Now available on-demand!

Understanding adversary tactics and techniques based on real-world observations are critical to building more effective threat detection and hunting capabilities. The context provided by data sources is what enables us to make actionable decisions. Still, it is limited to what raw data inputs you consume, as well as consuming enough of the right data to be able to mitigate, remediate, and prevent future adversary activity.

However, detecting malicious events is not the final solution to thwarting adversaries. Actions need to be taken, whether they are operational (e.g., stopping a malicious process) or strategic (e.g., securing an environment to prevent the execution of malicious processes).

In this webinar, SANS and AWS Marketplace will discuss the exercise of applying MITRE’s ATT&CK Matrix to the AWS Cloud. They will also explore how to enhance threat detection and hunting in an AWS environment to maintain a strong security posture.

Register today to be among the first to receive the associated whitepaper written by SANS senior instructor and cloud security expert Dave Shackleford.

Join this webinar to understand how to:

  • apply the MITRE ATT&CK Matrix to classify and understand cloud-based techniques
  • create an effective detection strategy and uncover what data sources are required
  • break down and recognize detections by security product capabilities and data sources
  • leverage threat intel for improved detection
  • use AWS services and third-party solutions to support your threat detection and hunting strategy

Who Should Attend?

Security practitioners (Security Analysts, Security Architects, Senior Security Engineers, etc.), Cloud Security Architects, and the office of the CISO.


Dave Shackleford , SANS analyst

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Ross Warren, Specialist Solution Architect at AWS

Based in Northern Virginia, Ross Warren is a specialist solution architect at AWS with a focus on security. Prior to his work at AWS, Ross’ areas of expertise included cyber threat hunting and security operations. Ross has worked at a handful of startups and has enjoyed the transition to AWS because he can build solutions for customers with the breadth and depth of services offered by AWS.

Intro body copy here about 2018 re:Invent launches.

Register for the webinar

About AWS Marketplace:

AWS Marketplace is a digital software catalog that makes it easy to find, try, buy, deploy, and manage software that runs on AWS. AWS Marketplace has a broad and deep selection of security solutions offered by hundreds of independent software vendors, spanning infrastructure security, logging and monitoring, identity and access control, data protection, and more. These products can be integrated with AWS Services and other existing technologies, enabling you to deploy a comprehensive security architecture across your AWS and on-premises environments. Visit to learn more.

About the SANS Institute:

The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world—from auditors and network administrators, to chief information security officers—sharing the lessons they learn and jointly finding solutions to the challenges they face.

*The views and opinions of the SANS Institute and their presenter, Dave Shackleford, are their own, and do not necessarily reflect the positions of AWS.