Join us at the Rocky Mountain Hackfest, Live Online!! Virtual summit and courses take place June 4-13.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right.Once you register, you can download the presentaion slides below.

Intelligent Intelligence: Secrets to Threat Intel Success

  • Tuesday, January 12, 2016 at 3:00 PM EST (2016-01-12 20:00:00 UTC)
  • David Bianco

You can now attend the webcast using your mobile device!



Those of us tasked with defending networks are lucky to live in a time when there is so much information floating around about our adversaries, their goals, techniques and tools. The sheer amount of information thats readily available, though, can present a problem of its own: overload. From reports to indicator feeds to samples of malicious files, theres just so much raw data available that its often not clear which pieces will have the most impact on our ability to resist our adversaries. Using them all indiscriminately leads to piles of ignored alerts, swamped analysts and undetected attacks. However, by making smart choices about which pieces of information we use, we can both reduce the burden on the defender and increase the cost of the adversarys attacks, making it harder for them to operate against us. Join us to hear about a smarter, goal-driven approach to using threat intelligence intelligently as we discuss Secrets to Threat Intel Success.

Learn more about secrets to threat intel success at the upcoming CTI Summit in Alexandria, VA February 3-4, 2016.

The fourth annual Cyber Threat Intelligence Summit brings experienced intelligence practitioners together - onstage and off - to feature contemporary theories, research, and tradecraft divided along tactical, operational, and strategic levels. By adopting this format change, with exciting keynotes to usher in each of the three sections, we hope to better frame the summit content so participants can immediately see where in their organizations each of the tools, methodologies, and processes can be applied as soon as they are back in the office.

  • Decrease your adversary's likelihood of success with each subsequent attempt.
  • Ensure your security programs are up-to-date to outsmart sophisticated attacks.
  • Obtain accurate and timely information to monitor new and evolving attacks.
  • Utilize this information to detect and ultimately avoid a security breach.

Speaker Bio

David Bianco

Before coming to work as a Security Technologist and researcher at Sqrrl, David led the hunt team at Mandiant and FireEye, helping to develop and prototype innovative approaches to detect and respond to network attacks. Prior to that, he spent five years helping to build an intel-driven detection & response program for a Fortune 5 company, where. he set detection strategies for a network of nearly 500 NSM sensors in over 160 countries and led response efforts for some of the company's the most critical incidents.

David stays active in the community, speaking and writing on the subjects of Incident Detection & Response, Threat Intelligence and Security Analytics. He is also a member of the MLSec Project ( You can follow him on Twitter as @DavidJBianco or subscribe to his blog, "Enterprise Detection & Response" (

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.