One Week Only! Get an iPad Air with Smart Keyboard, Surface Go, or $300 Off with OnDemand or vLive Training!


To attend this webcast, login to your SANS Account or create your Account.

Creating Understanding from Data

  • Thursday, November 9th, 2017 at 10:30 AM EST (15:30:00 UTC)
  • John Bambenek
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


We talk about threat intelligence but often people are really only referring to raw data. Organizations and the industry at large is great about producing data but tools and techniques to drill down to create understanding are lacking. This webcast will cover how to take individual observables, find patterns, and to use those patterns to create understanding about the specific adversary and their intentions. By taking and automatically processing attack data organizations see (and often discard) and run through some steps in the kill chain, it becomes possible to link disparate classes of data into a true context to see how attacks and events relate to each other and can be correlated across months and years. 

This webcast will show a few open source tools and data sets that are online and how organizations can use them in the short term to start creating tailored intelligence not just on attackers, but intelligence on the specific attackers targeting them.

To learn more on the topic, join SANS for its Cyber Threat Intelligence Summit & Training in Bethesda, MD this January. The two-day Summit features in-depth presentations by top experts and practitioners addressing specific analytical techniques and capabilities that can be utilized to generate and maintain cyber threat intelligence for your organization.

Speaker Bio

John Bambenek

John Bambenek is Manager of Threat Systems at Fidelis Cybersecurity and an incident handler with the Internet Storm Center. He has been engaged in security for 18 years researching security threats. He has participated in many incident investigations spanning the globe and runs several private intelligence groups focusing on takedowns and disruption of criminal entities.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.