Malicious activity triggers measurable events at almost every stage of the attack. There are multiple sensory technologies available, but collecting this data from disparate sources can often just result in the creation of a very large pool of unrelated "facts," an impenetrable noise where no signal can be found. But begin to add context to that data and you now have information. Triangulate multiple pieces of information together and you can create intelligence. When this data is integrated with external threat feeds and internal risk context into a central security analytics platform, it allows for "big picture" correlation and analysis and the detection of active, credible and significant threats that can be responded to in a timely manner. The best practices and examples of how this can be achieved will be demonstrated in this session.