2.2 CTI Concepts and Definitions

00:01

Good day, everybody. I hope you're having a great day. This is our third video of this curse. I hope you're enjoying them so far today. We will be covered in dis cyber threat, intelligence related concerts and definitions. And especially, what are those difference unit

00:19

that depending on the cyber securities tragedy,

00:22

how the cyber threat intelligence will interact with it?

00:26

So let's begin

00:29

first thing how the cyber threat intelligence approaches an organization. How can this adapt the new techniques and information collection for the better?

00:40

The first thing to understand

00:42

and one of the most important is to refer is that several threat intelligence cannot be treated as a cooking recipe or a one size vittel kind of thing.

00:53

That's why a cyber trade intelligence implementation may not work the same way in every organization and doing a sort of copy paste from another place. Well, most of the time be counterproductive because the resources and especially the security strategy, are different in every organization.

01:11

That's why this curse is going to focus on the relationships within thesis units on the core cyber credit intelligence, so you can go ahead and build

01:21

the exact needed cyber trench intelligence unit for your organization.

01:27

So let's review some of them.

01:30

One of the most important units that interacts with the Cyber Threat Intelligence Unit is the security operation center.

01:38

This unit is in charge off constantly monitoring all the network and security devices applications service is, and whatever you may think that needs monitoring.

01:51

Yes, you can include a free Chandi coffee maker if they are able to, and if your securities tragedy demanded

01:57

okay. But more seriously, McAfee defines a sock as a centralized function within an organization employing people processes on technology to continuously monitor and improve on organization security posture while preventing detecting, analyzing and responding

02:17

to cyber security

02:20

incidents.

02:21

Think of it as a health checker for older, important assets in your organization. Every design acid will be sending its status every given time, and it will be stored in a large database where people and technology are constantly watching correlating events

02:38

in order to confirm that everything is working right or if there is something odd going on.

02:44

So, yeah, maybe monitoring was not the only task developed by the sock in it, but because of fall of those tasks, December trade Italians Unit comes to provide a big collection of information with meaning. Let's not forget that in order for you to be more efficient, effective

03:01

and provide a quicker response to threats around on organization,

03:07

I don't side. The suck unit is the Ants Incident Response team.

03:12

Role of this unit is sort of given out. But if someone on some tool sees something odd and dangerous going on, I grew up profession and should be addressing that event, and that group is called the Incident Response Team

03:28

on. Okay,

03:29

The I R team is definitely key to mitigate some risks and respond to events as they happen or are detected by our sock unit.

03:37

But what if socked it tex a threat that we don't know about ah, threat that has not been seen before by our systems? Then why? What should we do?

03:49

Well, cyber threat intelligence is there to make that situation the least likely to happen.

03:55

For example,

03:57

if my neighbor's house is broken into, I will definitely will like to know that because the probability that my house is at risk

04:06

as well, just skyrocket.

04:10

That's when cyber threat intelligence makes it work by collecting these other neighbors cases and planning what they should do. If it will be happened to its its organization,

04:21

then we have developed their ability management.

04:26

This is not much of an actual unit, but a process in which the organization identifies measures and does something about double. There really was discovered,

04:35

but let's go to the concepts. Abdelnour ability is defined in the ice for 27,002

04:44

as

04:45

a weakness, often acid or group of facets that can be exploited by one or more threats.

04:50

So, basically is telling us that it is some weakness that could be taken advantage off to cause some harm to the organization.

05:00

But what does Manish vulnerability includes?

05:05

Well, Tom Palmer's wrote a paper for the Sense Institute, where he define vulnerability management as the process in which vulnerability in 19 are identified and the risk of this vulnerability are evaluated.

05:20

So

05:21

what this person's means is that organizations must know where there were weak spots are on. What are you going to do about it?

05:30

It is not a way to have noble their abilities but to measure which ones will have high impact under organization. And we, which one's the organization to control. If somehow it is, it was exploited by a friend.

05:45

In order to the decent instructor manner, the In Physics Institute has defined six processes that have to be performed. Tow the cycle in the vulnerability of management life cycle.

05:58

First, we start with scanning. In order to do something about a vulnerability in our systems, we must for discover all the vulnerabilities in our organizations and then start doing something about it.

06:12

This will never really be scanning. Face can be performed with multiple scanners, and it depends on the organization security strategy on choosing which one will be used.

06:21

The next step is to prioritize

06:25

the amount of vulnerabilities found in an organization system will be really high when doing this for the first time.

