SANS Threat Hunting and Incident Response Summit 2017

Chairman: Rob Lee
CPE Credits: 16
Summit Dates: April 18-19
Training Course Dates: April 20-25

Will you be the Hunter or the Prey?

The Threat Hunting & Incident Response Summit will focus on specific hunting and incident response techniques and capabilities that can be used to identify, contain, and eliminate adversaries targeting your networks. SANS and our Founding Partner Carbon Black are pleased to invite you to the Summit where you will have the opportunity to directly learn from and collaborate with incident response and detection experts who are uncovering and stopping the most recent, sophisticated, and dangerous attacks against organizations.

Chances are very high that hidden threats already exist inside your organization's networks. Organizations can't afford to assume that their security measures are impenetrable, no matter how thorough their security precautions might be. Prevention systems alone are insufficient to counter focused human adversaries who know how to get around most security and monitoring tools.
The key is to constantly look for attacks that get past security systems, and to catch intrusions in progress rather than after attackers have attained their objectives and done worse damage to the organization. For the incident responder, this process is known as "threat hunting." Threat hunting uses known adversary behaviors to proactively examine the network and endpoints and identify new data breaches.

The Summit will explore the following:

• The effectiveness of threat hunting in reducing the dwell time of adversaries
• Threat hunting - Buzzword or Actionable Strategy?
• Automated threat hunting: Fact or fiction
• Threat hunting tools, tactics, and techniques that can be used to improve the defense of your organization
• Case studies on the application of threat hunting to security operations
• Innovative threat hunting tactics and techniques
• New tools that can help threat hunting for both endpoints and networks
• Perspectives and case studies that challenge threat hunting assumptions and can result in a shift in understanding

In addition to two days of in-depth threat hunting discussions, you'll have the opportunity to network with fellow attendees at breaks and social events. Attendees tell us time and again that one of the greatest takeaways from these events is the many industry connections they forge or deepen during their time with us. Last year's networking event was held at the House of Blues, where attendees enjoyed food, drinks, and live music performed by a New Orleans Jazz band!
After the two-day Summit, choose from seven hands-on, immersion-style SANS courses to help you expand your information security expertise. SANS courses are taught by experienced industry practitioners who are among the best cybersecurity instructors in the world. They will provide you with the guidance and skills you need to defend your organization from ever-evolving threats.

Who Should Attend?

• Threat Hunters who are seeking to understand threats more fully and how to learn from them in order to more effectively hunt threats and counter the tradecraft of adversaries.
• Incident Response Team Members who regularly respond to complex security incidents and intrusions by advanced persistent threat (APT) adversaries and need to know how to detect, investigate, remediate, and recover from compromised systems across an enterprise.
• Security Operations Center Personnel and Information Security Practitioners who support hunting operations that aim to identify attackers in their network environments.
• Digital Forensic Analysts who want to consolidate and expand their understanding of filesystem forensics, investigations of technically advanced adversaries, incident response tactics, and advanced intrusion investigations.
• System Administrators who are on the front lines defending their systems and responding to attacks
• Federal Agents and Law Enforcement Officials who want to master advanced intrusion investigations and incident response, as well as expand their investigative skills beyond traditional host-based digital forensics.

Courses Available at SANS Threat Hunting and Incident Response Summit 2017:

MGT517: Managing Security Operations: Incident Response and Intelligence
SEC550: Active Defense, Offensive Countermeasures and Cyber Deception
FOR508: Advanced Digital Forensics and Incident Response
FOR526: Memory Forensics In-Depth
FOR572: Advanced Network Forensics and Analysis
FOR578: Cyber Threat Intelligence
FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques
Threat Hunting & Incident Response Summit