Cyber Skills Training at SANS New York City Winter 2018. Save $200 thru 1/24!


To attend this webcast, login to your SANS Account or create your Account.

Security Analytics Maturation Curve: Part 1 of the 3rd Annual SANS Security Analytics and Intelligence Survey

  • Wednesday, November 11th, 2015 at 1:00 PM EST (18:00:00 UTC)
  • Dave Shackleford, Javvad Malik, James Carder and Allan Thomson
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.


  • AlienVault
  • DomainTools
  • LogRhythm
  • Lookingglass Cyber Solutions, Inc.
  • Anomali

You can now attend the webcast using your mobile device!


The majority of organizations investing in analytics and intelligence reported better visibility and more accurate response to actionable events, based on results of the SANS 2014 Security Analytics and Intelligence Survey published in October 2014. However, fewer than half of enterprise users of analytics feel they've achieved the appropriate level of automation and integration across their enterprises.

Have analytics and intelligence become more automated and integrated since 2014? If so, how much improvement have organizations made in connecting the dots, detecting indicators of compromise and reporting?

The SANS 2015 survey on security analytics and intelligence reveals the answers to these and other questions. Results presented in this webcast will provide a roadmap for future use of analytics and answer whether today's models are meeting the challenge of having increased amounts of data to analyze and acquire meaningful information from.

This webcast is presented in two parts.

In this webcast, Part 1 of a two-part webcast series, attendees will gain insight on the following:

  • Analytics gaining a foothold: New systems and operations covered in analytics programs this year
  • Sources of security analytics: More security analytics data from more sources and how this plays into the services model
  • State of analytics: Visibility improvements, comprehensiveness of coverage and automation of intelligence gathering and reporting
  • Measured improvements: How current implementations are improving the bottom line
  • Best practices: Tools and techniques for using analytics to discover and follow up on attacks
  • Part 2, held Thursday, November 12, 2015, will discuss how analytics needs to mature and the improvements survey respondents plan to make in the future.

    Join us for both webcasts and be among the first to receive the associated whitepaper written by Dave Shackleford.

    View the associated analyst whitepaper here.

    Speaker Bios

    Dave Shackleford

    Dave Shackleford, a SANS analyst, instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

    Javvad Malik

    Javvad Malik - the man, the myth, the blogger - is a London-based IT security professional. Better known as an active blogger, event speaker and industry commentator, he is possibly best known as one of the industry's most prolific video bloggers with a signature fresh and light-hearted perspective on security. Prior to joining AlienVault as a security advocate, Javvad was a senior analyst with 451 Research, providing technology vendors, investors and end users with strategic advisory services, including competitive research and go-to-market positioning.

    James Carder

    James Carder, CISO and VP of LogRhythm Labs, has more than 17 years of IT security experience developing and maintaining security governance and risk strategies. At LogRhythm, he oversees both threat and vulnerability management and the Security Operations Center (SOC). Prior to joining LogRhythm, Carder was the director of Security Informatics at Mayo Clinic, where he had oversight of Threat Intelligence, Incident Response, Security Operations, and the Offensive Security groups. Carder also served as a senior manager at Mandiant, where he led professional services and incident response engagements. He holds a B.S. in computer information systems and the CISSP certification.

    Allan Thomson

    Allan Thomson, Chief Technology Officer at LookingGlass, oversees the global CTO team that supports R&D and product engineering. Allanís three decades of experience across network, security and distributed systems technologies informs his technical and architecture vision across our portfolio of solutions. Before joining LookingGlass, he served as Principal Engineer at Cisco Systems, Inc. and worked with several start-up companies.†Allan is an active member of the Organization for the Advancement of Structured Information Standards (OASIS) Cyber Threat Intelligence Technical Committee and co-chairs the Interoperability Subcommittee. He has been actively engaged in the community effort to define STIX 2.0 and TAXII 2.0 (Trusted Automated Exchange of Indicator Information).

    Need Help? Visit our FAQ page or email

    Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.