Transcription
T h e M o s t T r u s t e d S o u r c e f o r I n f o r m a ti o n S e c u r it y T r a i n i n g , C e r ti f i c a ti o n , a n d R e s e a r c hNORTHERNVIRGINIAReston2016Reston, VAApril 4-9SANS Offers Hands-On, Immersion-Style Security TrainingCourses Taught by Real-World PractitionersCyber Threat Intelligence – NEW!Network Penetration Testing andEthical Hacking – NEW!Security Essentials Bootcamp StyleContinuous Monitoring and Security OperationsAdvanced Digital Forensics and Incident ResponseIntrusion Detection In-DepthDefending Web Applications Security EssentialsReverse-Engineering Malware:Malware Analysis Tools and TechniquesCyberCity Hands-on Kinetic Cyber Range Exercise“SANS was excellent!Not only were theregood instructors, but thiswas a great networkingexperience.”-Leslie Morse,Department of the TreasurySAVE 400by registering and paying early!See page 13 for more details.GIAC Approved Trainingsans.org/reston-2016
Reston 2016RESTON, VAAPRIL 4-9SANS InstructorsSANS Instructors are real-world practitioners who specialize in the subjects they teach.All instructors undergo rigorous training and testing in order to become SANS CertifiedInstructors. This guarantees that what you learn in class will be up-to-date and relevantto your job. The SANS Reston 2016 line-up of instructors includes:Dr. Eric ColeFaculty FellowEric ConradSenior InstructorAdrien de BeaupreCertified InstructorKevin FiscusCertified InstructorTim MedinCertified InstructorAnuj SoniCertified InstructorAlissa TorresCertified InstructorDr. Johannes UllrichSenoir InstructorJake WilliamsCertified InstructorEvening Bonus SessionsTake advantage of these extra evening presentationsand add more value to your training. Learn more on page 11.Why Your Incident Response Plan Sucks And What To Do About It – Jake WilliamsComplete App Pwnage with multi-POST XSRF – Adrien de BeaupreDLP FAIL!!! Using Encoding, Steganography, and Covert Channelsto Evade DLP and Other Critical Controls– Kevin FiscusUnder the Dome with Windows 10 – Alissa TorresBe sure to register and pay by Feb 10th for a 400 tuition discount!Courses-at-a-GlanceMON TUE WED THU4-4 4-5 4-6 4-7SEC401 Security Essentials Bootcamp StylePage 2SEC503 Intrusion Detection In-DepthPage 3SEC511 Continuous Monitoring and Security OperationsPage 4SEC560 Network Penetration Testing and Ethical Hacking NEW!Page 5SEC562 CyberCity Hands-on Kinetic Cyber Range ExercisePage 6FOR508 Advanced Digital Forensics and Incident ResponsePage 7FOR578 Cyber Threat Intelligence NEW!Page 8FOR610 REM: Malware Analysis Tools and TechniquesPage 9DEV522 Defending Web Applications Security EssentialsPage 10Register today for SANS Reston eJoin the conversation:#SANSReston
Build Your Best CareerWITHAdd anOnDemand Bundle & GIAC Certification Attemptto your course within seven daysof this event for just 659 each.SpecialPricingOnDemand BundleFour months of supplemental online review24/7 online access to your course lectures, materials, quizzes, and labsSubject-matter expert support to help you increase your retention ofcourse material“The course content and OnDemand delivery method haveboth exceeded my expectations.”-Robert Jones, Team Jones, Inc.GIAC CertificationDistinguish yourself as an information security leader30 GIAC certifications to choose fromTwo practice exams includedFour months of access to complete the attempt“GIAC is the only certification that proves you havehands-on technical skills.”-Christina Ford, Department of CommerceMORE rg*GIAC and OnDemand Bundles are only available for certain courses.1
SEC401:Security Essentials Bootcamp StyleSix-Day ProgramMon, Apr 4 - Sat, Apr 99:00am - 7:00pm (Days 1-5)9:00am - 5:00pm (Day 6)Laptop Required46 CPEsInstructor: Dr. Eric ColeGIAC Cert: GSECSTI Master’s ProgramCyber GuardianDoDD 8570OnDemand BundleWho Should Attend S ecurity professionals whowant to fill the gaps in theirunderstanding of technicalinformation security M anagers who want tounderstand informationsecurity beyond simpleterminology and concepts O perations personnel who donot have security as theirprimary job function butneed an understanding ofsecurity to be effective I T engineers and supervisorswho need to know how tobuild a defensible networkagainst attacks“ Eric did an awesome jobexplaining Diffie-Hellmankey exchange, and overall,it was the best quality ofinstruction ever!”