FOR578: Cyber Threat Intelligence

A session at SANS Security East 2017

Make no mistake: current network defense, threat hunting, and incident response practices contain a strong element of intelligence and counterintelligence that cyber analysts must understand and leverage in order to defend their networks, proprietary data, and organizations. FOR578: Cyber Threat Intelligence will help network defenders, threat hunting teams, and incident responders to: (1) Understand and develop skills in tactical, operational, and strategic level threat intelligence (2) Generate threat intelligence to detect, respond to, and defeat advanced persistent threats (APTs) (3) Validate information received from other organizations to minimize resource expenditures on bad intelligence (4) Leverage open-source intelligence to complement a security team of any size (5) Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX. The collection, classification, and exploitation of knowledge about adversaries - collectively known as cyber threat intelligence - gives network defenders information superiority that is used to reduce the adversary's likelihood of success with each subsequent intrusion attempt. Responders need accurate, timely, and detailed information to monitor new and evolving attacks, as well as methods to exploit this information to put in place an improved defensive posture. Cyber threat intelligence thus represents a force multiplier for organizations looking to update their response and detection programs to deal with increasingly sophisticated advanced persistent threats. Malware is an adversary's tool but the real threat is the human one, and cyber threat intelligence focuses on countering those flexible and persistent human threats with empowered and trained human defenders. During a targeted attack, an organization needs a top-notch and cutting-edge threat hunting or incident response team armed with the threat intelligence necessary to understand how adversaries operate and to counter the threat. FOR578: Cyber Threat Intelligence will train you and your team in the tactical, operational, and strategic level cyber threat intelligence skills and tradecraft required to make security teams better, threat hunting more accurate, incident response more effective, and organizations more aware of the evolving threat landscape.

About the speaker

This person is speaking at this event.
Jake Williams

Computer Vulnerability Analyst, former Systems Engineer bio from Twitter

Sign in to add slides, notes or videos to this session

Tell your friends!


Date Mon 9th January 2017

Short URL


Official session page


View the schedule


See something wrong?

Report an issue with this session