In the DC area? Join us at the Live Event. Register here: https://www.sans.org/vendor/event/55795
Cyber threat intelligence is a staple of any mature security program. But as the market matures to include security orchestration and broader endpoint protection and response software, how is threat intelligence driving more efficient and effective security? What is the role of cyber threat intelligence in particularly mature organizations in a changing threat landscape and security market? This SANS Threat Intelligence Vendor briefing will answer these questions through invited speakers and also in showcasing current capabilities on the market. Vendor presentations will focus on case-studies and technical practitioner focused material instead.
During this event SANS will also give a presentation on changes to its highly acclaimed FOR578 - Cyber Threat Intelligence course and what the course is doing to continue to push the community forward.
Themes of the conference include:
Earn 4 CPE Credit hours for attending this webcast.
8:00am - 8:30am: Registration and Coffee Networking
8:30am - 9:15am: Welcome & Keynote FOR578 - Cyber Threat Intelligence: Updated and Moving the Community Forward
This presentation will explain the thought process behind the updates to the SANS class: FOR578 - Cyber Threat Intelligence with a focus on what is going on in the cyber threat intelligence community today and what to expect. This presentation will particularly highlight flaws in how campaign tracking is done currently and what practitioners should change to account for misinformation and issues related to collection.
Robert M. Lee - CTI Briefing Chair & SANS Course Author/Instructor
9:15am - 10:00am: Recorded Future Session
10:00am - 10:30am: Networking Break
10:30am - 11:15am: Actor Profiling in Iris, Or: How I Learned to Stop Worrying and Trust the Data
In this product walk-through session you'll learn about the impact that recent developments in privacy laws have had on threat hunting and get a look at how the DomainTools Iris Dataset can be used to power your hunting efforts on an ad-hoc basis and at scale.
Taylor Wilkes-Pierce, DomainTools
11:15am - 12:00pm: Hunting with VirusTotal Enterprise
Malware continues to be a significant threat to organizations, causing damage on its own or as the tip of the spear for compromised-credential attacks. VirusTotal Enterprise provides a set of advanced capabilities for malware-focused threat hunting and investigation. Threat researchers and analysts can use these capabilities to find and shut down new malware attacks before they cause damage. This session will walk through an end-to-end methodology for investigating a newly-discovered malware sample, beginning with a file hash, and ending with updated internal security infrastructure.
Brandon Levene, Chronicle Security
12:00pm - 12:15pm: Closing Remarks