Interactive Courses + DFIR NetWars Available During SANS Cyber Security Central in June. Save $300 thru 5/12.


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Security Analytics in Action: SANS Fourth Annual Security Analytics Survey - Part 1

  • Wednesday, December 07, 2016 at 1:00 PM EST (2016-12-07 18:00:00 UTC)
  • Travis Farral, Dave Shackleford, Matt Hathaway, Javvad Malik


  • AlienVault
  • Anomali
  • LogRhythm
  • Lookingglass Cyber Solutions, Inc.
  • Rapid7 Inc.

You can now attend the webcast using your mobile device!



Security professionals are pulling security data from all over their enterprises and beyond in an attempt to detect threats faster, according to the SANS 2015 Analytics and Intelligence Survey. In it, more than 50% of respondents derived security data from applications, firewalls/IDS and network devices, anti-malware systems, vulnerability management systems, endpoint protection systems, log managers, packet detection, SIEMs and host-based intrusion systems.

Despite these sources, organizations still lack the visibility they need to detect, scope and remediate threats in their enterprises. They need better analytics with machine learning to connect the dots and re-use internally gathered and third-party intelligence to prevent future attacks. This is the function of security analytics and intelligence.

In this webcast, attendees will learn about the following:

  • Threat events they've suffered and how they're using security analytics and intelligence to detect and respond
  • Methods of gathering, analyzing and using security analytics for prevention, detection and response
  • Automation of pattern recognition, machine learning and the importance of SIEM

This is Part 1 of a two-part webcast. The Part 2 webcast, on December 8, 2016, will focus on the improvements in risk posture associated with security analytics as well as best practices for implementing analytics programs. Click here to register for the Part 2 webcast.

Be among the first to receive the associated whitepaper written by SANS Analyst Dave Shackleford.

View the associated whitepaper here.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Travis Farral

Travis Farral is the director of security strategy for Anomali. With over 20 years of security industry experience, he has developed a strong background in threat intelligence, incident response and industrial control systems security. Previously Travis ran the Cybersecurity Intelligence & Strategic Services team at ExxonMobil and spent several years at companies such as Nokia and XTO Energy.

Matt Hathaway

Matt Hathaway is a senior manager of Solutions Marketing at Rapid7, having recently transitioned after four years in the Rapid7 Products organization. He moved to Northern Ireland to assist with the company's international expansion and drive Rapid7 Belfast office development. He is a frequent blogger about both Rapid7 products and the expatriation experience. He regularly speaks about security challenges at conferences, including Black Hat USA 2014, SOURCE Dublin 2015 and B-Sides SF 2016. Prior to joining Rapid7, Matt was a member of the Office of the CTO (OCTO) and product management teams for RSA. He has been working in fraud prevention, security and IT for 15 years.

Javvad Malik

Javvad Malik - the man, the myth, the blogger- is a London-based IT security professional. Better known as an active blogger, event speaker and industry commentator, he is possibly best known as one of the industry's most prolific video bloggers with a signature fresh and light-hearted perspective on security. Prior to joining AlienVault as a security advocate, Javvad was a senior analyst with 451 Research, providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.