Tailored Intelligence for Automated Remediation: SANS Review of IntSights\\' Enterprise Intelligence and Mitigation Platform

  • Wednesday, 02 May 2018 10:30AM EDT (02 May 2018 14:30 UTC)
  • Speakers: Sonny Sarai, Alon Arvatz

Overworked and understaffed IT security teams are trying to integrate threat intelligence into their detection, response, and protection processes -- but not very successfully, according to the SANS 2017 SOC and CTI surveys. Respondents to both surveys also indicate they need fewer intelligence alerts and more visibility into external threats (usually found on the Dark Web) that actually matter to their enterprises. (They want to know: should they be worried or not?) They also want to utilize new intelligence to find and remove unknown vulnerabilities.

In this webcast, SANS Analyst Sonny Sarai will discuss his experience reviewing IntSights' Enterprise Threat Intelligence and Mitigation Platform, which was created specifically to address these challenges. IntSights' platform integrates customized intelligence with threat blocking and threat takedown, remediation and workflow to reduce administrators' workloads.

Attend this webcast and learn how IntSights worked under a variety of attack scenarios. As results of the review are released, attendees will also learn:

  • The six typical steps in an attack chain
  • Three newly discovered steps that adversaries execute even before conducting reconnaissance
  • How your own assets matter: the difference between tailored and generic intelligence feeds
  • The need to filter intelligence that doesn't apply to save employees from chasing leads
  • The value of counter threat intelligence: utilizing external threat information found on the dark web and IOCs to protect your brand
  • The difference between internal threat remediation and external threat takedown
  • How remediation speed and capabilities are improved with integrated, automatic device updates '

All of the above information and more will be covered in this webcast as Sonny describes his experiences reviewing the IntSights platform under simulated attack, detection, and remediation scenarios. Those who attend this webcast will also receive access to the written review.

View the associated whitepaper here.