3.1 Intelligence-Driven Security and CTI Lifecycle

00:01

Hey, guys, welcome back to introduction to Savor Trades Intelligence. Today we're gonna be reviewing one of the most recent cyber security strategy for organizations, and that is the intelligence driven security.

00:15

This is the first off a series of three parts to cover this topic

00:19

with no forger introduction. Let's get right into it.

00:24

The classic book, Really, By Sun two. It's an awesome example of what intelligence is.

00:30

Every battle is won before it's ever fought.

00:34

The work of preparation, the knowledge, this strategy, everything previous to a battle is what actually counts on the field saver dressing. Jillian's is exactly that.

00:45

Nonetheless, there are a lot of misconceptions for main implementations, where cyber tracked intelligence is not well implemented and falls down into a not so productive practices and then actually makes this stuff a lot harder for organizations.

01:02

Some misconceptions are several trades. Intelligence is that is just that. If it's and pdf reports, when this is the core purpose of the city, I unit organizations often fall down to a whole larger trouble because it just means there's more information available without the right context for the organization

01:21

that result in more manual work When an incident happens as we will see in the models ahead.

01:30

Another misconception. It's that it is a research service for the Indian response teams. Disbelief somehow is more counterproductive. Since the cyber threat, intelligence analysts become just an extension off the incident response team

01:46

without adding this so needed value when attending an incident.

01:49

And last, it requires a dedicated team off a high priced elite analyst. This misconception.

01:57

It's why some organization just dropped out of having a dedicated server Trident Aliens unit when the threat is far from that,

02:07

as we're going to see in the following videos

02:10

Now, to counter these beliefs, we can state what cyber trade intelligence really is.

02:16

Save it credit intelligence you say you need. That includes information and analysis from a reach a rail sources presented in a way that it's easy to understand and use, causing a more efficient approach when managing the cyber security realm.

02:34

It is valuable for all the major teams in the cyber security organization, and that's why, in this curse we will be reviewing how every unit in this area will benefit for the presents off a cyber tracked intelligence team

02:50

and last but not least December trade. Intelligent processes can be handled and execute Lee mostly by the existing security staff, and there is no must requirement that needs to be in place. Rate is rated as a high price

03:08

justice. Most off working unit in an organization, Cyber Direct Intelligence counts with a specific life cycle. The intelligence cycle is defined by recorded future as direction collection,

03:23

processing analyses, dissemination on feedback.

03:28

This is how the classic flow of cyber credit intelligence goes. Most of the time.

03:32

This flow insures that the cyber threat intelligence activities are aligned with the organization subjective and can provide information with the require meanings.

03:43

This cycle allows all organizations to follow specific orders in its task at people. Several credit intelligence objectives allying with the organization's ones and in constant improvement,

03:55

which is one of the most important aspect that need to be taking into account in order to maintain cyber tread intelligence. Effective

04:06

most of the time, I find that graphic representation of concepts are a big difference, you know, difference trader when understanding a topic.

04:15

So hey, we're here. We have a sort of graphic flow of the cyber threat intelligence life cycle created by recorder future.

04:24

If you can notice in the upper left corner of the graphic, we have the direction face.

04:29

This represents the first step to take in a cyber threat intelligence life cycle and one of the most importance because they spark, although doesn't take much part of the graphic, it's key to review that all the subsequent social activities are lying to the organizations of deck ticks. Next,

04:47

we can find a trance versatile section where the first part to take into account our just sources off worthy information is obtained. This is a very important process, since the right surfaces are lying with the organization's objectives. Will provide us ever treat Intelligence Department the necessary information to get the most out of the next

05:08

steps

05:09

in the middle part of a graph. We have the actual cyber tracked intelligence's manpower. Here's where all the magic magic takes place. The processes of collection processing, another analysis and dissemination Sze are in charge of the cyber tracked Italians unique through its security tools and its analysts.

