SANS CTI Summit Solutions Track 2025 | Day 1

  • Monday, 27 Jan 2025 10:30AM EST (27 Jan 2025 15:30 UTC)
  • Speaker: Douglas McKee

CTI Summit Solutions Track | 2 Full Days
-> Don't miss out on Day 2: Register here!
-> To view our full agenda, please scroll down past our list of sponsors.

As cyber threats grow in sophistication and scale, organizations must rely on actionable, contextualized Cyber Threat Intelligence (CTI) to secure operations, mitigate risks, and meet evolving business or mission objectives. Yet, CTI professionals face significant challenges, from filtering actionable insights from overwhelming volumes of data to countering rapidly evolving threat tactics like AI-driven attacks and fileless malware. Limited skilled resources, siloed systems, and the increasing sophistication of threat actors further compound the complexities of building effective CTI programs.

The CTI Summit Solutions Track 2025 will address these pressing issues. Through expert-led sessions and real-world case studies, the summit will explore solutions for overcoming common obstacles, such as integrating CTI into existing security infrastructures, ensuring timely dissemination of intelligence, and fostering collaboration through standardized frameworks. Presentations will also highlight strategies for bridging the skills gap, aligning CTI outputs with business objectives, and combating adversaries’ use of advanced automation.

Whether you are a CISO, SOC manager, threat hunter, or analyst, this summit offers the tools, knowledge, and strategies to turn CTI challenges into opportunities for a stronger, more adaptive cybersecurity posture. Join us for part one of this virtual event to learn how cutting-edge solutions and collaborative approaches transform CTI into a critical enabler of cyber resilience.

Why Register?
- Expert-led Sessions
- Flexible Attendance (Attend live or watch on your own time)
- On-Demand Access (Revisit sessions and download presentations at your convenience)
- Connect with Industry Leaders
- Build Your Professional Network
- Earn CPE Credits

470x382-Day 1_CTI-2025-Solutions-Track.jpg

Thank You to Our Summit Sponsors

CardinalOps-CMYK_transparent.pngCensys_Logo_Black_Text.pngLogo 1.10.25.pngfullcolor-logo (2).pngLOGO_FILIGRAN_COULEURS.pngFlare Logo Full Color.pngGC Security wordmark.pngBlack_GN_horizontal.pngIntel471 Logo - Transparent.pngMicrosoft_-_Transparent.pngrrr2024_long-format_horizontal_final_gradient.pngPrimary Logo - Digital (RGB).pngNEW.pngSilent Push Logo Full Color.pngSilobreaker-logo-col-1200px.pngsophos logothreatconnect-signature.pngThreatLocker_Logotype_Primary_Color.pngTidal-Horizontal-Hero-Reg.pngVMRay Logo - Dark Blue
This webinar is offered free of charge through collaboration between SANS and its sponsor(s). If you prefer not to share your registration details with sponsor(s), a recorded webinar will be available approximately 30 days after its initial release through the SANS archive. To access the recording, you will need to create a SANS account, but your information will not be shared with the sponsor(s).

Full Agenda | 10:30am - 2:30pm ET

Check out our lineup of presentations for day 1 of this event, below.

Timeline (ET)Session Details
10:30am - 10:40amEvent Kickoff & Introduction

Doug McKee, Event Chairperson & SANS Certified Instructor Candidate
10:40am - 11:15amSo you need a Threat Profile… now what?

This talk is designed to illuminate how Mandiant contextualizes Threat Profiles and provide implementation ideas on how they can be leveraged to bolster organizational security. We will discuss the strategy behind creating a Threat Profile, highlight the types of information Mandiant considers key to enable successful defender advantage, and then explain how to build a proactive strategy with the Threat Profile as the foundation.

Attendees will learn how to identify stakeholders, conceptualize business operations, identify relevant intelligence, and use this data to shape an organization's defensive posture. We will showcase some examples of how clients have used our reports to enhance their security operations.

