Hello, everyone, and welcome to the real deal today in introduction to save a credit intelligence, we're going to start our journey towards our cyber tread. Intelligence implementation. Exciting time, isn't it? We already went through a bunch of knowledge regarding what time of great intelligence is
the unit. It is involved with its capabilities, the frame worst available.
And now it is time to go through the actual steps towards a really implementation of these units. In the Capitol episode, we're going to be preparing our grounds for developing the car of separate Trent intelligence. So what are we waiting for
in the first models? With his cost? Several common misconceptions about cyber threat intelligence, including that it is mostly about threat benefits. And in fact, many organizations begin their tread their cyber threat intelligence programs by signing up for the tread that defeats and connected them with the CM solution.
This may seem like a good way to start because many threat data feeds are open source, and the technical indicators they deliver appear a useful and easy to interpret
scenes all no worries van and every suspicious you're ill could be used by an attacker. The more clues. Do you have about them? The better, isn't it?
Well, in reality, the vast majority of the malware sample in suspicious You're ill are not related to current threats to enter Brace. That's why feeding large volumes of filter trade data to your CM will almost certainly create that. The kind of alert fatigue the week salmon in the past models.
Because cyber cyber Threat intelligence provides value to so many teams in cyber security, it is important to develop priorities that reflect the overall needs and goals of the enterprise.
Rather than assuming that any one team that answers or cyber trading tell you signally she'll have priority, you should develop a clear set of goals
by that by by determining the needs off each security group in the organization and the advantages the cyber crafting till yours can bring to them
begin by considering these questions,
what are you greater risks when talking about on external team? What are the great risks?
One of the ways that cyber trade intelligence can help address each one of those wrists?
What is the potential impact of addressing each risk?
What gaps need to be filled by information technology or human resources to make saver tread intelligence effective in those areas.
Answering these questions will help you clarify where CYBERTRIPS intelligence can deliver the biggest gains in the shortest time. It will also guide your investigation of which cyber threat intelligence sources, tools and vendors can best to Purdue and want to stop. You need to strengthen your program
teams across your secure team. Teams across your security organization can benefit from Cyber Trent intelligence that drives informed decisions, making on offers unique perspectives. Intelligence that is comprehensive, relevant and easy to consume. Has the potential to rev revolutionized
how different roles and organization operates
When the term when determine how to move your cyber threat Intelligence strategy forward. It's important to identify all the potential users in your organization on allying the intelligence to their unique use cases.
It is important to drill down into the types of cyber threat intelligence each group can use
and exactly how they will benefit. Benefit in term of fasts, responses, lower costs, better use of staff, better investment decisions, et cetera. Often the needs and benefits are not obvious.
Documenting these details will help you set prior priorities justify investments and find surprising meal uses for CyberTrips Intelligence
and the image presented. We can see the common type, the common units that we already discussed in this curse that will get benefits from the cyber tracked intelligence unit.
We can start with the threat analysis because the threat analysis will
we'll find the cyber threat. Intelligence capability is very useful to find and respond to external threats. Since the cyber Trentin tell youse will have plenty of that assertions from external organizations, it will find what threats are actually
making noise out there or are being identified by other groups, so threat analysis can be done more effectively.
Also, the security operations can a cellar accelerate crash and extend disability with external context.
The most dangerous situation can happen when the security operations team
doesn't have enough information to know if an incident Israel, if unintended happening it and it is actually costing money or or some sort of compromise off the off the tree main security capabilities to the organization, it's
crucial to have an idea off what to do next. But
if they cannot differentiate a real threat from a false positive,
there is a lot of risk involved
someone in management will want to provide, Ah,
a quick solution that maybe the may impact the business or any assets or any service is being published
and at any fat, The end D Ensign was not a really incredible it was a false positive. There will be a lot of conflict in the organization.
So Axl accelerating triage is a very important operation or very important role that security operations needs. Also, the vulnerability management area can effectively prioritize based on real time exploitation information. Let's say we have defined the following vulnerabilities.
relevant or important vulnerabilities because they have their CVS has high.
But what happened if the actual vulnerability has a really high complexity vector of exploitation
and it is not being actively exploited in the wild,
but instead a medium
say, very table durability, its being exploited combined with another media ble, nor abilities creating
ah higher impact for the organization,
then booth in a really management can actually make the decision off, prioritized these medium vulnerabilities before the critical ones because they are actively actively being exploited, and they represent a really ll risk in the organization.
Also, the Indian Response team
would be helped by accelerated scoping attribution on every mediation with external content.
Incident response is not gonna be benefit just with threat information,
but also with their solution. Information. The mitigation information. Most of security researchers researchers
find the different threats
explain what the thread capabilities are, but also they they complement it with the solution or mitigation that needs to be applied in order to not have this huge reached for the organization
and lastly, but not least, the security leadership. It will effectively prioritize spend based on unique knowledge off threats
that it will get the right information in order to acquire the most valuable information. 40. Organization.
It doesn't help the organization to acquire a threat that a feat that it is across the globe and only has regional information for that country.
It will. It will not be helpful for the organization. Instead, it can be found a vendor or ah, partner that will provide this information for the region Organization is that information will be much more valuable than the other work.
Okay, in order to not overwhelm us, we're going to hit a pass right now, so her so far we have discussed how to actually align December 20. Intelligence capabilities do not only the organization, but also with the different teams That thesis unit aims to aid,
including some common areas that we have gone through in this curse.
In the next video, we will review the key factors that should be taking into account when implementing a cyber threat intelligence unit. In these factors, we're going to see what challenges need to be sold or at least defined in order to be ready for a severed threat, intelligence implementation
and that scene for today to see you in the next video.
Intro to Cyber Threat Intelligence
This Cyber Threat Intelligence training introduction series will cover the main definitions and concepts related to the CTI world. Will also explain the units and organization’s areas that will interact with the CTI processes.