5.2 Heatmap Analysis

00:01

Hello and welcome to the second video from the module campaign and the license. This lesson is about one taken accuses for campaign analysis, which he is hate map and the license.

00:12

Like we discuss it in the introduction to this module, we will be introducing the concept off heat map and the license in the cyber threat inversions.

00:21

I will be explaining how it is used and how it can be off added value to the organization.

00:28

You know that over the past few years, we've seen quite a few high profile cyber attacks. Okay, her from small businesses, so large organizations.

00:38

It's a clear for too many companies are still disorganized and am prepared. When it comes to cybersecurity,

00:45

It's no longer possible for companies to guarantee that they are completely safe against a breach, not even with the most comprehensive security measures.

00:55

It's more important than ever before to stay ahead off vulnerabilities and threats. Otherwise, you are setting yourself up to become another statistics in the world of cyber quiet.

01:07

For this reason, it's important to learn techniques and methods that will help you understand your threat, surface and adversaries, and we'll help you decide which course of action is more appropriate for your case. One of these techniques is heat map on the license,

01:23

so it starts with the finding. What is heat map on the license

01:27

in general and in cyber threat, intelligence

01:30

hit maps are basically available everywhere these days. Anywhere there's data to this place,

01:37

they are increasingly popular in scientific disciplines, where large volumes of data have to be made comprehensible.

01:45

That's because there are a great way to see through data to trance and understand what to do next. And for this reason in particular, we are using them in cyber Threat intelligence. A heat map is a graphical representation of data that can make complex data sets comprehensible and actionable.

02:02

Now hit maps are the most used tools for representing complex statistical data.

02:07

That's the secret to their success. Shorts have to be interpreted.

02:13

Tables have to be understood, but heat maps are self explanatory and intuitive.

02:19

A heat map uses a warm, too cool color spectrum to show you your intrusion. Analytics. More specifically, the colors indicate the activity level regarding each intrusion. At that

02:30

here, read means, Ah, high level and green means low lap.

02:35

In this case, you can associate the vertical Collins with different campaigns that the organization is currently working on

02:43

and the roles we represent intrusion attempts. For every month

02:46

you will have a column for the non attributed intrusions, and the more you have red areas and these columns in particular, the more intelligence gaps off and no risks through your organizations you have

03:00

the heat map on the license can tell a lot about your adversaries.

03:02

For example, a month that has a few West campaigns or intrusion attempts will be probably a holy day season for the country from where your adversaries are originated.

03:15

Heat maps are really easy to produce. I will help you identify, and I like trends. And if you are looking for a way to create your heat maps, you can use Excel spreadsheets and follow the steps. The square bit on the slides are the steps that I will follow right now.

03:31

For this example, I created an Excel spreadsheet containing samples of campaigns. Keep in mind these are not related. Tow any real case. They are just generated for this example

03:45

here. The rose represents

03:46

activities for each month,

03:50

and the Collins represents the campaigns that targeted the company.

03:55

I specifically added the pending attribution caller because it's really important.

04:03

First, all these values should be numbers to be able together. Heat Man

04:10

not to create our hit map. We first select the numbers that we choose. Conditional Fermat. Think thrown the home menu

04:19

how we choose

04:21

from red to green

04:24

where red have the highest activity level.

04:29

Then we select separately the Grand Total column

04:31

to see which month has the highest threat activity.

04:40

And as you can see for our sample, February has the highest grand total, which means the highest activity level the same as November.

04:49

And when it comes to attribution, we have the highest levels impending attribution

04:57

here in this example, it mused that we have a lot off knowledge gap, but I hope that in your analyze issue will get more reds here, which means you have more knowledge about your adversaries.

05:11

And as you can see, the lowest activity can be seen in June and August, and this is can be explained by the summer Holy days in lot of countries around the world.

05:23

This is all for this lesson that we started with a definition off hit map, and we've seen how it works. We close at the video with an example of Hit Matt Bolling using an Excel spreadsheet.

05:35

This analyzes technique is helpful to identify your knowledge gaps and understand the behavior and nature off your adversaries and overall organizations can use this method to prioritize and strategically decide their courses affections.

05:53

I hope that you enjoy this lesson