Forensic State Analysis: A New Approach to Threat Hunting
If an attacker had a foothold in your network today, would you know it?
Whether your defenses were successfully evaded or an analyst misinterpreted a critical alert, chances are the attacker has entrenched themselves for the long haul. The act of searching for these well-hidden and persistent threats is called threat hunting.
In this recorded webinar, threat hunters from the SANS Institute and Infocyte discuss how to adapt Digital Forensics & Incident Response (DFIR) techniques to scalably and proactively hunt for unknown threats across an entire enterprise network. This approach is called Forensic State Analysis (FSA). Ultimately, FSA arms hunters with an effective and efficient methodology to hunt without relying solely on sophisticated security infrastructure, sensors, or big data.
About the Speakers
Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.
Chris Gerritz is a co-founder of Infocyte, a developer of endpoint threat hunting solutions focused on breach discovery and interactive network defense. Chris is a pioneer in defensive cyberspace operations having previously established and led the U.S. Air Force's first Enterprise-scoped Hunt Team. In this roll, he led a team of 28 operators and analysts tasked with finding, tracking, and neutralizing state-sponsored threats on the Air Force's $2B, 800k node enterprise network. He personally conducted and/or oversaw 350+ adversarial hunt and rapid response missions on networks throughout the world. Chris holds a B.S. in Electrical & Computer Engineering from Oregon State University.