The SANS Threat Intelligence Vendor briefing will educate participants on current capabilities and products available in the marketplace for satisfying their threat intelligence needs. This will be done through a focus on educating the participants what threat intelligence is, how to identify their information attack space, what internal network data and analytics help save analysts time, and how to use actionable intelligence to drive security at their organizations. During the event SANS will also give a presentation on its brand new FOR578 - Cyber Threat Intelligence course that is now officially out of BETA and already selling out at venues in the U.S. and Europe.
Join SANS on November 5, 2015, for a half day, morning breakfast briefing on this critical topic. This event will be both LIVE and SIMULCASTED.
|8:00am - 8:30am||Registration & Breakfast Networking|
|8:30am - 8:45am||Welcome & Opening Remarks |
Rob M. Lee, SANS Institute
|8:45am - 9:30am||How to Build a World-Class Threat Intelligence Capability From Scratch |
Threat intelligence is a broad subject and the natural tendency is to produce intelligence on any topic or event regardless of its applicability to the company. True success in threat intelligence depends on focusing intelligence efforts to very specific business objectives, which removes the large surface area and leaves only a challenging sliver of ultra-high value to pursue. This presentation will reveal critical concepts and practical details, where necessary, to produce a world-class threat intelligence capability from scratch.
Levi Gundert, Vice President of Threat Intelligence, RecordedFuture
|9:30am - 10:15am||Panel Discussion: Challenges Facing the Threat Intelligence Industry |
This panel will focus on insights from the expert members on what challenges face the threat intelligence industry today and how they might impact the community. Threat intelligence is an extremely useful capability but is often misunderstood and mislabeled. More so, some vendors have promised threat intelligence will serve as a silver bullet for security. This panel will focus on dispelling the hype and focusing on the value of threat intelligence.
|10:15am - 10:30am||FOR578 - Cyber Threat Intelligence: What to Expect |
This presentation will explain the thought process behind the new SANS class: FOR578 - Cyber Threat Intelligence, what went into its development, and what students can expect from taking it. The talk will present a detailed look at the course while also focusing on a few key takeaways such as the value of threat intelligence training for individuals and the role of the analyst.
Robert M. Lee, SANS Institute
|10:30am - 10:45am||Networking Break|
|10:45am - 11:30am||Presentation by ThreatConnect |
Toni Gidwani, Director of Analysis and Production, ThreatConnect
|11:30am - 12:15pm||Using Threat Intelligence in a SIEM |
Threat Intelligence needs to be incorporated into a Security Information and Event Management (SIEM) system. This presentation will discuss the requirements of a SIEM and how Threat Intelligence can be incorporated into a SIEM. Also learn about the Security Intelligence Maturity Model and how Threat Intelligence helps with the security posture of a company.
Soren G. Frederiksen, Sales Engineer, LogRhythm
|12:15pm - 12:30pm||Closing Remarks |
Robert M. Lee, SANS Institute