Hello and welcome to the third part of the module data collection
dedicated to external data. Sources.
Threatened diligence market has exploded over the best years.
Dozens off security vendors are introduced in cyber threat intelligence and offering to help you collect aggregate and analyzed a threat. Intelligence. But what's products and service is can improve your security poster
with wide variety off options. How can you choose the most effective threat intelligence
to your needs? Another question that you need to ask is about budget. How much money do you need?
The injuries off course? That depends on the size off your organization and other factors, because most of threat intelligence is solved all subscription basis
before moving to this lessons. Main objective. I want you to learn that if you are unable to keep up with the basic best practices on standard operating procedures such as patch update cycles and if your IittIe environment is currently not awfully under your control and monitoring
at the same time, you are trying to add external threat intelligence. On top of that,
you are just adding more work and your teams will only get overwhelmed.
Let's start with the finding our learning objectives for this video. In this lesson, we will learn what are the external data collection sources? What's there right approach to select your data sources and what are the different types off external data sources?
Keep in mind that the following list is not meant to be exhaustive, but I tried to give ah global overview off what you can get from an external data source. So an external data source can be security reports from vendors or cyber security experts,
cybersecurity, blog's or articles about trending threats.
You can give these, um, from a subscription to Enersis Feet.
Muller analyzes results,
indicators off compromise such as Mallory Indicators. Compromising devices. I pay reputation, command and control indicators, et cetera.
Open source. Intelligence. We will dig more into leveraging off sent in a cyber threat intelligence context in a future video.
You can also get a tow advisories about a new vulnerabilities,
reports about new exploits, social media feeds, Yarra or ideas rules. And you can also find um, themself credentials that are available in based websites, threat actor forums or even in specific markets.
External sources can be pretty very it with many degrees off trustworthiness. These sources can provide indicators in structured data reports such as sticks, see Isra G's on XML, etcetera or structure. DHS Reports such as PDF finds
were the documents, e mails from sharing groups, et cetera.
Some of these data, particularly from vendors, may be refined with context for particular industry.
However, it's worth mentioning that you will need someone from your security team or someone with specific knowledge off your organization's threat landscape in order to determine its relevance.
What is the right approach all selecting your sources?
You will need to assess what's going toe have the greatest impact on the likelihood off that against your organization.
For example, all organizations are aware that a run somewhere that gets in the right spot can shut down the business for weeks or permanently. In some cases, this is why, on this is why being on top of it and it's considered it a priority.
No need to fully focus your efforts. All this trendy a pity that's not even interested in your industry.
In other words, if I work in education or health care sector, I should worry more about around somewhere that delivered through phishing emails sent in Sprint for a campaign like the case off you around somewhere that's hit multiple health care facilities in 2019
and on the first infection waas through phishing email
containing a weaponized. It's a Microsoft document instead of folks in my main efforts on investigating and collecting indicators on a p t. 38 the threat group that has been mostly targeting financial institutions.
So my recommendation here is you should prioritize, get in intelligence based on their relevance at that time and Evel as time goes on.
Another study case is an example. Off wannacry Attackers took advantage of a vulnerability using an exploit that was leaked at the same time, the flow was already patched by Microsoft Before the attack took place, however,
didn't prioritize this patch, which made the huge breakdown.
So here, effective threat intelligence role is to keep defenders informed off government threats by providing updates, indicators off compromise such as a new public exploits, indicators to monitor and what patches should be prioritized, et cetera
that although companies
to respond quickly and proactively face threats
now, let's move to the different types of external data sources. Globally, there are three types off external data sources. We can start with public data sources, community data sources
and private or commercial data sources. We will see each one of them in detains all their corresponding videos.
That was all for today's lesson.
Ah, we tried to explain what are the date of external later sources and when they become a priority, we also Ah. So what? What's the right approach to get external threat intelligence and the different types off external data collection sources
I hope you like of is video. And in the next video, we'll discuss the first category off external data sources, which is private collection sources. See you there.