World-class instructors teaching today's, critical cyber skills - SANS Online Training


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Tailored Intelligence for Automated Remediation: SANS Review of IntSights' Enterprise Intelligence and Mitigation Platform

  • Wednesday, May 02, 2018 at 10:30 AM EDT (2018-05-02 14:30:00 UTC)
  • Sonny Sarai, Alon Arvatz


  • IntSights

You can now attend the webcast using your mobile device!



Overworked and understaffed IT security teams are trying to integrate threat intelligence into their detection, response, and protection processes -- but not very successfully, according to the SANS 2017 SOC and CTI surveys. Respondents to both surveys also indicate they need fewer intelligence alerts and more visibility into external threats (usually found on the Dark Web) that actually matter to their enterprises. (They want to know: should they be worried or not?) They also want to utilize new intelligence to find and remove unknown vulnerabilities.

In this webcast, SANS Analyst Sonny Sarai will discuss his experience reviewing IntSights' Enterprise Threat Intelligence and Mitigation Platform, which was created specifically to address these challenges. IntSights' platform integrates customized intelligence with threat blocking and threat takedown, remediation and workflow to reduce administrators' workloads.

Attend this webcast and learn how IntSights worked under a variety of attack scenarios. As results of the review are released, attendees will also learn:

  • The six typical steps in an attack chain
  • Three newly discovered steps that adversaries execute even before conducting reconnaissance
  • How your own assets matter: the difference between tailored and generic intelligence feeds
  • The need to filter intelligence that doesn't apply to save employees from chasing leads
  • The value of counterthreat intelligence: utilizing external threat information found on the dark web and IOCs to protect your brand
  • The difference between internal threat remediation and external threat takedown
  • How remediation speed and capabilities are improved with integrated, automatic device updates 

All of the above information and more will be covered in this webcast as Sonny describes his experiences reviewing the IntSights platform under simulated attack, detection, and remediation scenarios. Those who attend this webcast will also receive access to the written review.

View the associated whitepaper here.

Speaker Bios

Sonny Sarai

Sonny Sarai, SANS GIAC Advisor, has more than 10 years' IT experience, seven of them in an information security capacity. He now works as a senior information security analyst, responsible for data governance, compliance, penetration testing, digital forensics and incident response. Sonny holds a degree in forensic investigation, specializing in computer crime. He holds a CISSP and industry-leading certifications from SANS in advanced digital forensics (GCFA), network intrusion detection (GCIA) and security essentials (GSEC). Sonny has an extensive lab dedicated to research, development and analysis, where he continually hones his skills and enhances his capabilities.

Alon Arvatz

Alon served in an elite intelligence unit in the Israel Defense Forces. While serving for three years in the most innovative and operational setting, he led and coordinated large operations in the cyber intelligence world. He also led core cyber threats discussions. Alon established Cyber School, a center providing teenagers with courses, seminars and workshops on cyber intelligence. Today, he is the co-founder and vice president of product development at IntSights. 

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.