SANS Cyber Threat Intelligence Summit
Generated by GPT-5-miniExpansion Funnel Raw 134 → Dedup 0 → NER 0 → Enqueued 0
| SANS Cyber Threat Intelligence Summit | |
|---|---|
| Name | SANS Cyber Threat Intelligence Summit |
| Status | Active |
| Genre | Cybersecurity conference |
| Frequency | Annual |
| Venue | Varies |
| Country | United States |
| First | 2010s |
| Organizer | SANS Institute |
SANS Cyber Threat Intelligence Summit The SANS Cyber Threat Intelligence Summit is an annual professional gathering focused on cyber threat intelligence, digital forensics, incident response, threat hunting and security operations. It brings together practitioners, analysts, and leaders from organizations such as National Security Agency, Federal Bureau of Investigation, Department of Homeland Security, Bank of America, Microsoft, and Google to share operational tradecraft, strategic analysis, and tooling. Sessions commonly intersect with standards and frameworks like STIX, TAXII, MITRE ATT&CK, NIST, and ISO/IEC 27001, fostering collaboration between vendor communities, government entities, and academic labs.
Overview
The Summit centers on actionable intelligence, melding tactical indicators from VirusTotal, MISP, and AlienVault with analytic methodologies promoted by SANS Institute, CERT/CC, ENISA, and FIRST. Attendees include analysts from CrowdStrike, FireEye (Mandiant), Palo Alto Networks, Symantec (NortonLifeLock), Trend Micro, and Kaspersky Lab as well as representatives from Citigroup, JPMorgan Chase, Goldman Sachs, Accenture, and Deloitte. Panels often reference historic campaigns attributed to groups such as Fancy Bear, Lazarus Group, APT28, APT29, and Equation Group while leveraging research from labs at MIT, Stanford University, Carnegie Mellon University, Georgia Tech, and Oxford University.
History and Development
The Summit emerged in the 2010s amid rising public awareness of incidents like Stuxnet, WannaCry, and NotPetya, and incorporated lessons from investigations by Kaspersky Lab, Symantec, ESET, and CrowdStrike. Early editions reflected shifting priorities after disclosures by Edward Snowden and normative guidance from NIST Cybersecurity Framework and EU NIS Directive, drawing speakers from NSA Cybersecurity Directorate, UK National Cyber Security Centre, Australian Cyber Security Centre, and Canadian Centre for Cyber Security. Over time the program expanded to include threat intelligence sharing initiatives such as Information Sharing and Analysis Center chapters and cooperative efforts tied to Interpol and Europol.
Conference Program and Tracks
Programming typically spans track themes including Malware Analysis, Threat Intelligence Operations, Strategic Intelligence, Threat Hunting, and Intelligence-led Red Teaming, with sessions referencing tools like YARA, Volatility, Wireshark, Metasploit Framework, and Cuckoo Sandbox. Tracks often integrate case studies on incidents involving SolarWinds hack, Colonial Pipeline ransomware attack, Microsoft Exchange Server vulnerabilities, and supply-chain attacks examined by SolarWinds, FireEye (Mandiant), and Microsoft Threat Intelligence Center. Workshops address analytic tradecraft influenced by publications from SANS Institute, GCHQ, RAND Corporation, Center for Strategic and International Studies, and Brookings Institution.
Keynote Speakers and Notable Presentations
Keynotes have featured leaders from SANS Institute, senior officials from National Security Agency, executives from CrowdStrike, Mandiant, Microsoft, and influential academics from MIT, Harvard University, and Princeton University. Notable presentations have unpacked operations attributed to Cozy Bear, Sandworm, Charming Kitten, and Turla while detailing detection and attribution approaches used by MITRE, VirusTotal Intelligence, Cisco Talos, Google Project Zero, and IBM X-Force. Plenary sessions have highlighted policy implications intersecting with Wassenaar Arrangement discussions, Budapest Convention on Cybercrime, and public-private partnerships modeled after Critical Infrastructure Protection programs.
Training, Workshops, and Certification Opportunities
The Summit complements SANS training courses and GIAC certifications such as GIAC Cyber Threat Intelligence (GCTI), GIAC Reverse Engineering Malware (GREM), and GIAC Cyber Threat Hunter (GCTH), with hands-on labs using platforms from Splunk, Elastic (Elasticsearch), TheHive Project, Cortex XSOAR, and Sigma project. Workshops have delivered practical skills in malware reverse engineering with instruction from exponents associated with REcon, Black Hat USA, DEF CON, and RSA Conference, while tabletop exercises simulate incident response coordination familiar to teams at US-CERT, CERT-EU, NCSC UK and multinational corporations like Siemens and Boeing.
Community Impact and Industry Partnerships
The Summit has catalyzed partnerships between the SANS Institute and organizations such as FIRST, MISP Project, ODNI, CISA, and private sector players including AT&T Cybersecurity, Verizon, CrowdStrike, and Palo Alto Networks. Outcomes include enhanced threat sharing, standardization efforts around STIX/TAXII, and contributions to open projects like MISP and YARA rules repositories used by security operations centers across Fortune 100 firms and critical infrastructure operators such as PG&E and ExxonMobil.
Attendance, Locations, and Logistics
Typically held in major conference hubs including Las Vegas, Washington, D.C., San Diego, and Austin, Texas, the Summit attracts security practitioners from financial services, healthcare institutions like Mayo Clinic and Kaiser Permanente, and government delegations from agencies including Department of Defense, FBI Cyber Division, and State Department cyber offices. Registration tiers accommodate professionals pursuing SANS courses and GIAC exams, with event schedules coordinated alongside flagship conferences such as Black Hat USA and RSA Conference to facilitate speaker and vendor participation.
Category:Computer security conferences