FOR578: Cyber Threat Intelligence

A session at SANS Baltimore Spring 2016

THERE IS NO TEACHER BUT THE ENEMY! Make no mistake: current computer network defense and incident response contain a strong element of intelligence and counterintelligence that analysts must understand and leverage in order to defend their computers, networks, and proprietary data. Conventional network defenses such as intrusion detection systems and anti-virus tools focus on the vulnerability component of risk, and traditional incident response methodology pre-supposes a successful intrusion. However, the evolving sophistication of computer network intrusions has rendered these approaches insufficient to address the threats faced by modern networked organizations. Today's adversaries accomplish their goals using advanced tools and techniques designed to circumvent most conventional computer network defense mechanisms, go undetected during the intrusion, and then remain undetected on networks over long periods of time. The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence - gives network defenders information superiority that can be used to reduce the adversary's likelihood of success with each subsequent intrusion attempt. Responders need accurate, timely, and detailed information to monitor new and evolving attacks, as well as methods to exploit this information to put in place an improved defensive posture. Threat intelligence thus represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. During a targeted attack, an organization needs a top-notch and cutting-edge incident response armed with the critical intelligence necessary to understand how adversaries operate and to combat the threat. FOR578: Cyber Threat Intelligence will train you and your team to detect, scope, and select resilient courses of action in response to such intrusions and data breaches.

About the speaker

This person is speaking at this event.
Michael Cloppert

Computer security intelligence analyst, scientist, engineer, jazz trombonist. bio from Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Date Mon 9th May 2016

Short URL


Official session page


View the schedule


See something wrong?

Report an issue with this session