-Kevin K, U.S. ArmyLearn the most effective steps to prevent attacks and detectadversaries with actionable techniques that you can directly applywhen you get back to work. Learn tips and tricks from the expertsso that you can win the battle against the wide range of cyberadversaries that want to harm your environment.Learn to build a security roadmap that can scale today and into the future.SEC401: Security Essentials Bootcamp Style is focused on teachingyou the essential information security skills and techniques you needto protect and secure your organization’s critical information assetsand business systems. This course will show you how to prevent yourorganization’s security problems from being headline news in the WallStreet Journal!Prevention is Ideal but Detection is a Must.With the advanced persistent threat, it is almost inevitable thatorganizations will be targeted. Whether the attacker is successful inpenetrating an organization’s network depends on the effectivenessof the organization’s defense. Defending against attacks is an ongoingchallenge, with new threats emerging all of the time,including the next generation of threats. Organizationsneed to understand what really works in cybersecurity.What has worked, and will always work, is taking agiac.orgrisk-based approach to cyber defense. Before yourorganization spends a dollar of its IT budget or allocatesany resources or time to anything in the name ofcybersecurity, three questions must be answered:What is the risk?Is it the highest priority risk?What is the most cost-effective way to reduce the risk?sans.eduSecurity is all about making sure you focus on the rightareas of defense. In SEC401 you will learn the languagesans.org/cyber-guardianand underlying theory of computer and informationsecurity. You will gain the essential and effective securityknowledge you’ll need if you are given the responsibilityfor securing systems and/or organizations. This coursesans.org/8570meets both of the key promises SANS makes to ourstudents: (1) You will learn up-to-the-minute skills you canput into practice immediately upon returning to work;and (2) You will be taught by the best security instructors WITH THIS COURSEin the industry.sans.org/ondemandDr. Eric Cole SANS Faculty FellowDr. Cole is an industry-recognized security expert with over 20 years of hands-on experience.Dr. Cole currently performs leading-edge security consulting and works in research anddevelopment to advance the state of the art in information systems security. Dr. Cole hasexperience in information technology with a focus on perimeter defense, secure network design,vulnerability discovery, penetration testing, and intrusion detection systems. He has a master’s degree in computerscience from NYIT and a doctorate from Pace University with a concentration in information security. Dr. Cole is theauthor of several books, including Hackers Beware, Hiding in Plain Site, Network Security Bible, and Insider Threat. Heis the inventor of over 20 patents and is a researcher, writer, and speaker. He is also a member of the Commissionon Cybersecurity for the 44th President and several executive advisory boards. Dr. Cole is founder of Secure AnchorConsulting, where he provides state-of-the-art security services and expert witness work. He also served as CTO ofMcAfee and Chief Scientist for Lockheed Martin. Dr. Cole is actively involved with the SANS Technology Institute (STI)and SANS, working with students, teaching, and maintaining and developing courseware. @drericcole2Register at sans.org/reston-2016 301-654-SANS (7267)