05:29

Lastly, the output of this face will go directly to each one of the department's They're getting benefits from the cyber tracked intelligent analysis on after the intelligence has been used. Ah, feedback is provided. So the cyber tragic millions unit no see what they are providing to these units is actually what they want to get.

05:47

Okay, now that we had a general look of the whole process, let's dive into each one of them.

05:55

The first part off Cyber tracked Intelligence Life cycle is related to the direction off almost all of its activities. This means the pattern to savor trenchant aliens unit. Most maintain, according to the organization's unit,

06:09

this face takes care of defining the goals for the Cyber Threat Intelligence program. It also validates that these girls are like with the organization goals, and this involves the information, assets and business processes that need to be protected.

06:25

The potential impacts of losing those assets are interrupting does processes

06:30

the types of threat intelligence that the security organization requires to protect assets and respond to threats

06:39

and priorities about what to protect.

06:42

So basically, this first part of the cycle will focus on defining the cyber trade, intelligent purposes. What are we trying to accomplish?

06:50

What is the organization going to use the intelligence for and what units will be using the intelligence collected and so on. And so fort, because the activities of the cyber threat intelligence are directly aimed to the resources available in the organization, is important to the fine. What

07:09

assets are going to be benefit since the beginning?

07:12

Because when a cyber threat intelligence unit is starting, its capabilities are going to be limited to what the researchers are able to do. And most likely, they won't be able to meet everyone's demands if they're too many. Next, we have the collection face, As we pointed out before the collection, Face will be in charge of obtaining

07:31

old information

07:32

available through their different sources.

07:35

Let's start by getting the actual definition of these face record. A future in its Threat Intelligence Handbook defines collection as a process of gathering information to address the most important intelligence requirements. This would take into account the purpose of this information. Once it reaches its destination,

07:56

information gathering can occur organically. Travel relative means this includes pulling metadata, unlocks from internal networks and security devices such as fire wolves, creatures and routers, subscribing to threat feet from industry organizations and say We're security benders

08:15

holding conversations and targeted interviews with no little Nolan. Knowledgeable sources.

08:22

This item will occur on the man most of the time. Sit, sit involves very specific information to be obtained.

08:30

Also it includes is canning up in search, kneels and blocks and is crabbing and Harper Stein in harvesting website firms also infiltrating close stars such as dark Web forums.

08:43

Well, all right. This video gave a very wide view of the cyber threat intelligence life cycle, and it started to poke around information sources. Right now, we have gone through the 1st 2 faced vices off the lifecycle direction and collection.

08:58

With this new polish, we have a better understanding on how the life cycle of stars

09:03

and how it must be a lang with organizations objective in order to pull that provide the intelligence needed.

09:11

With that knowledge, we're going to open a parent. This is here and head over to the information searches. This topic is crucial since desserts off the information that your cigarette dreading telling is will be analyzing should be trust and specific,

09:26

and if in any case it is not well, they had to be some additional procedures to involve in the analysis face in order to make this information trusted.

09:37

Among the certain The searches we will be discussing. We will find technical sources Such a Strat feats like domains. Hi. Bees, hatches, etcetera

09:48

Media, all the news about new threats, threat threat actors and anything that enters to our unit Social media This one will be very important to have seen. It is like really life feats of threats and actions that are happening around the world. The challenge here is that these information needs to be normalized.

10:07

See, most of the time it comes in a narrative way to be understood that humans,

10:11

but not the best, be paired two systems

10:16

protective firms. These are the forms to most off the time Attackers go to when having trouble with my hour with evading on anti virus or that sort of issues. This don't need to be heating in the dark web. They can be opening plain sight informs, like Reddit or similar

10:33

and last but not least, the gold mine, the dark, where this is one of the most important searches of information. But it is the one that consumes the most time and resources since the good information is really privilege among their users.

10:48

And there we have it. I hope this video has really hide you up in order to prove

10:54

paired to observe the ope common videos.