Taylor Long, Sr. Analyst for Custom Intelligence Solutions and Research, Mandiant Intelligence at Google Cloud Security
Steven Savoldelli, Sr. Intelligence Consultant, Mandiant Intelligence at Google Cloud Security
11:15am - 11:50amOptimizing Suspicious File Triage

The 3 Questions you Should be Asking About Every Suspicious File

This session is aimed at SOC managers and other cybersecurity professionals who are responsible for convicting and contextualizing numerous suspicious files daily. We will explore various approaches and discuss the pros and cons of each method. Additionally, we will cover the associated costs in terms of time, licenses, resources, and required skills.

We will present a multi-layer triage approach to dealing with these files to optimize your SOC operations, reduce operational costs, and provide solid verdicts. Whether you examine ten files a day or over a million, please join us as we address real-world problems with best-practice solutions.

Aaron Hoffman, SOAR Architect at Reversing Labs
Stuart Phillips, Sr. Cybersecurity Marketing Strategist at Reversing Labs
11:50am - 12:25pmExposing Triad Nexus: How FUNNULL CDN Facilitates Widespread Cyber Threats

Silent Push's investigation into the FUNNULL CDN has revealed an enormous cluster of malicious infrastructure and exposed the pivotal role it plays in facilitating a wide array of cyber criminal activities, many of which are orchestrated by Chinese Triad groups. In this presentation we will cover our findings on the various criminal networks involved and how threat hunters can map them, dive into the hosting providers supporting this network, and take a peek at the retail phishing scams hosted by FUNNULL CDN that target some of the world's largest brands.

Noah Plotkin, Solutions Engineer at Silent Push
12:25pm - 12:40pmBreak Time - we'll be back in 15 min.
12:40pm - 1:15pmHow the Rebels Beat the Empire: Cyber Threat Intelligence Lessons from Star Wars

How did an advanced, persistent threat like the Galactic Empire fall to the ragtag Rebel Alliance? Why was the Empire initially unstoppable, only to be brought down in the end? In this session, we'll journey to a galaxy far, far away to learn how the answers to those questions can help threat intelligence teams more effectively contextualize, prioritize, and adapt to threats.

Dan Cole, VP of Product Marketing at ThreatConnect
1:15pm - 1:50pm Unlocking Cyber Resilience: Censys ASM + Search Solutions for Modern Threat Intelligence

Join us for an insightful session, Unlocking Cyber Resilience: Censys ASM + Search Solutions for Modern Threat Intelligence, where we’ll dive into strategies for overcoming these challenges. Discover how Censys’ Attack Surface Management (ASM) and Search Solutions empower organizations to integrate CTI into existing infrastructures, streamline intelligence dissemination, and bridge resource gaps. Through expert insights and real-world examples, this session will showcase how leveraging advanced tools and frameworks fosters collaboration, combats sophisticated adversaries, and ensures CTI programs align with your organization's strategic objectives.

This presentation is tailored for CTI professionals, security leaders, and anyone looking to enhance their organization’s cyber resilience in the face of increasingly complex threats.

Paul Lambert, Sr. Solutions Engineer at Censys
1:50pm - 2:25pm Using Customizable Vulnerability Intelligence to See Threats Faster and Act Smarter

In today’s fast-paced threat landscape, not all vulnerabilities are created equal. Effective vulnerability management requires the ability to prioritize risks intelligently, focusing on the threats most likely to impact your organization. This talk explores how customizable vulnerability intelligence can help empower teams to identify critical risks faster and make smarter decisions. By leveraging tailored insights and context-driven analysis, security professionals can focus on the most critical issues, align mitigation efforts with organizational goals, and enhance their threat response strategies. Learn how to stay ahead of attackers by defending faster and defending smarter.

Kasimir Schulz, Co-Founder at Rapid Risk Radar
2:25pm - 2:30pmEvent Recap & Closing Remarks

Doug McKee, Event Chairperson & SANS Certified Instructor Candidate