SEC503:Intrusion Detection In-DepthSix-Day ProgramMon, Apr 4 - Sat, Apr 99:00am - 5:00pm36 CPEsLaptop RequiredInstructor: Kevin FiscusGIAC Cert: GCIASTI Master’s ProgramCyber GuardianDoDD 8570OnDemand BundleReports of prominent organizationsWho Should Attendbeing hacked and suffering irreparable Intrusion detection analysts (all levels)reputational damage have become all Network engineerstoo common. How can you prevent your System, security, and networkcompany from becoming the next victimadministratorsof a major cyber attack? Hands-on security managersSEC503: Intrusion Detection In-Depthdelivers the technical knowledge, insight, and hands-on training youneed to defend your network with confidence. You will learn aboutthe underlying theory of TCP/IP and the most used applicationprotocols, such as HTTP, so that you can intelligently examine networktraffic for signs of an intrusion. You will get plenty of practice learningto configure and master different open-source tools like tcpdump,Wireshark, Snort, Bro, and many more. Daily hands-on exercisessuitable for all experience levels reinforce the course book material sothat you can transfer knowledge to execution. Basic exercises includeassistive hints while advanced options provide a more challengingexperience for students who may already know the material or whohave quickly mastered new material. In addition, most exercisesinclude an “extra credit” stumper question intended tochallenge even the most advanced student.“ The material waspresented in a way thatfacilitates understandingrather than justmemorization.”-Edward Dunnahoe,CRIF Lending Solutions“ Excellent exposure andtraining for all skill levels.Thanks for the in-depthanalysis combined withreal-life scenarios.”-Art Mason, Rackspace ISOCIndustry expert Mike Poor has created a VMwaredistribution, Packetrix, specifically for this course. Asthe name implies, Packetrix contains many of the tricksof the trade to perform packet and traffic analysis. It issupplemented with demonstration “pcaps,” which arefiles that contain network traffic. This allows students tofollow along on their laptops with the class material anddemonstrations. The pcaps also provide a good libraryof network traffic to use when reviewing the material,especially for certification.giac.orgsans.eduPreserving the security of your site in today’s threatenvironment is more challenging than ever before. Thesans.org/security landscape is continually changing from what was cyber-guardianonce only perimeter protection to protecting exposedand mobile systems that are almost always connectedand often vulnerable. Security-savvy employees who canhelp detect and prevent intrusions are therefore in greatsans.org/8570demand. Our goal in SEC503: Intrusion Detection InDepth is to acquaint you with the core knowledge, tools,and techniques to defend your networks. The trainingwill prepare you to put your new skills and knowledge to WITH THIS COURSEwork immediately upon returning to a live environment. sans.org/ondemandKevin FiscusSANS Certified InstructorKevin Fiscus is the founder of and lead consultant for Cyber Defense Advisors where heperforms security and risk assessments, vulnerability and penetration testing, security programdesign, policy development and security awareness with a focus on serving the needs of smalland mid-sized organizations. Kevin has over 20 years of IT experience and has focused exclusively for the past 12years on information security. Kevin currently holds the CISA, GPEN, GREM, GMOB, GCED, GCFA-Gold, GCIA-Gold, GCIH,GAWN, GPPA, GCWN, GCSC-Gold, GSEC, SCSA, RCSE, and SnortCP certifications and is proud to have earned the topinformation security certification in the industry, the GIAC Security Expert. Kevin has also achieved the distinctive titleof SANS Cyber Guardian for both red team and blue team. @kevinbfiscusFor course updates, prerequisites, special notes, or laptop requirements, visit sans.org/reston-2016/courses3
SEC511:Continuous Monitoring andSecurity OperationsSix-Day ProgramMon, Apr 4 - Sat, Apr 99:00am - 7:00pm (Days 1-5)9:00am - 5:00pm (Day 6)Laptop Required46 CPEsLaptop RequiredInstructor: Eric ConradGIAC Cert: GMONMaster’s ProgramOnDemand Bundle“ SEC511 delivers thepractical methodologiesand granular informationthat can help bridge thecommunications gapsthat may exist betweenanalysts, engineers, andoperations.”-Patrick Nolan,Intel Security Foundstone“ SEC511 is a practicalapproach to continuesecurity monitoring usingfree and open-sourcetools either alone or inconjunction with existingtools and devices. Thiscourse is a must foranyone responsible formonitoring networks forsecurity.”