SANS Open-Source Intelligence (OSINT) Summit & Training offers immersive cyber security courses and a free Summit!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Security Analytics Maturation Curve: Part 1 of the 3rd Annual SANS Security Analytics and Intelligence Survey

  • Wednesday, November 11, 2015 at 1:00 PM EST (2015-11-11 18:00:00 UTC)
  • Allan Thomson , James Carder, Javvad Malik, Dave Shackleford


  • AlienVault
  • DomainTools
  • LogRhythm
  • Lookingglass Cyber Solutions, Inc.
  • Anomali

You can now attend the webcast using your mobile device!



The majority of organizations investing in analytics and intelligence reported better visibility and more accurate response to actionable events, based on results of the SANS 2014 Security Analytics and Intelligence Survey published in October 2014. However, fewer than half of enterprise users of analytics feel they've achieved the appropriate level of automation and integration across their enterprises.

Have analytics and intelligence become more automated and integrated since 2014? If so, how much improvement have organizations made in connecting the dots, detecting indicators of compromise and reporting?

The SANS 2015 survey on security analytics and intelligence reveals the answers to these and other questions. Results presented in this webcast will provide a roadmap for future use of analytics and answer whether today's models are meeting the challenge of having increased amounts of data to analyze and acquire meaningful information from.

This webcast is presented in two parts.

In this webcast, Part 1 of a two-part webcast series, attendees will gain insight on the following:

  • Analytics gaining a foothold: New systems and operations covered in analytics programs this year
  • Sources of security analytics: More security analytics data from more sources and how this plays into the services model
  • State of analytics: Visibility improvements, comprehensiveness of coverage and automation of intelligence gathering and reporting
  • Measured improvements: How current implementations are improving the bottom line
  • Best practices: Tools and techniques for using analytics to discover and follow up on attacks
  • Part 2, held Thursday, November 12, 2015, will discuss how analytics needs to mature and the improvements survey respondents plan to make in the future.

    Join us for both webcasts and be among the first to receive the associated whitepaper written by Dave Shackleford.

    View the associated analyst whitepaper here.

    Speaker Bios

    Dave Shackleford

    Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

    Javvad Malik

    Javvad Malik - the man, the myth, the blogger - is a London-based IT security professional. Better known as an active blogger, event speaker and industry commentator, he is possibly best known as one of the industry's most prolific video bloggers with a signature fresh and light-hearted perspective on security. Prior to joining AlienVault as a security advocate, Javvad was a senior analyst with 451 Research, providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.

    James Carder

    James Carder, CISO and VP of LogRhythm Labs, has more than 17 years of IT security experience developing and maintaining security governance and risk strategies. At LogRhythm, he oversees both threat and vulnerability management and the Security Operations Center (SOC). Prior to joining LogRhythm, Carder was the director of Security Informatics at Mayo Clinic, where he had oversight of Threat Intelligence, Incident Response, Security Operations, and the Offensive Security groups. Carder also served as a senior manager at Mandiant, where he led professional services and incident response engagements. He holds a B.S. in computer information systems and the CISSP certification.

    Allan Thomson

    As Lookingglass Chief Technology Officer, Allan Thomson brings more than three decades of experience in technology areas such as networking and distributed IT. Prior to Lookingglass, Allan most recently served as Principal Engineer at Cisco Systems, Inc., where he led the software architecture and design of the company’s Cyber Threat Defense System and Platform Exchange Grid. He was responsible for overall systems management and security telemetry collection/aggregation, as well as distributed threat analysis/intelligence services in multi-tenant public and private cloud deployments. Prior to joining Cisco, Allan oversaw the technology growth initiatives of several start-up companies, including Airespace, where he was a Software Architect responsible for the design, development and network management/location tracking of the company’s wireless local area network (WLAN) system. Airespace was acquired in 2005 by Cisco, and Allan joined Cisco following the acquisition.

    Need Help? Visit our FAQ page or email

    Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.