Six Steps to Effective ICS Threat Hunting
Friday, November 22nd, 2019 at 1:00 PM EST
On November 22 Dragos Principal Threat Analysts Dan Gunter and Marc Seitz will be joined by Tim Conway, Technical Director – ICS and SCADA Programs at SANS, to introduce a 6-step ICS threat hunting model. They’ll demonstrate how to apply it to real-world threat hunting scenarios, pinpoint adversary behavior patterns, and stop ICS threats from going undiscovered.
What Youll Learn:
- Why proactive threat hunting is necessary for ICS cybersecurity defense
- How to complete effective threat hunting
- What adversary behavior patterns look like
- How to apply the model to real world threat hunting scenarios
- How to measure the effectiveness of threat hunts
Technical Director – ICS and SCADA programs at SANS. Responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. Formerly, the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO). Responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric. Previously, an EMS Computer Systems Engineer at NIPSCO for eight years, with responsibility over the control system servers and the supporting network infrastructure. Former Chair of the RFC CIPC, current Chair of the NERC CIP Interpretation Drafting Team, member of the NESCO advisory board, current Chair of the NERC CIPC GridEx Working Group, and Chair of the NBISE Smart Grid Cyber Security panel.
Mark coordinates industrial control system cyber test lab functions and performs ICS threat hunting services for Dragos customers.
He designs and implements innovative simulated industrial environments to provide a safe and realistic training and attack simulation experience for internal and external analysts. He also conducts onsite vulnerability assessments and threat hunting services. Marc studied Cyber Operations while at the United States Naval Academy where he was exposed to a wide variety of topics including networking, programming, legal, and cyber warfare.
Dan Gunter is a Principal Threat Analyst and discovers, analyzes and neutralizes threats inside of ICS/SCADA networks. He performs threat hunting, incident response, and malware analysis mission for the industrial community. Previously he served in a variety of Information Security roles as a Cyber Warfare Officer in the US Air Force and as a technical advisor on security and acquisition issues. Dan is a graduate of the Department of Defense’s elite Computer Network Operations Development Program (CNODP) and the Air Force Research Lab’s Advanced Course in Engineering Cyber Security Boot Camp (ACE). He has spoken at Blackhat, Shmoocon and local information security events.
Meet Dragos experts at our next eventVIEW MORE EVENTS
Want to speak with a Dragos analyst or business development representative at an upcoming event? Email us at email@example.com to schedule an appointment.
Can't wait for the next event to hear from our team?
Read our blog and the latest frontline content to satisfy your cybersecurity needs.