Last Day to Save $200 on 4-6 Day Courses at SANS Cyber Defense Initiative 2018 in Washington DC!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

SANS Threat Intelligence Vendor Briefing

  • Friday, August 12th, 2016 at 9:30 AM EDT (13:30:00 UTC)
  • Robert M. Lee
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsors

  • RecordedFuture
  • NSFOCUS
  • ThreatQuotient
  • DomainTools

You can now attend the webcast using your mobile device!

Overview

The SANS Threat Intelligence Vendor briefing brings together leaders in the vendor community to identify the products and capabilities empowering defenders today. This briefing's theme is "Lessons from the Field." Hear the vendor community talk about their case-studies as well as how their customers are leveraging them to place cyber defenders ahead of the offense. The flow of the briefing is simple: the presenters will educate you on what is available in the marketplace today and where their solutions fit in. The presentations are technical content and case-study focused instead of a simple marketing pitch. Learn from how some of the most cutting edge security vendors on how they and their customers are using threat intelligence to counter targeted adversaries.

Join SANS on Friday, August 12, 2016, for a half day, morning briefing on this critical topic. This event will be both LIVE and SIMULCAST.

Agenda:
Friday, August 12, 2016: Local Chicago Time (CT)
Time Event
8:30am - 8:45am Welcome & Opening Remarks
Robert M. Lee, Dragos Security
8:45am - 9:30am Out Innovate Your Adversaries

Threat intelligence can maximize your resources to help leaders and teams make better decisions. With Recorded Future, we show how you can deliver the actionable intelligence to incident response, threat hunting, vulnerability management, and SOC teams--stopping adversaries before they can compromise your systems and assets, and saving your organizations time and money.

John Wetzel, Threat Intelligence Analyst, Recorded Future
9:30am - 10:15am A Panel on What Makes $Vendor Unique

The community is fortunate to have numerous threat intelligence vendors providing insight and solutions to challenges of data collection, management, usage, and more. But sometimes it's hard to determine what makes any given vendor unique. What differentiates them from their competition? In this moderated panel the participating vendors will discuss what makes them unique with a heavy focus on how their customers are using them today. In addition, questions from the moderator and the audience will further push to identify what the vendors see as a challenge in the threat intelligence community today and how they are working to solve those challenges.

Moderator: Robert M. Lee

Panelists: John Wetzel, Threat Intelligence Analyst, Recorded Future, Jonathan Crouch, Vice President, Strategy, ThreatQuotient Guy Rosefelt, Director, Product Management, Web Application Security & Threat Intelligence, NSFOCUS

10:15am - 10:45am Networking Break
10:45am - 11:30am Adventures in Threat Intelligence: Case studies and Research to make you look smarter

After the Brexit of TI earlier this year, panic has subsided and cooler heads prevail. Now that we all agree Threat Intelligence can be a useful tool, you too can learn how to use TI like a pro. Amaze your friends and family with the cases studies and research presented for making a safer, more secure enterprise.

Guy Rosefelt, Director, Product Management, Web Application Security & Threat Intelligence, NSFOCUS

11:30am - 12:00pm Cyber Threat Intelligence: Hurricanes and Earthquakes

Organizations deal with cyber hurricanes - those attacks you can see coming - and earthquakes - those attacks that just come alive on your network - every day. This talk covers intelligence-driven security operations programs and how they can become proactive, anticipatory, and adaptive.

Security operations groups are facing a key change to how we implement cybersecurity: cyber threat intelligence (CTI) and threat intelligence management. While intelligence has been around for quite some time, the quality and quantity of CTI available to organizations, both commercial and government, is greater than it has ever been. The key, however, is to understand what CTI really is and how to best make it actionable within your environment.

Leveraging a decade of cyber threat intelligence experience to define cyber threat intelligence and intelligence-driven operations, this talk will walk through some global examples of how organizations have implemented CTI. The future of cyber security will be driven by a better understanding of the adversary, their motivation, intent, tactics, and infrastructure. The key question covered in the talk is how will organizations need to adapt to make the most use of this knowledge within security operations.

Jonathan Couch, Vice President, Strategy, ThreatQuotient

12:00pm - 12:15pm Closing Remarks
Robert M. Lee

Speaker Bio

Robert M. Lee

Robert M. Lee, a SANS certified instructor and author of the "ICS Active Defense and Incident Response" and "Cyber Threat Intelligence" courses, is the founder and CEO of Dragos, a critical infrastructure cyber security company, where he focuses on control system traffic analysis, incident response and threat intelligence research. He has performed defense, intelligence and attack missions in various government organizations, including the establishment of a first-of-its-kind ICS/SCADA cyber threat intelligence and intrusion analysis mission. Author of SCADA and Me and a nonresident National Cyber Security Fellow at New America, focusing on critical infrastructure cyber security policy issues, Robert was named EnergySec's 2015 Energy Sector Security Professional of the Year.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.