sans.org/dfirsummit Two useful disciplines are cyber threat intelligence and active cyber defense. However, there is confusion around both of these areas that leads to a perception of hype and cost instead of vital tools for defenders to use. In the case of threat intelligence, many security companies have offered a range of threat intelligence products and feeds but there is confusion in the community as a whole as to how to maximize the value out threat intelligence. With active defense, there has been an attempt to brand this strategy as a hack-back or otherwise offense based practice whereas the strategy for an active defense has existed long before the word ‘cyber’ and is focused around practices such as incident response. This presentation will examine the current state of cyber threat intelligence and active cyber defense as well as provide strategies for leveraging proven cyber intelligence models within active cyber defense operations Speakers: Robert M. Lee (@robertmlee), Author & Instructor, SANS Institute Robert M. Lee is a SANS Certified Instructor and the course author of SANS ICS515: Active Defense and Incident Response and the co-author of SANS FOR578: Cyber Threat Intelligence. Robert is also CEO of Dragos Security, a non-resident National Cyber Security Fellow at New America focusing on policy issues relating to the cybersecurity of critical infrastructure, and a PhD candidate at Kings College London. For his research and focus areas, he was named one of Passcode’s Influencers and awarded EnergySec’s 2015 Cyber Security Professional of the Year. Robert obtained [More]