06:33

So one of the most important steps to do is to prioritize according to the criticality of the systems and the risk of vegetable nure ability found

06:45

so we can decide which ones must be mitigated first

06:48

following the prior irritation, it's time to assess the impact than the that the exploitation off such vulnerabilities could cost to the system and the organization in generals.

07:00

What's the prayer irritation that I said. An assessment has been done. All these, though this information will be detailed in a report that should contain the system's affected, the impact of the vulnerabilities, such systems and the remediation suggested to correct such vulnerabilities.

07:16

With this information, the 80 department can't proceed to applies those fixes in Given Maintenance Window in orderto avoid disruptive disruption of service is once the patches, configurations and fixes are in place, our verification process should start,

07:33

which not only will reviewed that the mediation were in fact applied, but to verify that the systems and service is affected are operating in a normal manner.

07:45

And then we closed a cycle by scanning again. Different vulnerabilities will arise and they hold process. Shooter Start again. This cycle is recommended to be consistent and pervy, erratically executed according to organization's resources and capabilities.

08:03

But wait a second.

08:05

We're not completely done with the bowler really subject

08:09

their thesis. Things called Seward able their abilities

08:13

that paints a whole other picture for organization and vulnerability management. Life cycles

08:18

Trend Micro defines a Sir Cyril Day vulnerability as able nor ability in a system or device that has made this close but is not yet patched.

08:28

Okay, I witness without a way to solve it.

08:33

That makes you think

08:35

if there's no patch jet, it means it's not as a spread as much Other belittle abilities, so their likelihood free to land in your perimeter is fairly low. But the chance being low doesn't mean it is hero.

08:50

So the problem cannot just be ignored. And thinking it would happen to organization wouldn't stop a fishing campaign or an opportunity the fortunate stick hacker from using it against you. Luckily, cyber Trade Intelligent has the perfect strategy to solve it,

09:05

since it focuses in getting information from all around the globe thinking things like how frets look and low levels panache are actually being taken care of to provide to provide all organizational units the information they need to ensure a greater security posture.

09:26

And that will take us to the whole risk world. The RSC in its publication the fine cyber risk as

09:35

the potential of loss or harm related to technical infrastructure or the use of technology within an organization.

09:43

Risk is calculated. Taking all those treads bull nerve led patches, security updates, firewalls, anti virus and any other thing that will influence negatively or possibly a possible compromise.

09:56

The whole subject is another curse. You can probably fight it here in Siberia as well. But our main concern is how the cyber tread intelligence will directly influence these risk result.

10:09

Hope

10:11

cannot can see t I actually

10:13

in influenced risk posture of often organization.

10:18

Could the mirror existent off city I lower its risk

10:24

by getting information about worthy attacks. Her coming? How do they look? Who is creating them, what visible durability door when he's supposed to hit the region or industry of organization?

10:37

All of that information greatly increases your chances and capabilities off. Defend yourself

10:43

and with that lower chance of being compromised

10:48

and at the same time decreasing your overall risk.

10:52

So the answer is yes. Cyber treading till idiots can do that too.

10:58

Okay,

11:00

we have some good understanding about some additional concepts now,

11:05

but the most interest part is coming.

11:09

How this suck benefits from C t. I. Besides of what we have discussed,

11:15

where in the incident responds

11:18

cyber credit, Italians introduced

11:20

How about the risk analyses

11:24

and vulnerability management?

11:26

We've reviewed the Boulder Ability management life cycle,

11:30

but we didn't mention cyber tracked intelligence in it.

11:33

And how about Syria's day vulnerabilities?

11:35

Well, all those questions can be inferred with the top is covering these beauty.

11:41

But we will get into great detail in the upcoming videos,

11:46

huh? Now you may wonder. C t ice everywhere, right? Well,

11:52

in every area

11:52

we were able to identify the role of SETI. I inordinate improve our security posture. And how can the unit benefit from having having it in its processes and procedures?

12:05

We know the data is everywhere. Information can help every organizational unit. Intelligence guy can drive to right questions to the right answers and bring our security game to a whole other level. Every single process in an organization can be beneficial. Aided from CyberTrips intelligence

12:24

with the right implementation and with the right organization nature.

12:28

This is a subject that we will be diving with much more detail in DVDs ahead

12:33

and talking about future videos. Notto Now that we know some of the different waste site, attracting Telia's may interact with different units. Let's dive into intelligence, driving security

12:46

Ah, whole new approach to cybersecurity, where the more you know, the more you're capable to learn how to defend yourself. and aimed. Your defense is the most efficient way possible.

13:01

And that's the end off another video.