-Brad Milhorn, CompuComNew in 2016hato En nce Your Skills –Extended-HoursBootcampWe continue to underestimate theWho Should Attendtenacity of our adversaries! OrganizationsSecurity architectsare investing a significant amount ofSenior security engineerstime and financial and human resourcesTechnical security managerstrying to prevent and combat cyber Security Operations Center (SOC)analystsattacks, but despite this tremendousSOC engineerseffort organizations are still gettingSOC managerscompromised. The traditional perimeterCND analystsfocused, prevention-dominant approach to Individuals working to implementsecurity architecture has failed to preventContinuous Diagnostics andintrusions. No network is impenetrable,Mitigation (CDM), Continuousa reality that business executives andSecurity Monitoring (CSM), orNetwork Security Monitoringsecurity professionals alike have to accept.(NSM)Prevention is crucial, and we can’t losesight of it as the primary goal. However, a new proactive approachto security is needed to enhance the capabilities of organizations todetect threats that will inevitably slip through their defenses.The underlying challenge for organizations victimized by an attack istimely incident detection. Industry data suggest that most securitybreaches typically go undiscovered for an average of seven months.Attackers simply have to find one way into most organizations,because they know that the lack of visibility and internal securitycontrols will then allow them to methodically carry out their missionand achieve their goals.The Defensible Security Architecture, NetworkSecurity Monitoring (NSM)/Continuous Diagnosticsand Mitigation (CDM)/Continuous Security Monitoring(CSM) taught in this course will best position yourorganization or Security Operations Center (SOC) togiac.organalyze threats and detect anomalies that could indicatecybercriminal behavior. The payoff for this new proactiveapproach is early detection of an intrusion, or successfullythwarting the efforts of attackers altogether. Thesans.eduNational Institute of Standards and Technology (NIST)developed guidelines described in NIST SP 800-137 forContinuous Monitoring (CM), and this course will greatlyincrease your understanding and enhance your skills inWITH THIS COURSEimplementing CM utilizing the NIST framework.sans.org/ondemandEric ConradSANS Senior InstructorEric Conrad is the lead author of SANS MGT414: SANS Training Program for CISSP Certification, and coauthor of both SANS SEC511: Continuous Monitoring and SecurityOperations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is alsothe lead author of the CISSP Study Guide, and the Eleventh Hour CISSP: Study Guide. Eric’s career began in 1991 asa UNIX systems administrator for a small oceanographic communications company. He gained information securityexperience in a variety of industries, including research, education, power, Internet, and healthcare. He is now CTOof Backshore Communications, a company focusing on hunt teaming, intrusion detection, incident handling, andpenetration testing. He is a graduate of the SANS Technology Institute with a master of science degree in informationsecurity engineering. In addition to the CISSP, he holds the prestigious GIAC Security Expert (GSE) certification as wellas the GIAC GPEN, GCIH, GCIA, GCFA, GAWN, and GSEC certifications. Eric also blogs about information security atwww.ericconrad.com. @eric conrad4Register at sans.org/reston-2016 301-654-SANS (7267)
SEC560:Network Penetration Testingand Ethical HackingSix-Day ProgramMon, Apr 4 - Sat, Apr 99:00am - 7:15pm (Day 1)9:00am - 5:00pm (Days 2-6)37 CPEsLaptop RequiredInstructor: Adrien de BeaupreGIAC Cert: GPENCyber GuardianSTI Master’s ProgramOnDemand BundleWho Should Attend Security personnel whose jobinvolves assessing networksand systems to find andremediate vulnerabilities Penetration testers Ethical hackers Defenders who want tobetter understand offensivemethodologies, tools, andtechniques Auditors who need to builddeeper technical skills Red and blue team members Forensics specialists whowant to better understandoffensive tactics“ This course has a directcorrelation to my jobduties. The insight, realworld references, and theuse of various tools willmake my job a lot easier.You will learn skills andways your systems arevulnerable.”