SANS 2018 Incident Response Survey Results


Incident responders are catching and remediating threats faster than ever, according to past SANS surveys. Much of their success can be attributed to improving technologies, such as threat intelligence—73 percent of respondents to last year's survey said they were using threat intelligence to enable more accurate investigations.

Watch this two-part webinar which releases the results from the SANS 2018 Incident Response Survey, developed by Matt Bromiley, SANS Digital Forensics and Incident Response (IR) instructor and GIAC board member. Matt will explore how integration and automation can help IR teams find efficiencies and protect their environments, including:

  • Processes and technologies that work best in responding to threats
  • Where and how intelligence, analytics, threat hunting and other new technologies fit into investigation workflow
  • Improving remediation workflow to thoroughly identify and clean impacted systems
  • Completing the loop to patch and repair vulnerabilities discovered in the investigation
  • Best ways to inform prevention systems to be on the lookout for similar threats
  • Benchmarking against past performance for continuous program improvement


Matt Bromiley is a SANS Certified Digital Forensics and Incident Response instructor, teaching Advanced Digital Forensics, Incident Response, and Threat Hunting (FOR508) and Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response (FOR572), and a GIAC Advisory Board member. He is also a principal incident response consultant at a major incident response and forensic analysis company, combining experience in digital forensics, incident response/triage and log analytics. His skills include disk, database, memory and network forensics, as well as network security monitoring. Matt has worked with clients of all types and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Andy Schmid, senior vice president of product, leads 1E's product strategy. He is responsible for 1E's go-to-market strategy including analyst relations, product marketing, product management, sales evangelism, and sales and technical enablement globally. Before joining 1E, Andy was responsible for Blue Coat's Asia Pacific/Japan product marketing team, after having led McAfee's Asia Pacific product and solution marketing team. Prior to that, Andy led Symantec's enterprise security product marketing team in the region for five years. He holds an MBA from the Australian Graduate School of Management and a bachelor's degree in computer science from the College of Higher Education in Regensburg, Germany.

Mike Stewart is the vice president of security consulting services for Fidelis Cybersecurity. He is responsible for professional services, consulting services, and the Fidelis managed detection and response (MDR) service. Mike, a retired Air Force chief, has more than three decades of experience in the information assurance and cybersecurity field. He possesses in-depth practical experience building and leading large classified security operations, facilities, personnel and resources. He has consulted with the FBI, NSA and DISA, delivering security solutions that were critical to national security. In the past 14 years, Mike has led some of the largest commercial cyber breach engagements around the globe, including organization of initial triage response and forensic support, remediation, expulsion, security engineering and security operations.

As CTO and co-founder of ThreatQuotient, Ryan Trost utilizes his 15-plus years of security experience focusing on intrusion detection and cyber intelligence to help drive thought leadership as well as innovative product discussion. As a recognized leader in the cyber industry, Ryan is a frequent speaker at industry conferences, an author and the developer of geospatial intrusion detection algorithms used to identify geolocation attack patterns. Prior to ThreatQuotient, Ryan managed several U.S. government and commercial security operations centers (SOCs) and was the senior director of security and privacy officer for a midsize healthcare company in Northern Virginia.


Watch this on demand webinar: