5.2 Heatmap Analysis

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

Video Transcription
Hello and welcome to the second video from the module campaign and the license. This lesson is about one taken accuses for campaign analysis, which he is hate map and the license.
Like we discuss it in the introduction to this module, we will be introducing the concept off heat map and the license in the cyber threat inversions.
I will be explaining how it is used and how it can be off added value to the organization.
You know that over the past few years, we've seen quite a few high profile cyber attacks. Okay, her from small businesses, so large organizations.
It's a clear for too many companies are still disorganized and am prepared. When it comes to cybersecurity,
It's no longer possible for companies to guarantee that they are completely safe against a breach, not even with the most comprehensive security measures.
It's more important than ever before to stay ahead off vulnerabilities and threats. Otherwise, you are setting yourself up to become another statistics in the world of cyber quiet.
For this reason, it's important to learn techniques and methods that will help you understand your threat, surface and adversaries, and we'll help you decide which course of action is more appropriate for your case. One of these techniques is heat map on the license,
so it starts with the finding. What is heat map on the license
in general and in cyber threat, intelligence
hit maps are basically available everywhere these days. Anywhere there's data to this place,
they are increasingly popular in scientific disciplines, where large volumes of data have to be made comprehensible.
That's because there are a great way to see through data to trance and understand what to do next. And for this reason in particular, we are using them in cyber Threat intelligence. A heat map is a graphical representation of data that can make complex data sets comprehensible and actionable.
Now hit maps are the most used tools for representing complex statistical data.
That's the secret to their success. Shorts have to be interpreted.
Tables have to be understood, but heat maps are self explanatory and intuitive.
A heat map uses a warm, too cool color spectrum to show you your intrusion. Analytics. More specifically, the colors indicate the activity level regarding each intrusion. At that
here, read means, Ah, high level and green means low lap.
In this case, you can associate the vertical Collins with different campaigns that the organization is currently working on
and the roles we represent intrusion attempts. For every month
you will have a column for the non attributed intrusions, and the more you have red areas and these columns in particular, the more intelligence gaps off and no risks through your organizations you have
the heat map on the license can tell a lot about your adversaries.
For example, a month that has a few West campaigns or intrusion attempts will be probably a holy day season for the country from where your adversaries are originated.
Heat maps are really easy to produce. I will help you identify, and I like trends. And if you are looking for a way to create your heat maps, you can use Excel spreadsheets and follow the steps. The square bit on the slides are the steps that I will follow right now.
For this example, I created an Excel spreadsheet containing samples of campaigns. Keep in mind these are not related. Tow any real case. They are just generated for this example
here. The rose represents
activities for each month,
and the Collins represents the campaigns that targeted the company.
I specifically added the pending attribution caller because it's really important.
First, all these values should be numbers to be able together. Heat Man
not to create our hit map. We first select the numbers that we choose. Conditional Fermat. Think thrown the home menu
how we choose
from red to green
where red have the highest activity level.
Then we select separately the Grand Total column
to see which month has the highest threat activity.
And as you can see for our sample, February has the highest grand total, which means the highest activity level the same as November.
And when it comes to attribution, we have the highest levels impending attribution
here in this example, it mused that we have a lot off knowledge gap, but I hope that in your analyze issue will get more reds here, which means you have more knowledge about your adversaries.
And as you can see, the lowest activity can be seen in June and August, and this is can be explained by the summer Holy days in lot of countries around the world.
This is all for this lesson that we started with a definition off hit map, and we've seen how it works. We close at the video with an example of Hit Matt Bolling using an Excel spreadsheet.
This analyzes technique is helpful to identify your knowledge gaps and understand the behavior and nature off your adversaries and overall organizations can use this method to prioritize and strategically decide their courses affections.
I hope that you enjoy this lesson
in the next video and discovered another technique used for campaign on the license, which is a visual analysis.
Up Next
5.3 Visual Analysis
5.4 MITRE ATT&CK and the MITRE Threat Groups Track
5.5 Threat Intelligence Naming Conventions
6.1 Introduction to Attribution
6.2 Cognitive Biases