CTI 2014: Collection, exploitation, and analytics of cyber threat intelligence Two challenges faced by modern security organizations are far more complementary than is often appreciated: big data collection and utility of cyber threat intelligence. Many companies already have substantial investments in one or more technologies that collect massive amounts of data engineered into "big data" solutions: Security Information and Event Management products ingest logs from servers, PCs, network devices and security controls and provide normalization, consolidation and alerting. Security Monitoring products such as vulnerability assessment, digital forensics, intrusion detection and network behavior analysis provide information on active vulnerable or compromised resources. Threat intelligence feeds provide information streams on active threats, source reputations and indicators of attack. Most of the product integration and event correlation amongst these devices is focused on compliance-oriented reporting, not situational awareness, intelligence exploitation, behavioral codification, higher-order analytics, or proactive response. There is a huge amount of hype in the IT industry around "big data" as the solution to many modern IT challenges; this hype is often manifested in the product literature of these devices, although little attention is paid to how this data can be best leveraged. SANS would like to issue a call to action for "security analytics" - tools and techniques to help experienced security managers and analysts use this flood of information to make more effective, more efficient and more timely decisions that lead to fewer successful attacks and less damage from those intrusion which successfully enable our adversaries. In order to provide resilient capabilities for mitigating risks associated with advanced targeted attacks, security analytics tools and techniques that can support or be applied to big data are necessary. In this summit, we will focus on precisely these tools, techniques, and analytics that assist network defenders in exploiting the voluminous data produced by modern security instrumentation for enhanced cyber threat intelligence collection in ways that improve overall organizational network defense. Available Courses: SEC401: Security Essentials Bootcamp Style - Stephen Sims FOR508: Advanced Computer Forensic Analysis and Incident Response - Alissa Torres FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - Jake Williams Cyber Threat Intelligence Summit
- Receive a discount of up to $400 for any full course paid for by Wednesday, December 18, 2013 - Receive a discount of up to $250 for any full course paid for by Wednesday, January 1, 2014 - No refunds available after Tuesday, February 4, 2014.