4.5 CTI Role in Incident Response Part 3

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

4 hours 30 minutes
Video Transcription
good day, everyone, and we have reached the third and last part off cyber credit intelligence role in the Internet response team.
Today we're going to review the four crucial aspect that cyber tracked intelligence can provide Indian response teams to be more effective and efficient.
So let's get started
as we mentioned in the final part of the last video, therefore very important aspect of the cyber tracked intelligence can provide the ante and response team to improve its work and elevate some of their challenges.
These four aspects are comprehension, relevance, context, realization and integration.
Let's start looking more details off each one of them
to be fallible Tweens and response teams. Several credit intelligence must be capture automatically for the widest possible range of location across open sources, technical feats and it our Web.
Otherwise, analysts will be forced to conduct their own manual research to ensure nothing important has been missed. Imagine Annalise needs to know whether or not I P address has been associating with malicious activity.
If she's confident and her credit intelligence has been grown from a comprehensive French of threats sources, she can query data instantly and be sure to result will be I create.
If she isn't confident, she will have to spend time manually checking the I P addresses against several threat that a sources
this kind of intelligence can be correlated with internal network longs to reveal indicators of compromise.
If you look at the emission right, we have filter list off a specific I P address and its relation with a known threat
freak book. My wearing this case. And it gives the analogy the analysts enough information to know what kind of Freddie's being analyzed and how it has moved in the last days.
The relevance of the information provided is a really important subject, since it can save a lot of time to analyst winning the city. Alien threats.
It's impossible to avoid all false positives when working to identify and contain incidents,
but cyber threat intelligence should have incident. Response Team's quickly identify and burst false positive positives generated by security technologies such as CM and Edie. Our products
there are two categories of false positive to consider
alerts that are relevant to an organization but are inaccurate or helpful and alerts that are accurate on or interesting but Iran relevant iron relevant or the organization.
Both types have the potential to waste an enormous amount of vincey and respond analyst time.
As we discussed in the beginning of this curse, artificial intelligence and machine learning technologists are making their weight into the security world, especially advancers. Cyber trade intelligence products are now employing machine learning technology to identify and discard false positive automatically
and grow on the least attention
to the most important and most relevant intelligence.
If didn't choose your side of dread intelligence technology carefully, your team can waste a great deal of time on intelligence that it's inaccurate, outdated or irrelevant to your organization.
This is why no end organizations objective is a very important aspect of it.
I know that I can say these enough times, but context is important.
Not all threats are created equal, even among relevant red alert. Some will inevitably be more urgent and more important than the rest on alert from a single shirts could be both accurate and relevant, but it's still not particulary high priority.
This is why construct context is so important. It provides crucial clues about which alerts are most likely to be significant to the organization.
Contextual information related to an alert might include
corroboration from multiple sources that the same type of alert has been associated with recent attacks.
Confirmation that he has been associated with threat actors known to be active in your industry.
And a timeline showing did that the alert Curtis likely before or after other events linked with the attacks.
Mother Mushier Learning Narrative feature. Artificial intelligence technologies make it possible for attracting Italian solution to consider multiple sources concurrently and determine which alerts are most important to a specific organisation.
Among the most critical functions. Off a separate rating, Telia's system is the ability to integrate with a broad ranch of security tools, including CM. An Indian response tools examined alerts they generate and, most important,
determine whether each other should be dismissed or as a false positive.
It's Cordy alert according to its importance and enrich the alert with valuable extra context.
Disintegration eliminates the need for analysts to manually compare each alert to information, university security and trades intelligence tools.
Even more important, integration and automated processes can filter out a huge number of false positives without any checking by a human analyst.
The amount of time and frustration this capability saves makes it perhaps the single greatest benefit of cyber threat intelligence for insulin response teams.
Okay, now that we have gone deep into the relationship between the Indian response team and all the capabilities the saber credit intelligence provides to this unit in order to perform a more effective approach, we can answer questions like how the Secretariat intelligence processes health with the Indian response timing.
Remember, it's all about the context.
What aspect Off Indian response the cyber trenchant Ilyin provides enrichment to.
Unless how a bridge could be identified through the cyber credit until against unit,
remember that he d ce part in particular machine learning and artificial intelligence apply to solutions is a very important Allied when discussing threats and threat alerts
in today's brief lecture, we had a closure win the integration between cyber credit intelligence and Indian words poems.
We identifying multiple riel life cases on mapped out how the cyber threat intelligence capabilities could help each one of them.
Also, we could identify the essential characteristics that cyber credit until his provides to the information used in Indian response.
In the next video, we're going to move to the risk world in order to identify where December credit till years capabilities are needed and how they're integrated in such cycle.
And off we go with the INTEND Response Team,
this quest, our final video in the series. Thanks for watching.
Up Next