Time
4 hours
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:01
Hello, everyone, Welcome back to the Cyber Trades Intelligence Introduction. Cursed Today we will be diving into the information serves from where you can get your intelligence from Fertitta Collection Face.
00:13
Let's get started.
00:15
Well,
00:17
Jimmy's multiple sources off intelligence to get a complete picture of potential and actual traps.
00:23
They include internal searches like fire will and routed lows, network packet Capture tools and vulnerabilities. Can'ts.
00:31
It also includes technical sources, such a vulnerability databases and Fred that, if it's and last but not least, human sources, including traditional and social media, cybersecurity forums and blocks and dark Web forums
00:46
missing any one of these can slow down investigations and cost gaps in remediation. The debt collectors typically will be a combination off finished information such as intelligence reports from cyber security experts, inventors and raw data
01:03
like Mother were senators only credential on a base site.
01:07
Analysts should spend this little thymus possible, collecting data on as much thymus possible, evaluated and communicating, communicating tread information,
01:18
the threat feats. I want first subjects with talking about cyber Kratz intelligence as we review In the first models of this curse, people will often confused, trapped fits and will get in, We'll give them the title off Cyber Trent intelligence with when that's far away from the trip.
01:34
The correct weight to CDs is that tread feats are one of the primary information sources that type of threat intelligence will consume.
01:42
Tread fits are available in huge quantities, often for free.
01:47
Technical sources are between two rigged with existing security to acknowledges, but often contain a high proportion of false, positive and outdated results.
01:57
Another important shirts of information are the news, because although we're not going to see the most recent buffer overflow being sold by an attack rip, we certainly are going to be able to see information that we might have missed. Our daddy's not under our scope. Let's say we're in a license. Um, our sample
02:15
and we read about the same behavior
02:19
on the mall wearing 15 a country on the other side of the globe.
02:23
From that we can obtain any part in clue of where to look for more information about this threat and use our other sources to compliment information that we're looking for. The least of searches in this category are very wide. It can go from security websites to vender research blocks. Most of the time,
02:43
this information will be provided for human consumption, and Emmanuel procedures must be in place
02:47
to connecting with technical indicators and obtained the intelligence from that information,
02:53
even though it could provide useful information. Any information collected by DIESER says, my must be manually review, since we have to take into account that this information was not generated by people into cyber security field most of the time, and they may contain information misunderstood or misinterpreted
03:15
on upgrade to the standard news communication of these era is the social media,
03:21
social media? Is that gold mine? For information, you can find information about threat actors, victims, threats, everything you can imagine.
03:29
The big challenge of these serves, as we mentioned in an earlier video, is to process all this information into usable and actionable information.
03:38
There's a huge chance that the formation is not accurate or it has been modified according to the subject's opinion.
03:46
That's why, among the social media servers, information has to be correlated and validated with multiple subjects in order to get the information in the most rose tape possible.
03:57
And it is only after a disco relation that the analysis can start on the process to convert this information into information that can be used by a system
04:08
all right,
04:09
consumed by another unit.
04:11
The threat Actor firms are very valuable information. Search when investigating a specific threat, since these are deformed, is where a good part of knowledge is done.
04:21
Most of the time, this firm's involved information regarding specific coasts infection. The the latest vulnerability published some specific research used to elaborate a proof of concept or any other similar action.
04:36
This, as well as the last three searches that we have reviewed, need a manual cross reference in order to determine how this information will match with information of thing from technical sources. Although these sources will demand a high of elevated availability of resources,
04:54
the information of thing from them makes that worth it
04:58
well. The famous and mysterious dark wear. This is another place where very Balliol information can be obtained.
05:06
Most organizations will contain great. These information serves as a high risk, high reward because it's not something that you can go in and grab,
05:16
there must be a whole process in place that will most likely require require time to set up
05:24
If you're not familiar with the dark Web, this is a part of the Internet that is not indexed. This means that all it's all its resource is cannot be accessed in the traditional way. You made as specific a special set off proxies to be able to reach it.
05:41
This is where Tor Cons Hane Handy
05:44
tour short for the onion router. It is a collection of proxies that allows any user to browse anonymously through the Web,
05:54
most importantly, to provide access to the dark side of the way by allowing user to access that dot onion domains, where all these resources air found
06:05
must farms and markets that contained the most valuable information. We require a payment to get into or a reference where someone that is already a member will valued age registration.
06:18
It may sound that getting into the dark Web brings a lot of trouble and the specific procedures, but the reason this is still very valuable is because it often
06:29
it's the birthplace off most modern activities that the breach reveals and some other criminal activities.
06:35
This makes the dark Web Dysart off most threats that so moment will affect its potential victims
06:44
because of the nature of these forums. The ESPN Nash approach discos in past beedies are used here as a persona.
06:53
This persona is created in the cyber community, posing as a potential criminal
06:59
before jumping into these information. Service processes must be very well defined and mature because by any means, Joe, organizations or personnel's identity shall be conference. This will put a grace the organization overall and the people involved. That's why he's a very risky place to be.
07:18
But at the same time,
07:19
I'm very rewarding one.
07:24
Okay, Right now, we have covered the most common and valuable information sources for a separate creating Tyllesen collection process.
07:31
With these, we have a bird idea to answer questions like, Where can we obtained information necessary for gunny sanction? Let's remember that not all information must be collected. This necessary information should be aligned with the organization's objectives at a requirement that every unit put up in place
07:51
for disabled credit intelligence team.
07:54
Also, where we going to do with the information collected as mentioned before? Cyber trade intelligence can provide information to several units, and it depends on that. Units purpose today find how information is going to be treated.
08:09
This means the analyses and process face that we will be covering in the upcoming video
08:15
and what process should be l tomato
08:18
and what process must be manual to guarantee the right context for to the information collected. This is a very important step
08:26
because from this, the collection of the information collected will become much more efficient and effective. Since task that can be automated.
08:35
We'll reduce analyst time and can't put up this time to better use by an ice into manual information collected from social media firms. Anil in an else
08:48
Okay, too soon Bob in today's video with his cause, where the collection of information can be obtained from on what procedures must be in place in urgent to guarantee the right source is to be used in the right manner.
09:03
How the sources may put up a challenge for the organization, since some of them require manual processing in order to determine which ones are actually riel and which ones may not be legitimate.
09:16
What techniques should be used to gather information for searches like the dark Web where the information collected is very valuable, but it comes with a lot of race for the organization and the personally bolt
09:28
and last, what risk exists in some of these information sources. Here we can differences to Reese Times. One involves the quality of the information of time and the other, the integrity off the organization and the people collecting this information
09:46
well. In the next episode, we will be giving a closure to the cyber tracked intelligence lifecycle by finishing up with the last faces from processing the information obtained,
09:56
disseminated to the right groups. And that's a wrap up. I hope you like today's information. Let's keep the heat up by clicking next and learning about last faces in the small You see you are bitter.

Up Next

Intro to Cyber Threat Intelligence

This Cyber Threat Intelligence training introduction series will cover the main definitions and concepts related to the CTI world. Will also explain the units and organization’s areas that will interact with the CTI processes.

Instructed By

Instructor Profile Image
Melinton Navas
Threat Intelligence Manager
Instructor