A New Approach to Threat Hunting
SANS is the most trusted and by far the largest source for information security training and security certification in the world, so we’re excited to co-host a Webinar with SANS analyst Alissa Torres on March 29th at 3:00 pm EST. The webinar will focus on a new approach to threat hunting called Forensic State Analysis.
If an attacker had a foothold in your network today, would you know it? Whether your defenses were successfully evaded or an analyst misinterpreted a critical alert, chances are the attacker has entrenched themselves for the long haul. The act of searching for these well-hidden and persistent threats is called threat hunting.
In this webcast, experienced Threat Hunters from Infocyte and SANS will discuss how to adapt Digital Forensics & Incident Response (DFIR) techniques to scalably and proactively hunt for unknown threats across an entire enterprise network. This approach is called Forensic State Analysis (FSA). Ultimately, FSA arms hunters with an effective and efficient methodology to hunt without relying solely on sophisticated security infrastructure, sensors, or big data.
Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT, and CTT+ certifications.
Chris Gerritz is a co-founder of Infocyte, a developer of endpoint threat hunting solutions focused on breach discovery and interactive network defense. Chris is a pioneer in defensive cyberspace operations having previously established and led the U.S. Air Force’s first Enterprise-scoped Hunt Team. In this role, he led a team of 28 operators and analysts tasked with finding, tracking, and neutralizing state-sponsored threats on the Air Force’s $2B, 800k node enterprise network. He personally conducted and/or oversaw 350+ adversarial hunt and rapid response missions on networks throughout the world. Chris holds a B.S. in Electrical & Computer Engineering from Oregon State University.
WEBINAR – Forensic State Analysis:
A New Approach to Threat Hunting
March 29th | 3:00pm EST
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »