OnDemand Includes 4 Months Access to Course Content - Special Offers Available Now!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Who's Using Cyberthreat Intelligence and How? Part 2: Best Practices to Improve Incident Detection and Response

  • Thursday, February 19, 2015 at 1:00 PM EST (2015-02-19 18:00:00 UTC)
  • Dave Shackleford, Will Gragido, Morey Haber, Adam Meyer


  • AlienVault
  • Arbor Networks
  • BeyondTrust
  • Carbon Black
  • SurfWatch Labs
  • Anomali

You can now attend the webcast using your mobile device!



Click here for Part I

When it comes to the use of cyberthreat intelligence, organizations are scrambling to deploy and use these capabilities, even though they don't even vaguely understand what cyberthreat intelligence is or how it ties in with their defensive and response systems. As a follow up to the SANS Analytics and Intelligence Survey, this survey was designed to define cyberthreat Intelligence, how it's used (as service, on premise, both) and whether it lives up to its promise.

This webcast is part of a two-part cyberthreat intelligence survey webcast. Part 1 will focus on defining cyberthreat intelligence and exploring the tools and standards involved in using intelligence to enhance security. This webcast will focus on using cyberthreat intelligence to improve incident detection and response.

Attend this webcast and learn:

  • Best practices in using intelligence for prevention, detection, and response
  • How to use intelligence in cloud and virtual environments

Be among the first to receive the associated whitepaper written by Dave Shackleford, with advice by Stephen Northcutt.

View the associated whitepaper.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Will Gragido

Will Gragido, director of threat intelligence for Bit9 + Carbon Black, has more than 20 years of experience in IT and information security with a focus on threat intelligence. He has had the privilege of working with some of the world's most renowned threat research and intelligence organizations, including IBM X-Force, HP DVLabs, Damballa, Cassandra Security, and RSA FirstWatch. Will frequently speaks on the topic of threat intelligence globally, and has co-authored two books: Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats and Blackhatonomics: An Inside Look at the Economics of Cybercrime.

Morey Haber

Morey Haber, Sr. Director of Product Management at Beyond Trust, has more than 20 years of IT industry experience. He joined BeyondTrust in 2012 as a part of the eEye Digital Security acquisition and currently oversees solutions for both vulnerability and privileged identity management. Morey joined eEye as the director of security engineering and was responsible for strategic business discussions and vulnerability management architectures in Fortune 500 clients. Prior to eEye, he was a development manager for Computer Associates, Inc. (CA), responsible for CAs SWAT team and management of new product beta cycles.

Adam Meyer

Adam Meyer has served in leadership positions in the defense, technology, and critical infrastructure sectors for more than 15 years, and leads the threat intelligence analyst team at SurfWatch Labs. Prior to joining SurfWatch Labs, Mr. Meyer was the Chief Information Security Officer (CISO) for the Washington Metropolitan Area Transit Authority, one of the largest public transportation systems in the United States. Preceding his role as a CISO, Mr. Meyer served as the Director of Information Assurance and Command IA Program Manager for the Naval Air Warfare Center, Naval Air Systems Command one of the Navy's premier engineering and acquisition commands.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.