-Roland T., USAFAs a cybersecurity professional, you have a unique responsibility to findand understand your organization’s vulnerabilities, and to work diligentlyto mitigate them before the bad guys pounce. Are you ready? SANSSEC560, our flagship course for penetration testing, fully arms you toaddress this task head-on.SEC560 is the must-have course for every well-rounded security professional.With comprehensive coverage of tools, techniques, and methodologiesfor network penetration testing, SEC560 truly prepares you to conducthigh-value penetration testing projects step-by-step and end-to-end.Every organization needs skilled information security personnel whocan find vulnerabilities and mitigate their effects, and this entire courseis specially designed to get you ready for that role. The course startswith proper planning, scoping and recon, then dives deep into scanning,target exploitation, password attacks, and web app manipulation, withover 30 detailed hands-on labs throughout. The course is chock fullof practical, real-world tips from some of the world’s best penetrationtesters to help you do your job safely, efficiently and masterfully.Learn the best ways to test your own systems before the bad guys attack.SEC560 is designed to get you ready to conduct a full-scale, high-valuepenetration test – and on the last day of the course you’ll do just that.After building your skills in comprehensive and challenging labs over fivedays, the course culminates with a final full-day, real-world penetrationtest scenario. You’ll conduct an end-to-end pen test, applying knowledge,tools, and principles from throughout the course as youdiscover and exploit vulnerabilities in a realistic sampletarget organization, demonstrating the knowledge you’vemastered in this course.Equipping security organizations with comprehensivepenetration testing and ethical hacking know-how.giac.orgYou will learn how to perform detailed reconnaissance,studying a target’s infrastructure by mining blogs, searchengines, social networking sites, and other Internet andsans.eduintranet infrastructures. Our hands-on labs will equip youto scan target networks using best-of-breed tools. Wewon’t just cover run-of-the-mill options and configurations,we’ll also go over the lesser known but super-usefulcapabilities of the best pen test toolsets available today.sans.org/After scanning, you’ll learn dozens of methods forcyber-guardianexploiting target systems to gain access and measurereal business risk. You’ll dive deep into post-exploitation,password attacks, and web apps, pivoting through thetarget environment to model the attacks of real-world bad WITH THIS COURSEguys to emphasize the importance of defense in depth.sans.org/ondemandAdrien de BeaupreSANS Certified InstructorAdrien de Beaupre works as an independent consultant in beautiful Ottawa, Ontario. His workexperience includes technical instruction, vulnerability assessment, penetration testing, intrusiondetection, incident response and forensic analysis. He is a member of the SANS Internet Storm Center (isc.sans.edu).He is actively involved with the information security community, and has been working with SANS since 2000. Adrienholds a variety of certifications including the GXPN, GPEN, GWAPT, GCIH, GCIA, GSEC, CISSP, OPST, and OPSA. When notgeeking out he can be found with his family, or at the dojo. @adriendbFor course updates, prerequisites, special notes, or laptop requirements, visit sans.org/reston-2016/courses5
SEC562:CyberCity Hands-on KineticCyber Range ExerciseSix-Day ProgramMon, Apr 4 - Sat, Apr 99:00am - 5:00pm36 CPEsLaptop RequiredInstructor: Tim MedinComputers, networks, and programmableWho Should Attendlogic controllers operate most of theRed and blue team membersphysical infrastructure of our modernCyber warriorsworld, ranging from electrical powerIncident handlersgrids, water systems, and traffic systemsPenetration testersall the way down to HVAC systems andEthical hackersindustrial automation. Increasingly, security Other security personnel who arefirst responders when systemsprofessionals need the skills to assess andcome under attack.defend this important infrastructure. In thisinnovative and cutting-edge course based on the SANS CyberCitykinetic range, you will learn how to analyze and assess the security ofcontrol systems and related infrastructure, finding vulnerabilities thatcould result in significant kinetic impact.“ This course is theNetWars CyberCitygreatest! I’ve taken over14 SANS training coursesand have been beenwaiting for this type ofcourse. I would like totake this course again ina few years.”