Reward Yourself! Get a $400 Amazon Gift Card with OnDemand 5 or 6 Section Training - Register Today!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Turning Threat Data into Threat Intel Using Automated Analysis

  • Wednesday, October 11, 2017 at 10:30 AM EDT (2017-10-11 14:30:00 UTC)
  • Carsten Willems, Dave Shackleford


  • VMRay

You can now attend the webcast using your mobile device!



Too often, threat data is conflated with threat intelligence. Turning raw data like a feed of suspicious email attachments into actionable intelligence is a challenge for any organisation defending against determined attackers.

Join senior SANS Instructor Dave Shackleford and Carsten Willems, co-founder of VMRay to learn how automated threat analysis is the key to turning millions of raw data points into actionable intelligence. In this webcast, we'll discuss:

  • Why organizations struggle with creating actionable threat intel
  • Key considerations enterprises need to focus on when undertaking SOC and DFIR automation
  • The fundamentals of creating faster and more accurate analysis results

The webinar concludes with an interactive Q&A with our experts. CPE Credit with SANS is available to all attendees.

Speaker Bios

Dave Shackleford

Dave Shackleford, a SANS analyst, senior instructor, course author, GIAC technical director and member of the board of directors for the SANS Technology Institute, is the founder and principal consultant with Voodoo Security. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering. A VMware vExpert, Dave has extensive experience designing and configuring secure virtualized infrastructures. He previously worked as chief security officer for Configuresoft and CTO for the Center for Internet Security. Dave currently helps lead the Atlanta chapter of the Cloud Security Alliance.

Carsten Willems

Carsten Willems, Co-founder of VMRay, is the original developer of CWSandbox, one of the first commercial malware analysis tools. He is a pioneer in creating commercial software for dynamic malware analysis, and is one of the experts in this field worldwide. He achieved his Ph.D. in computer science / IT-security at the Ruhr-University of Bochum in 2013 and has more than 15 years of experience in malware research and software design. A serial entrepreneur, he has mentored many companies in IT-security related operations and regularly gives presentations at academic and industry conferences

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.