SANS Threat Intelligence Briefing

  • Thursday, 05 Nov 2015 10:30AM EST (05 Nov 2015 15:30 UTC)
  • Speaker: Robert M. Lee

The SANS Threat Intelligence Vendor briefing will educate participants on current capabilities and products available in the marketplace for satisfying their threat intelligence needs. This will be done through a focus on educating the participants what threat intelligence is, how to identify their information attack space, what internal network data and analytics help save analysts time, and how to use actionable intelligence to drive security at their organizations. During the event SANS will also give a presentation on its brand new FOR578 - Cyber Threat Intelligence course that is now officially out of BETA and already selling out at venues in the U.S. and Europe.

Join SANS on November 5, 2015, for a half day, morning breakfast briefing on this critical topic. This event will be both LIVE and SIMULCASTED.

In the Denver area? Join us at the Live Event. Register here:
Thursday, November 5, 2015
Time Event
8:00am - 8:30am Registration & Breakfast Networking
8:30am - 8:45am Welcome & Opening Remarks

Rob M. Lee, SANS Institute

8:45am - 9:30am How to Build a World-Class Threat Intelligence Capability From Scratch

Threat intelligence is a broad subject and the natural tendency is to produce intelligence on any topic or event regardless of its applicability to the company. True success in threat intelligence depends on focusing intelligence efforts to very specific business objectives, which removes the large surface area and leaves only a challenging sliver of ultra-high value to pursue. This presentation will reveal critical concepts and practical details, where necessary, to produce a world-class threat intelligence capability from scratch.

Levi Gundert, Vice President of Threat Intelligence, RecordedFuture

9:30am - 10:15am Panel Discussion: Challenges Facing the Threat Intelligence Industry

This panel will focus on insights from the expert members on what challenges face the threat intelligence industry today and how they might impact the community. Threat intelligence is an extremely useful capability but is often misunderstood and mislabeled. More so, some vendors have promised threat intelligence will serve as a silver bullet for security. This panel will focus on dispelling the hype and focusing on the value of threat intelligence.


  • Robert M. Lee, SANS Institute


  • Levi Gundert, Vice President of Threat Intelligence, RecordedFuture
  • Soren G. Frederiksen, Sales Engineer, LogRhythm
  • Toni Gidwani, Director of Analysis and Production, ThreatConnect

10:15am - 10:30am FOR578 - Cyber Threat Intelligence: What to Expect

This presentation will explain the thought process behind the new SANS class: FOR578 - Cyber Threat Intelligence, what went into its development, and what students can expect from taking it. The talk will present a detailed look at the course while also focusing on a few key takeaways such as the value of threat intelligence training for individuals and the role of the analyst.

Robert M. Lee, SANS Institute

10:30am - 10:45am Networking Break
10:45am - 11:30am Presentation by ThreatConnect

Toni Gidwani, Director of Analysis and Production, ThreatConnect

11:30am - 12:15pm Using Threat Intelligence in a SIEM

Threat Intelligence needs to be incorporated into a Security Information and Event Management (SIEM) system. This presentation will discuss the requirements of a SIEM and how Threat Intelligence can be incorporated into a SIEM. Also learn about the Security Intelligence Maturity Model and how Threat Intelligence helps with the security posture of a company.

Soren G. Frederiksen, Sales Engineer, LogRhythm

12:15pm - 12:30pm Closing Remarks

Robert M. Lee, SANS Institute