3.3 CTI Lifecycle

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

4 hours 30 minutes
Video Transcription
Hello, everyone. I hope your cabinet now someday welcome back to introduction to Sever Tread Intelligence. Today we're gonna be given the right closure to the cyber threat Intelligence life cycle. So what are we waiting for? Let's start.
Okay. Doing a quick review, we already discussed the direction and collection pace. We did a little pass over the collection face to took a little more into detail about the information sources from where cyber Threat intelligence can be obtained. And right now we're off to the next face processing
record. The future has a definition that I find really accurate for the process in face and estates that processing is the transformation of collected information into a format
usable by the organization. Almost over. Data collector needs to be processed in some manner, whether by humans or machines. This part is very important because all the information collected has to have the same format in order to be correlated by the tool of your choice.
In these face, the automation is king, especially for information that comes in a raw form. It
such as information from parents, social media and else
and disciple Trade intelligence perspective recorded future defines
analyses as a human process that turns process information into intelligence that cannon firm decisions
depending on the circumstance, the decisions might involve whether to investigate a potential trap,
what actions to take immediately to block an attack,
how to strengthen the security controls or how much investment in addition securities Resource is, is justified. This part is come complimentary of the process face, Since now it's up to the analysis to the analysts to review all the information off Tain
on, decide which information should goto which unit
and in what form this is done. Depending on all the requirements that units provide at the beginning and the feedback recollected for the last run of the life cycle,
analysts mother must have a clear understanding off who is going to be using their intelligence at what decision those people make. Sometimes a big challenge for the cyber tracked intelligence analyst is the communication off information to not technical parties
tow. Avoid problems with these Harris they're apart. Generated must be concise. Ah, one page memo or a handful of slight. It shouldn't be complicated, and he should be easy to understand.
Also, it needs to avoid confusing on overly technical terms
when working in cyber security. On at least, I used to explain old technical meanings in technical words, but sometimes different. They forget that the audience will not always understand the technical language, so they should be translated into more simple words
in order to the audience to understand them. Also,
each you're articulating issues in the business terms such as direct and indirect costs and impacts on reputations
and last but not least, include a recommended curse off actions. Recorded future also makes a very important information, and it is that not all intelligence needs to be digested for being a formal report.
So successful trade intelligence teams provide continual technical reporting to other security teams with external context around indicator of compromise mark where threat actors vulnerability and threat friends. This means that that the security, for example,
would prefer the information to be as technical s possible,
so it could be fed to their CME on that way, make a profit correlation according to the information they already have from the monitoring off assets. Now, the dissemination face dissemination involves getting the Finnish intelligence output to the places it needs to go,
according to recorded future girl. Five basic basic questions that you need to ask
each audience receiving disabled, traded alien serves. And those are what threat intelligence do they mean? And how can external information support their activities?
How Schulte intelligence be presented to make it easily understandable and national for that audience?
How often should we provide up these? Another information
to what media should intelligence be disseminated? And how should we follow up if they have any questions? And last but not least, it is the feedback. Face this face. Some things may be overlooked since it doesn't directly affect the overall intelligence process,
but it is very important to ensure Boston an effective cyber intelligence program.
Regular feedback is needed to make sure the requirements of each group are correctly understood on to make adjustments as their requirements and priorities change. These groups, Air units Needs will tell the cyber tracked Intel Ian's unit how all its faces need to be arena oriented
and will specify what types of data to collect, how to process and then reach the data to turning to useful information,
how to analyze the information and present it as actionable intelligence and to whom each type of intelligence must be disseminated, How quickly didn't needs to be disseminated and how fast to respond to questions
now to actually execute older cyber credit intelligence Life cycle. There some essential tools that must be in place in order to collect, process and disseminate to the intelligence life cycle and to support and accelerate the information and Alice's face
they lacked off these kind of tools will definitely make the process too slow in order to maintain it and to make it effective. Most mature, savory trailing cyber tracked intelligence groups leveraged two types of tools.
Trade the intelligent solutions that are designed to collect Process and Analects. All types of trick threat data from internal technical and human sources. And existing security tools such as CNN's and Security Analytics tools, which collect and correlate security events and look data. And
let's not forget
the human element we got. If your future in its threat until gets handbook makes a very important annotation,
human analysts are equally, if not more important, you cannot rely on tools to interview security experts and prove I'm probe close dark with firms and unit people to analyze and synthesize intelligence for the people in the secure organization and management who will consume it.
So the human element is also a very important tool to take into account.
That's how we reach the end off these video. In today's video, we could discuss the last three faces of the cyber Threat Intelligence Life cycle.
How the analysis phase provides the right intelligence to the right teams. How the dissemination on the feedback is important to guarantee the effectiveness, effectiveness and constant improvement of the procedures
and additional tools that are used to support the cyber threat, intelligence procedures and the importance of the human research along the whole life cycle.
Now, ah, seat was promised. It is time to dive into the details of how the cyber tracked intelligence unit will interact with the specific units, such as the sock unit, the I R team on so on. And so fort Ah, lot of important information is coming, so I hope you're ready for it.
Well, that's it. December tragedy tell his life cycle is over now. Thanks for sticking around, and I hope you're getting a lot of new nitwits. See you in the next video
Up Next