Time
4 hours
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:00
Hello. Hello, everyone. Welcome to another video of the introduction to Cyber tracked intelligence. This time we're going to start reviewing the incident response team capabilities and how cyber Threat intelligence can help all its tasks.
00:16
The response team is one of the most demanding teams to be part of because most of the time you have to attend an emergency in which there might not be the necessary security Contra. Lt's in place on containment because I really hard task to achieve.
00:32
James Douglas has a very accurate quote, and that is
00:36
care shouldn't start in the emergency room.
00:39
And it can be applied perfectly for these units, since Indian response is all about emergencies.
00:46
Awful security groups, Indian response teams are perhaps the most highly stressed. Among the reason for these. We can point of that. Cyber security incidents have increased constantly year by year. Well, it's difficult to be precise about the number off incidents experience by a typical organization.
01:04
There is no doubt that cyber attack volume is growing rapidly.
01:10
According to Sonny Whoa, the global volume of malware attacks increased by more than 18% in 2017 alone. Also, threats have become more complex and harder to analyze.
01:23
When an Indian a curse, security analysts are obligated to manually check and disseminate data from different sources.
01:30
Containment of attacks and eradication has become more difficult, given the complexity of the tax use Nowadays.
01:38
As a result, Indian response teams routinely operate under normals time pressure and often are unable to contain several security cyber incidents promptly.
01:49
Well, some of these growing pressure is mitigated by preventive technologies. Ah, huge additional strain is nonetheless being placed on incident Response Team's because a lot off additional factors
02:02
Indiana Response is not an entry level security function. It requires analysts who have experience in the industry and can be relied upon to perform complex operations under pressure. The amount off alerts reported by security devices overwhelmed security analysts just as much as to the soccer team.
02:22
According to the Parliament cost of Margaret Containment Report, security teams can expect to look almost 17,000 mile were alerts in a typical week. That's more than 100 alerts per hour for a team that operates 24 7
02:38
and those are only the alerts from our incidents.
02:43
Also, when you have to fuel skilled personnel and too many alerts. There's only one outcome.
02:49
The time to resolve genuine security incidents will rice,
02:53
according to an analysis of source data from a recent Bryson Data Breach investigation report. While the median time to incident detection is a fairly reasonable for hours, the median time to resolution it's more than four days.
03:10
Most organizations security groups have grown organically in parallel, which with increases in cyber risk. As a result, they have added security technologies and processes piecemeal without a strategic design in mind. Another important issue is that once an alert is flack,
03:30
even most
03:30
creation remediated and followed us quickly as possible to meaning my cyber risk.
03:38
A typical Indian response process will flow this way.
03:43
First day incident detection. Receiving alert from a, C, M, P. R or similar product
03:49
sickened. Discover,
03:51
determine what's happened and how to respond.
03:54
Third, Dratch and containment
03:58
think immediate actions to mitigate the threat and minimize the damage.
04:02
Fourth remediation repaired damage and remove infections,
04:08
and five
04:09
push to business as usual.
04:11
It means pat past the AI incident
04:14
in order to go back to our normal operations.
04:17
Notice how reactive this process is
04:21
for most organizations. Nearly all the work necessary to re mediate, and an incident is backloaded, meaning it cannot be completed until after an alert is flag. Also, this is inevitable. To some degree. It is far from ideal when Indian response teams are already struggling to result
04:41
incidents quickly enough.
04:45
So
04:46
to reduce response times, Indian Response team must become less reactive
04:51
to areas where advanced preparation can be especially helpful. Our identification of probable treads on prioritization.
05:00
If a meteor response team can identify the most commonly face traits in advance, they can develop a strong, consistent processes to cope with them.
05:11
Thes preparation dramatically reduced the time the team teats to contain in divide individual incidents prevent me steaks on freeze up analysts to cope with new and unexpected threats when they arise.
05:24
Also, not all three threats are equal.
05:29
If Intend Response teams can understand which threat vectors supposed the greatest level of race to the organization, they can allocate their time on versus accordingly.
05:41
It should be clear from our discussion so far that security technologies by themselves can do enough to reduce pressure on human analysts. Cyber threat intelligence can minimize the pressure on Intel Response team and address many of the issues. We have re bean reviewing like automatically and
05:59
identifying. And he's missing false positive alerts
06:01
and reaching alerts with real time context from across the open. And I wept,
06:08
assembling and comparing information from internal and external data sources to identify his genuine threats
06:14
and the scoring threats, according to his organization's A specific needs. An infrastructure.
06:20
In other words, save a threat. Intelligence provides intend response teams with exactly the actionable insights they need to make faster, better decisions. Why holding back the tide of irrelevant and unreliable or dirt that typically make their jobs are difficult.
06:36
So today we covered what problems the NT Andrews Bones team has to face, similar to what the sock teams deals with when talking about alert and a little bit of how the Cyber Threat Intelligence unit is supposed to help remediate these problems.
06:54
They're to keep processes the disabled Threat Intelligence unit AIDS to get done for the Indian response team, identification of probable tracks and prioritization off threats. In the next part, we will review a use case scenario to specific state
07:10
which are December trade intelligent tasks. When an incident is giving, also, we will be covering which are the essential characteristics that cyber threat intelligence provides to the information given to the Incident Response Team.
07:24
It was a pleasure to have you here. Now let's head to our next video. See you there.

Up Next

Intro to Cyber Threat Intelligence

This Cyber Threat Intelligence training introduction series will cover the main definitions and concepts related to the CTI world. Will also explain the units and organization’s areas that will interact with the CTI processes.

Instructed By

Instructor Profile Image
Melinton Navas
Threat Intelligence Manager
Instructor