-Masashi Fujiwara,Hitachi, LTD“ Tim is a great instructor,I really enjoyed the livedemos and the style ofhis teaching. He reallykeeps you engaged.”-Drew Davis, Rook SecurityNetWars CyberCity, our most in-depth and ambitious offering, isdesigned to teach warriors and infosec pros that cyber action canhave significant kinetic impact in the physical world. As computertechnology, networks, and industrial control systems permeate nearlyevery aspect of modern life, military, government, and commercialorganizations are realizing an increasing need for skilled defendersof critical infrastructure. We engineered and built CyberCity to helporganizations grow these capabilities in their teams.CyberCity is a 1:87 scale miniaturized physical city that featuresSCADA-controlled electrical power distribution, as well as water,transit, hospital, bank, retail, and residential infrastructure. CyberCityengages participants to defend the city’s components from terroristcyber attacks, as well as to utilize offensive tactics to retake ormaintain control of critical assets.The main objectives of CyberCity are to: Teach cyber warriors and their leaders the potential kinetic impacts of cyber attacks Provide a hands-on, realistic kinetic cyber range with engaging missions to conductdefensive and offensive actions Develop capabilities for defending and controlling critical infrastructure componentsto mitigate or respond to cyber attacks Demonstrate to senior leaders and planners the potential impacts of cyber attacksand cyber warfareTim MedinSANS Certified InstructorTim Medin is a senior technical analyst at Counter Hack, a company devoted to thedevelopment of information security challenges for education, evaluation, and competition.Through the course of his career, Tim has performed penetration tests on a wide range oforganizations and technologies. Prior to Counter Hack, Tim was a Senior Security Consultant for FishNet Securitywhere the majority of his focus was on penetration testing. He gained information security experience in a variety ofindustries including previous positions in control systems, higher education, financial services, and manufacturing. Timregularly contributes to the SANS Penetration Testing Blog (pen-testing.sans.org/blog/) and the Command Line Kung FuBlog (blog.commandlinekungfu.com). He is also project lead for the Laudanum Project, a collection of injectable scriptsdesigned to be used in penetration testing. @timmedin6Register at sans.org/reston-2016 301-654-SANS (7267)
FOR508:Advanced Digital Forensics andIncident ResponseSix-Day ProgramMon, Apr 4 - Sat, Apr 99:00am - 5:00pm36 CPEsLaptop RequiredInstructor: Alissa TorresGIAC Cert: GCFACyber GuardianSTI Master’s ProgramDoDD 8570OnDemand BundleFOR508: Advanced Digital Forensics andIncident Response will help you determine:H ow the breach occurred How systems were affected and compromised What attackers took or changed How to contain and mitigate the incidentOver 80% of all breach victims learn of a compromise from thirdparty notifications, not from internal security teams. Inmost cases, adversaries have been rummaging throughyour network undetected for months or even years.“ It was an extremelyvaluable course overall,and brings essentialtopics into one. Thiscourse covers an extensiveexcellent referencematerial.”-Edgar Zayas, U.S. Securitiesand Exchange Commission“ Wow! What a course,and one of the best Ihave attended in mylearning career.”-Srinath Kannan, AccentureI ncident response team leadersand members Security Operations Centerpersonnel and informationsecurity practitioners Experienced digital forensicanalysts System administrators Federal agents and lawenforcement Red team members, penetrationtesters, and exploit developers SANS FOR408 and SEC504graduatesDAY 0: A 3-letter government agencycontacts you to say critical informationwas stolen through a targeted attack onyour organization. They won’t tell how theyknow, but they identify several breachedsystems within your enterprise. An advancedpersistent threat adversary, aka an APT, islikely involved – the most sophisticated threat you are likely to face inyour efforts to defend your systems and data.digital-forensics.sans.orgamount of topics withWho