Tuesday, July 16, 2019
The days of using excel to find malicious activity are over. Breaches are only expanding in size, so incident responders need their own way of growing out of the days of using excel to hunt through mountains of data. In this workshop, you will learn how to create your own enterprise-wide hunting platform using ELK with data enrichment feeds. Additionally, creating the means of retrieving the data from the various endpoints and data sources will also be introduced and explained throughout the course. Students will deploy PowerShell scripts across a customized network environment to gather critical data necessary to respond to an incident. Once the data has been collected students will then enrich the data from both a normalization perspective as well as using visualizations to assist in finding outliers and anomalies within the data sets. This course will teach you how to not only set up an ELK server specifically geared to facilitate powerful hunting, but will also show you how to collect data efficiently from every single endpoint on your network in a very short span of time, thereby enabling you to proactively hunt on a regular basis.
Ben brings a diverse background in cybersecurity, IT, law, and law enforcement to Polito. After earning his JD from William & Mary School of Law in 2010 and providing IT and e-discovery support to law firms, Ben joined Booz Allen Hamilton as a cybersecurity consultant in 2012. While a member of Advanced Persistent Threat (APT) hunt teams assigned to commercial and federal clients, Ben sharpened his network security monitoring, forensics, incident response, malware analysis, cyber threat intelligence, and security architecture skills. He has earned the CISSP, GIAC Certified Forensic Analyst (GCFA), GIAC Web Application Penetration Tester (GWAPT), and Splunk Certified Power User certifications. Ben is a member of the Maryland bar and volunteers at a pro bono legal clinic.
Be sure to RSVP because seats are limited!
For those who are unable to attend can join via Webex. Those who attend in person will only be the ones who get Certificate of Continuing Education + Gift Certificates.
**We have recruiters attending the event, please bring your latest résumé**
We also have a 2-Day Threat Hunting with ELK Training Workshop on July 25 & 26 Learn More