SANS Threat Intelligence Vendor Briefing

  • Friday, 12 Aug 2016 9:30AM EDT (12 Aug 2016 13:30 UTC)
  • Speaker: Robert M. Lee

The SANS Threat Intelligence Vendor briefing brings together leaders in the vendor community to identify the products and capabilities empowering defenders today. This briefing's theme is \Lessons from the Field." Hear the vendor community talk about their case-studies as well as how their customers are leveraging them to place cyber defenders ahead of the offense. The flow of the briefing is simple: the presenters will educate you on what is available in the marketplace today and where their solutions fit in. The presentations are technical content and case-study focused instead of a simple marketing pitch. Learn from how some of the most cutting edge security vendors on how they and their customers are using threat intelligence to counter targeted adversaries.

Join SANS on Friday, August 12, 2016, for a half day, morning briefing on this critical topic. This event will be both LIVE and SIMULCAST.

Agenda:
Friday, August 12, 2016: Local Chicago Time (CT)
Time Event
8:30am - 8:45am Welcome & Opening Remarks
Robert M. Lee, Dragos Security
8:45am - 9:30am Out Innovate Your Adversaries

Threat intelligence can maximize your resources to help leaders and teams make better decisions. With Recorded Future, we show how you can deliver the actionable intelligence to incident response, threat hunting, vulnerability management, and SOC teams--stopping adversaries before they can compromise your systems and assets, and saving your organizations time and money.

John Wetzel, Threat Intelligence Analyst, Recorded Future
9:30am - 10:15am A Panel on What Makes $Vendor Unique

The community is fortunate to have numerous threat intelligence vendors providing insight and solutions to challenges of data collection, management, usage, and more. But sometimes it's hard to determine what makes any given vendor unique. What differentiates them from their competition? In this moderated panel the participating vendors will discuss what makes them unique with a heavy focus on how their customers are using them today. In addition, questions from the moderator and the audience will further push to identify what the vendors see as a challenge in the threat intelligence community today and how they are working to solve those challenges.

Moderator: Robert M. Lee

Panelists: John Wetzel, Threat Intelligence Analyst, Recorded Future, Jonathan Crouch, Vice President, Strategy, ThreatQuotient Guy Rosefelt, Director, Product Management, Web Application Security & Threat Intelligence, NSFOCUS

10:15am - 10:45am Networking Break
10:45am - 11:30am Adventures in Threat Intelligence: Case studies and Research to make you look smarter

After the Brexit of TI earlier this year, panic has subsided and cooler heads prevail. Now that we all agree Threat Intelligence can be a useful tool, you too can learn how to use TI like a pro. Amaze your friends and family with the cases studies and research presented for making a safer, more secure enterprise.

Guy Rosefelt, Director, Product Management, Web Application Security & Threat Intelligence, NSFOCUS

11:30am - 12:00pm Cyber Threat Intelligence: Hurricanes and Earthquakes

Organizations deal with cyber hurricanes - those attacks you can see coming - and earthquakes - those attacks that just come alive on your network - every day. This talk covers intelligence-driven security operations programs and how they can become proactive, anticipatory, and adaptive.

Security operations groups are facing a key change to how we implement cybersecurity: cyber threat intelligence (CTI) and threat intelligence management. While intelligence has been around for quite some time, the quality and quantity of CTI available to organizations, both commercial and government, is greater than it has ever been. The key, however, is to understand what CTI really is and how to best make it actionable within your environment.

Leveraging a decade of cyber threat intelligence experience to define cyber threat intelligence and intelligence-driven operations, this talk will walk through some global examples of how organizations have implemented CTI. The future of cyber security will be driven by a better understanding of the adversary, their motivation, intent, tactics, and infrastructure. The key question covered in the talk is how will organizations need to adapt to make the most use of this knowledge within security operations.

Jonathan Couch, Vice President, Strategy, ThreatQuotient

12:00pm - 12:15pm Closing Remarks
Robert M. Lee