government, City Government, Municipal Government, CIA, FEMA, Office of Personnel Management, Coast Guard, National Institutes of Health, FAA, Census Bureau, USAID, National Guard Association, EEOC, Federal Government, State & Local Government, FDA, Foreign Governments/Agencies, NSA, FCC, Education / All Industries

Register as Attendee

Add to Calendar

This event has no exhibitor/sponsor opportunities

Mon-Sat, Oct 14-19, 2019, 9:00am - 7:00pm ET


Attendee Price:  $6260.00 (Until 09/04/2019)
Attendee Price:  $6410.00 (Until 09/18/2019)
Attendee Price:  $6610.00 (Until 10/13/2019)

Kraft Kennedy
630 Third Avenue
14th Floor
New York, NY 10017
Get directions

Click here to visit event website

SANS Institute - Community SANS

Contact Event Organizer

Return to search results