Learn real-world skills from real-world cyber security practitioners. View upcoming Live Online Events.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Explainable Threat Intelligence: Moving Beyond "Black Box" Threat Convictions

  • Tuesday, March 31, 2020 at 10:30 AM EDT (2020-03-31 14:30:00 UTC)
  • Please Check Back


  • Reversing Labs

You can now attend the webcast using your mobile device!



Bridging the Gap between Human Analysts and Machine Learning Classifications

The cyberthreat landscape has outpaced our ability to detect and respond manuallyhence more and more security solutions are leveraging todays compute capacity to automate analysis through techniques like machine learning. Sounds good, right! However, most machine learning-powered classifications are NOT designed for the humans who need to act on this information. They are often black box technologies with outputs lacking sufficient context to be actionable. Theres a presumption the analysts will trust these conclusions and somehow push forward. But this puts these individuals in even more stressful situations where they are obliged to either react blindly and face the consequences, or do their own research which is time consuming and often highly specialized. This just exacerbates the security skills gaps and efforts to retain these professionals.

What if todays security analysts had access to the most timely and relevant threat intelligence, in a consumable easy to understand manner that was interpretable, verifiable, and explainable?

Join our webinar as we examine the next generation of explainable threat intelligence solutions and how ReversingLabs has taken a fresh look at machine learning classification.

In this session, well discuss:

  • How contemporary malware is challenging security teams, and why destructive object insights are so relevant;
  • How new explainable machine learning models are improving analyst malware knowledge and SOC productivity over time;
  • How the concept of transparency and being able to defend a classification decision is empowering the SOC team and facilitating cross functional collaboration;
  • How this new threat intelligence integrates to existing environments (e.g. SIEM, SOAR) and maps to common attack frameworks (MITRE ATT&CK).

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.