Visibility is critical to the realm of cybersecurity. Cloud based applications and data storage, along with IoT and smart devices, are expanding the attack surface and creating more blind spots for adversaries to target. Criminals and nation state actors continue to innovate and up their level of sophistication in order to leverage these blind spots, forcing organizations into a reactive security posture. However, defenders can move from this reactive stance into a more proactive one through the practice of threat hunting actively seeking to discover malicious activity for which passive detection systems do not have signatures. Threat hunting takes many forms and names, one of which is proactive DFIR. By combining proven practices with proper tools, organizations can achieve the continuous, real-time visibility required to protect their critical assets.
Join SANS Principal Instructor, Alissa Torres, and Fidelis MDR Threat Hunter who share threat hunting techniques for defending the cyber terrain from the zero-day threats of tomorrow.
The webinar will help you uncover:
- State of the threat landscape
- Importance of endpoint forensics in threat hunting
- How to obtain endpoint visibility
- Installed Software & CVE Correlation
- Endpoint investigation & forensics
- Responding to threats with custom and built-in scripts
Justin Swisher is a Threat Hunter at Fidelis Security. Building on more than twelve years of IT security experience with an emphasis in network security architecture and monitoring, Mr. Swisher has worked to develop new techniques to improve detection and threat hunting. After spending four years with the Air Force as an intelligence analyst, Mr. Swisher brought those analytical skills to leading cybersecurity vendors in an effort to improve network security detection and response.
Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.