SANS Cyber Threat Intelligence Briefing 2018: Efficiency and Effectiveness Through Cyber Threat Intelligence

  • Friday, 30 Nov 2018 8:30AM EST (30 Nov 2018 13:30 UTC)
  • Speaker: NULL
In the DC area? Join us at the Live Event. Register here:

Cyber threat intelligence is a staple of any mature security program. But as the market matures to include security orchestration and broader endpoint protection and response software, how is threat intelligence driving more efficient and effective security? What is the role of cyber threat intelligence in particularly mature organizations in a changing threat landscape and security market? This SANS Threat Intelligence Vendor briefing will answer these questions through invited speakers and also in showcasing current capabilities on the market. Vendor presentations will focus on case-studies and technical practitioner focused material instead.

During this event SANS will also give a presentation on changes to its highly acclaimed FOR578 - Cyber Threat Intelligence course and what the course is doing to continue to push the community forward.

Themes of the conference include:

  • Changing intelligence requirements with a changing threat landscape
  • Informing participants on leading products and services
  • How intelligence contributes to more effective and efficient security

Earn 4 CPE Credit hours for attending this webcast.


8:00am - 8:30am: Registration and Coffee Networking

8:30am - 9:15am: Welcome & Keynote FOR578 - Cyber Threat Intelligence: Updated and Moving the Community Forward

This presentation will explain the thought process behind the updates to the SANS class: FOR578 - Cyber Threat Intelligence with a focus on what is going on in the cyber threat intelligence community today and what to expect. This presentation will particularly highlight flaws in how campaign tracking is done currently and what practitioners should change to account for misinformation and issues related to collection.

Robert M. Lee - CTI Briefing Chair & SANS Course Author/Instructor

9:15am - 10:00am: Recorded Future Session

10:00am - 10:30am: Networking Break

10:30am - 11:15am: Actor Profiling in Iris, Or: How I Learned to Stop Worrying and Trust the Data

In this product walk-through session you'll learn about the impact that recent developments in privacy laws have had on threat hunting and get a look at how the DomainTools Iris Dataset can be used to power your hunting efforts on an ad-hoc basis and at scale.

DomainTools Session

Taylor Wilkes-Pierce, DomainTools

11:15am - 12:00pm: Hunting with VirusTotal Enterprise

Malware continues to be a significant threat to organizations, causing damage on its own or as the tip of the spear for compromised-credential attacks. VirusTotal Enterprise provides a set of advanced capabilities for malware-focused threat hunting and investigation. Threat researchers and analysts can use these capabilities to find and shut down new malware attacks before they cause damage. This session will walk through an end-to-end methodology for investigating a newly-discovered malware sample, beginning with a file hash, and ending with updated internal security infrastructure.

Brandon Levene, Chronicle Security

12:00pm - 12:15pm: Closing Remarks