4.4 CTI Role in Incident Response Part 2

00:01

Hey guys, I hope they're doing good today. We're going to continue review into interactions between an Indian response team under Cyber Threat Intelligence Unit by discussing some scenarios. So let's go.

00:17

In the last video, we discussed the theory behind the cyber threat intelligence concerts and applications to the Indian response team. And how can it make their work more effective and more time efficient?

00:29

Now

00:30

it's time to take really life scenarios and see how the actually intelligence work towards getting these case solved in a much more effective way.

00:40

So one of the first stop it sweeties cost was there reactive nous that surrounds all tnc in response processes.

00:47

Cyber threat intelligence can help into your response Teams prepare for treads in offense by providing

00:54

a comprehensive off to the picture of the threat landscape.

00:58

Information about popular tread actor tactics, techniques and procedures

01:03

highlights off industry an area specific attack trends.

01:08

You think this intelligence Indian response teams can develop and maintain strong processes for the most common in CNN and threats having peace process is available speeds up, Indian discovery creates and containment

01:23

the scope definition is a key aspect. One responding to an incidence

01:27

These will provide the Indian response team with accurate actions to contain their reported incident.

01:34

Basically, when an incident occurs, three items have to be determined.

01:40

What happened,

01:41

what the incident might mean for the organization and which action to take

01:48

such items must be analyzed with the most precision possible in order to provide an effective Indian response in these matters. Record the future mentions that cyber tracked intelligence directly helps them by

02:01

automatically dismissing false positive enabling Team to focus on Jan. In security incidents.

02:07

Enriching incidents with related information from across the open and dark Web, making it easier to determine how much of a threat they posed and how the organization might be affected.

02:22

And providing details about the threat and insights about the attacker tactics, techniques and procedures

02:28

helping the team make fast and effective containment and remediation decisions.

02:35

It's common for organizations to take a long time to realize a breach has secured.

02:39

According to the parliament 2018 coast off a data breach study organizations in the United States taken average off 196 dates to Detective Rich.

02:53

Not surprisingly, a stolen data and property assets often turn up for sale on the dark Web before direct ful owners realize what has happened.

03:02

A powerful threat. Intelligence capability can be a tremendous advantage. It can alert you to a bridge by providing early warning that your assets are exposed online and someone is offering your ***. It's for sale.

03:17

Obtaining these intelligence in real time is vital because it will enable the organization to contain the incident as quickly as possible and help you identify when and how your network was breached

03:32

at the start of their cyber threat. Intelligence journey. Some organization up for a minimal least solution such as a threat intelligence solution. Bear with a variety of free threat feats.

03:46

They might believe that this dip the toes in the water approach will many mice upfront coast

03:53

Well, these type of implementations, arms sincere and response teams with some actionable intelligence. It actually makes things worse by forcing analysts to way through bast quantities of false positives and irrelevant alerts.

04:09

To fully address the primary incision response pain points.

04:12

A secret intelligence capability must be comprehensive. Relevant contextual likes an integrated,

04:21

and we're gonna hit the past bottom. Here

04:25

you can go have some water. Remember it is important for your body or go to the bathroom or go have a good night's sleep. But not before a quick review today we identified multiple real life cases and map out how this I regret intelligence capabilities help each one of them.

04:43

We identified multiple real life cases were cyber threat. Intelligence can help by preparing, preparing processes in advance,

04:51

defining scopes and containing incidents and re mediate that exposure. And it's tolling at assets.

04:59

And lastly, how half cyber tread intelligence is not better than none, since it will create more exhaustion on the security analyst because more information is collected, but it is not being correlated until an incident is happened.

05:15

Now you can go in peace to whatever activities you have planned,