Time
4 hours
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:01
Good morning. Good evening in Goodnight everyone. Welcome back to another episode on Introduction to save a Credit Intelligence. Today we're going to review the last of this ever trekked intelligence framework. Dimitri Attack Frank Work
00:18
mixture is a unique organization in the United States. It's a corporation responsible for managing federal funding for research projects across multiple federal agencies.
00:29
It has had a huge impact on the security industry, including including the development and maintenance off the common vulnerability and exposures CV ian and the common weakness and admiration. See the Louis that a basis
00:44
Mitri has developed a number of other frameworks that are very important for cyber threat intelligence. These include
00:52
the crossed out automated exchange off intelligence information sure for taxi
00:58
a transfer protocol that enables organizations to shirt cyber tread intelligence over https and use common application programming The interface a p i comments. To extract that that cybertrips intelligence,
01:14
it has also developed the instructor threat Information Expression sticks
01:19
Extender is format for presenting saver trenchant aliens information
01:25
and lastly, the saver observable expressions Side box framework ah methods for tracking absorbable tze from cyber security incidents.
01:34
Among these Frank Bowers we confined the attack framework that will be further developing. Discuss.
01:41
According to you Tsai, the mitre attack is a globally accessible knowledge base off adversary tactics and techniques based on real world observation.
01:52
The Attack knowledge base is use this foundation for the development off a specific threat. Models on methodology is in the private sector,
02:02
in government and in the cyber security product and service community.
02:08
Dimitri Adversary. Adversarial tactics, techniques and common knowledge. Attack was created as a means off tracking and for Salem, others adversarial behavior. Over time, attack builds on the cyber kill Ching. But rather than describe a single attack,
02:25
it focuses on the indicators and tactics associated with specific upper surface.
02:30
This framework aims to address four main issues.
02:36
The adversary behaviors,
02:38
the life cycle model that didn't fit
02:40
the applicability to real environments and the common taxonomy.
02:46
This is done by collecting multiple categories to describe the adversary behavior. We can see these indie attack metrics.
02:55
The attack Matrix uses 11 different tactic categories to describe the adversary behavior.
03:02
These categories are
03:05
initial axis execution,
03:07
persistence,
03:08
privilege escalation,
03:10
defensive ation,
03:13
credential, axis
03:15
Discovery, zarrell movement
03:17
collection,
03:19
ex filtration and common and control.
03:23
If you can notice this 11 stay cious off or 11 categories, often attack
03:30
are very similar to what so ever killed Chain provided us. But December kill chain wants more general in what it was described him. In this case, this 11 different tactic a terrorist can give another and a specific offer you off what an attacker is trying to do, because not
03:50
every time in every attack this 11 categories will be used by an attacker.
03:55
Each of these tactical categories includes individual techniques that can be used to describe the adversary's behavior.
04:02
For example, under dimensional access category. Behaviors may include the spear fishing attachment is pure fishing link
04:11
trust a relationship and valid accounts.
04:14
Let's say if attack that is taking place,
04:17
um,
04:18
is being described by these 11 categories. This attack may not need to aggress the fourth for category, which is privilege escalation because,
04:31
for example, the Attacker East using an eternal brew over a teller. Romans exploit
04:38
in this both. Both of this exploits give
04:42
already system
04:44
system access to add to the attacker exploiting these vulnerability. So the fourth confederated privilege escalation will not be necessary to perform for the attacker
04:56
in the bottom of this light. You can check the week in main page off the off the meter organization when you can have more information about how is this 11 caretaker is supposed to be field
05:12
this Classifications of behaviors allow security teams to be very granular in describing, describing and cracking adversarial behavior on makes it easy to share information between teams. Attack. It's useful across a wide range of security functions from threat. Intelligence analysts
05:30
to suck up Raiders and Indian Response Team
05:33
Tracking Adversary behavior Instructor. Unrepeatable way Allow steams tube
05:39
priorities. Incident response.
05:42
Die Indicators. Two Attackers
05:44
and identify holes in an organization security posture
05:48
like we mentioned before.
05:51
The prioritization that will be giving to a certain attack will depend on the categories that the attack is actually having information off.
06:01
Because if we notice that there is no need for a privilege escalation, that means that an attacker has system authorities over that compromise asset, so it becomes a really critical
06:15
incident that needs to be addressed.
06:20
Now get that framework is a pretty large collection of information used to classify server several data.
06:28
This is quite covering. Item by item is something hard to achieve in these curves, it were able to grab the ever single off every single category. It will become a really large model. And maybe it will be out of this scope of this curse because if you need more information,
06:46
you can go to
06:48
the link in this light
06:50
where Dimitri Organization has collected all the information needed to get start implemented implementing this framework because this is not again, this is not, ah, one
07:02
one size, feet old type of framework. It needs to be Taylor down in order to meet the organization's goals that needs to be used with these framework.
07:15
Okay, now that we have gone through the three frame worse, we can contrast older benefits and make a decision about what schemer you think will work best for a specific organisation type
07:28
in order to have a better idea of the mitre attack fingered, you can answer yourself the following questions.
07:34
How do you think this framework can be contrasted with the diamond model?
07:40
What purposes of cyber credit intelligence does This framework provides that the others one Dawson's
07:47
and how can the three frame worse live together?
07:51
Remember that with these costs, when starting in these chapter that
07:57
the frameworks that we were going to reveal, we're not too. We're not mutually exclusive,
08:03
but instead they can the three of them abused in order to create a very
08:09
wide capability off cyber trans intelligence. So with the right amount of resources do you could be implementing the three of them? But remember that with what you have to
08:20
keep in mind is that the organization's objective must be met.
08:30
OK, in today's brief lecture, we discussed the main concept behind the attack framework and wide of Jack gives. It aims to result. Also were view that what capabilities can this freight will provide to cyber threat intelligence? Another units like Sock or the higher team?
08:48
I know that we couldn't go deep into each one of the categories provided because he woken some too much time and much of the information is technical and can be review in link showed before. Nonetheless, in order to have a full comprehension, I strongly recommend for you
09:03
to tickle the meter's website and go through old information they have available.
09:09
The purpose of these model was a legend know it exists, and what approach does it take to model on adversary and its capabilities.
09:20
Now that we have the tools and knowledge regarding what type off approaches, we can take the worst cybertrips intelligence. It is time to dive into developing the actual court of these unit in a giving organization,
09:33
and that's it. We're done with the cyber threat intelligence framework, and it is thing to get on with the real thing.
09:39
See you there.

Up Next

Intro to Cyber Threat Intelligence

This Cyber Threat Intelligence training introduction series will cover the main definitions and concepts related to the CTI world. Will also explain the units and organization’s areas that will interact with the CTI processes.

Instructed By

Instructor Profile Image
Melinton Navas
Threat Intelligence Manager
Instructor