Last day to get an iPad Air w/ Smart Keyboard or Pixel 4a Smartphone with 5-6 day course registration! View details.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

STAR Webcast: The Value of Commercial Threat Intelligence Sources

  • Tuesday, September 15, 2020 at 11:00 AM EST (2020-09-15 15:00:00 UTC)
  • Katie Nickels, Michel van Eeten, Xander Bouwman

You can now attend the webcast using your mobile device!



Two researchers present their peer-reviewed paper on commercial threat intelligence sources, published recently at USENIX Security 20. They will describe what the services of two leading vendors consist of, and find that there exists hardly any overlap between their indicator sets - even for specific threat actors - raising the question about coverage. Further, they spoke to 14 professionals who seem to be optimizing not for coverage in their selection of sources, but rather for the time spent by analysts. This session provides empirical insights into the market for commercial threat intelligence and discussion of the implications for professionals.

Speaker Bios

Katie Nickels

Katie is a SANS instructor for FOR578: Cyber Threat Intelligence and a Principal Intelligence Analyst for Red Canary. She has worked on cyber threat intelligence (CTI), network defense, and incident response for nearly a decade for the DoD, MITRE, Raytheon, and ManTech.  Katie hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at Black Hat, multiple SANS Summits, Sp4rkcon, and many other events. Katie has also served as a co-chair of the SANS CTI Summit and FIRST CTI Symposium. She was the 2018 recipient of the President's Award from the Women's Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM. You can find Katie on Twitter @LiketheCoins

Michel van Eeten

Professor Michel van Eeten is professor at Delft University of Technology and his chair focuses on the Governance of Cybersecurity. He studies the interplay between technological design and economic incentives in Internet security. His team analyses large-scale Internet measurement and incident data to identify how the markets for Internet services deal with security risks.

He has conducted empirical studies funded by NWO, the ITU, the OECD, the Department of Homeland Security, the European Commission, the Dutch National Police, the General Intelligence and Security Service, Fox-IT, banks, and various ministries within the Dutch government. Topics range from botnet mitigation, threat intelligence and abuse reporting, network measurements, information sharing, security metrics, to cybercrime markets.

Van Eeten is also a member of the Cyber Security Council, an official advisory body of the Dutch government.

Xander Bouwman

Xander is a PhD candidate at Delft University of Technology with a background in software engineering and public policy. He studies information security from a socio-technical perspective, taking an economics approach in order to understand the incentives that shape the behaviour of attackers and defenders.

His four-year doctoral research project started in 2019, with promotors Prof.dr. Michel van Eeten and Bram Klievink. Previously, he completed a BSc in Information Sciences at Utrecht University and an MSc in Complex Systems Engineering and Management at Delft University of Technology. During his studies, he gained experience with public policy through various internships. You can find Xander on Twitter @xbouwman.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.