This presentation examines a Cyber Threat Intel (CTI) team designed to integrate seamlessly with Incident Response (IR) and Security Operation Center (SOC) teams based on real world experiences from Mandiant’s Advanced Practices team. CTI provides organizations with context needed to understand adversaries, their tactics, and the industry or assets they target. Attendees will gain insight to help develop a CTI function of value to frontline defenders.

Key insights:

• Action: Identify intel directly enhancing IR and SOC operations
• Structure: Outline CTI team roles & skills needed to support frontline operations
• Insights: Translate data into actionable intel 
• Integration: Embed workflows & outputs into IR playbooks and SOC alert triage
• Peril: Lessons from 15+ years of frontline CTI support

Attendee takeaways:

• A CTI team blueprint, purpose-built for frontline operations
• Methods to ensure output is timely, relevant, and actionable
• Seamless frontline services integration strategies
• Benefit from years of frontline CTI support experience

Ideal Audience: Security leads, CTI managers, SOC analysts & incident responders interested in maximizing CTI value