Should AttendIncident response tactics and procedures have evolvedrapidly over the past several years. Data breaches andintrusions are growing more complex. Adversaries areno longer compromising one or two systems in yourenterprise; they are compromising hundreds. Yourteam can no longer afford antiquated incident responsetechniques that fail to properly identify compromisedsystems, provide ineffective containment of the breach,and ultimately fail to rapidly remediate the incident.This in-depth incident response course provides responders with advanced skills to hunt down, counter, andrecover from a wide range of threats within enterprisenetworks, including APT adversaries, organized crime syndicates, and hactivism. Constantly updated, FOR508 addresses today’s incidents by providing hands-on incidentresponse tactics and techniques that elite responders aresuccessfully using in real-world breach cases.GATHER YOUR INCIDENT RESPONSE TEAM –IT’S TIME TO GO s.org/8570WITH THIS COURSEsans.org/ondemandAlissa Torres SANS Certified InstructorAlissa Torres specializes in teaching advanced computer forensics and incident response. Herindustry experience includes serving in the trenches as part of the Mandiant Computer IncidentResponse Team (MCIRT) as an incident handler and working on a internal security team as adigital forensic investigator. She has extensive experience in information security, spanning government, academic, andcorporate environments and holds a Bachelors degree from the University of Virginia and a Masters from the Universityof Maryland in Information Technology. Alissa has taught at the Defense Cyber Investigations Training Academy (DCITA),delivering incident response and network basics to security professionals entering the forensics community. She haspresented at various industry conferences and numerous B-Sides events. In addition to being a GIAC Certified ForensicAnalyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT, and CTT certifications. @sibertorFor course updates, prerequisites, special notes, or laptop requirements, visit sans.org/reston-2016/courses7
FOR578:Cyber Threat IntelligenceFive-Day ProgramMon, Apr 4 - Fri, Apr 89:00am - 5:00pm30 CPEsLaptop RequiredInstructor: Jake WilliamsOnDemand BundleMake no mistake: current computer network defense and incidentresponse contain a strong element of intelligence and counterintelligencethat analysts must understand and leverage in order to defend theircomputers, networks, and proprietary data.FOR578: Cyber Threat Intelligence will help network defenders andincident responders:digital-forensics.sans.orgWho Should Attend Incident response teammembers Security Operations Centerpersonnel and informationsecurity practitioners Experienced digital forensicanalysts Federal agents and lawenforcement officials SANS FOR408, FOR572,FOR508, or FOR610graduates looking to taketheir skills to the next level“ Fantastic class! I love theway the terminology wascovered. I will be makingindex cards to ensure Ihave them memorized.”-Nate DeWitt, eBay, Inc.C onstruct and exploit threat intelligence to detect, respond, and defeat advancedpersistent threats (APTs) Fully analyze successful and unsuccessful intrusions by advanced attackers Piece together intrusion campaigns, threat actors, and nation-state organizations Manage, share, and receive intelligence on APT adversary groups Generate intelligence from their own data sources and share it accordingly Identify, extract, and leverage intelligence from APT intrusions Expand upon existing intelligence to build profiles of adversary groups Leverage intelligence to better defend against and respond to future intrusionsConventional network defenses such as intrusion detection systemsand anti-virus tools focus on the vulnerability component of risk, andtraditional incident response methodology pre-supposes a successfulintrusion. However, the evolving sophistication of computer networkintrusions has rende
Eric Conrad is the lead author of SANS MgT414: SANS Training Program for CISSP Certification, and coauthor of both SANS SEC511: Continuous Monitoring and Security Operations and SANS SEC542: Web App Penetration Testing and Ethical Hacking. He is also the lead author of the CISSP Study guide, and the Eleventh Hour CISSP: Study guide.
