Time
4 hours
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:01
Hello, guys and gals, welcome back to another video in the series of introduction to Cyber Credit Intelligence. This time, we're going to review the key success factors that need to be considered when implementing a cyber threat Intelligence unit, in order to make the whole process easier
00:19
regarding future, has observed several factors. The frequently contribute to effective cyber threat intelligence programs.
00:28
The first thing is generating quick wins with monitoring.
00:32
Monitoring threat information can provide QUIQUE benefits with relatively modest investments. The key is to look for a few types of data that are particulary meaningful for your business on information security strategy. And it will help you to anticipate
00:49
emergent trance or provide early warning off actual attacks.
00:54
Your activities might conclude things like checking for new vulnerabilities that affect your most important software packages servers and in points
01:02
tracking through trends that post potential risks to business operations.
01:07
Watching for any leaks, corporate credentials data or Costa period in public or dark Web sites
01:14
and so on. They're broadly a few data types that that are really important to your business and that you can monitor without investing in new infrastructure or new staff monitoring them can generate quick winds and 10 most trained the advantages of cyber tracked intelligence and
01:33
and with that build enthusiasm for the program
01:37
automating as much as possible. Effective cyber threat. Intelligence programs typically focus
01:44
on automation from the beginning.
01:47
They start by automating fundamental tasks like that aggregation comparison, like labeling and context realization.
01:57
When this test piper are performed by machines, humans our feet up free up to work on making effective informed decision. As your cyber tracked intelligence programs becomes more sophisticated, you may find even more opportunities for automation.
02:15
You will be able to automate information sharing among the larger group off security solutions. And now, to make more work flows that provide intelligence to incident analyses and response and fraud prevention teams,
02:30
you will be able to offload more of the thinking to your cyber traffic 1,000,000 solutions, for example, by having the so for the software automatically could relate Fred Data and produce risks. Course.
02:44
Just to be cautious, though, when you have a lead saver transients ocean solutions, you should examine the level to which they employ automation.
02:53
It's automation confined to Agra, grating and cross reference in data, Or does the solution in context
03:00
that it
03:01
or does the solution as context that it keeps your teams to make risk based decisions with confidence.
03:08
Keep in mind that inside with threat intelligence, more raw data on lee at value if it's properly analyzed structure and deliver to your in an easy to consume format
03:23
now Integrating cyber Threat Intelligence tool with existing systems is an effective way to make the intelligence accessible and usable without overwhelming teams with, Neech acknowledges. Part of integration is giving cyber tread intelligence tools,
03:38
visibility into security events and activities, capture by your other security and network tools.
03:46
Combining and correlating internal and external data points can produce genuine intelligence that is both relevant to your business. On placing the constants off the wider trade landscape,
03:58
the other critical aspect of integration is delivering the most important specific, relevant and contextually intelligence. Tow the Grind Group at the right time.
04:09
Sybil Trent Intelligence solutions can be integrated with CM's another security tools either true AP eyes or interfaces developed in partnership with a security tool benders.
04:19
When you have a late December trade Italian solution, it is important to understand which ones can integrate with your existence so far and support your security teams. Use case
04:32
No.
04:33
The value you get from Secretariat Italians is directly related to your ability to make it relevant to your organization on applying to exist in our new security processes. These goals can be rich faster if you work with a vendor or consultant that provides vote chemical capabilities on expertise
04:54
to empower to organization to get the most from cyber trade intelligence
04:59
As time goes on, working with such a partner will enable members of their team to become cyber tracked intelligence experts in their own right so that your capabilities in the field can grow organically.
05:12
Let's remember to look for partners with a wide and deep bench off cybertrips. Italians experts thes especially a specialist's, should be equipped to understand your needs and ready to help you get the most from your investments. Just be able to call under expert
05:29
pieces needed on to work with them to identify new advantages
05:32
from leverage for leveraging cyber threat intelligence INGE organization, your chosen partners should not only helped you succeed today, but also support your security teams as you move forward.
05:47
With the items seeming discourteous, we have reached a point where we can see that cyber tracked Italian is not a unit, then you need to have everything set of perfectly in order to get advantage of their capabilities. Instead, it can be deployed in a small manor at first, and then it's gonna lead up a bit.
06:08
That means you can start simple with your current staff instead of a dedicated cyber trading telling you strip, I feel data sources and integration with existing security tools. Like CM, I'm building a village in management systems. You can then scale up to dedicated staff being more data searches, more tools, more integration
06:27
and more automated four floats
06:30
in the record of future literature and matrix is defined for four stages of maturity for treated for cyber tracked intelligence programs from no internal sources, toe limited sources on tools toe a fully staffed, highly automated, separate intelligence programs. As we can see in the feature.
06:49
In the right side, we have defined four different categories from which these matrix is
06:59
filled with the first level. We can see that we have no threat intelligence, no trite intelligence records, his researches whatsoever when talking about people.
07:09
This is what we were discussing about using another people, another
07:15
teams, people that have some expertise in cyber security and cyber trades. Intelligence
07:20
indeed, that resources. There's no feats relying on just ghoul or any other
07:28
search engine that will provide enough information for the team to actually make some decisions about the threat that they're looking at.
07:38
The security solutions basically will talk about an M S SP, and they don't have anything built in house or banished by themselves. And there is no workflow whatsoever. So you see, the first stage is basically an onyx system. Cybertrips Intelligence team.
07:55
The second stage
07:56
it advances. Like with this Coast. There's no dedicated trade intelligence analysts, and there are some distributing resources like where many hats. So in the morning, this is a sock, and at least in the afternoon he sees a psychiatrist intelligence. And at night it's a Nancy and response team. Er
08:13
well. In the data, sources were filled with free feats brand and lee credential monitoring,
08:20
So it's like basically the few information that we can get. The free Fitz will most of the time get duplicated. But we have something to feed on.
08:31
Then, as a security solutions we have the CM and a vulnerability management. Those air Two crucial aspects that you have to take in account when building a Secretariat Italians unit on dhe, lastly, reacting to alerts and had hark information. This means that this team will work when alert has happened
08:50
and it is needed to correlate some information that we already have.
08:54
Or if that is demanded by another team,
08:58
we're going to jump through to the fourth estate that is an actual built cyber trading. Tell us steam. It considers a dedicated threat analyst, analyst, team. So the the steam is toe work in that 24 7 Well,
09:15
no. 24 7 they may say we may say eight hours for
09:20
per day. It depends on the legislation of your country, but do you know what I mean?
09:26
In the data, sources were combining multiple intelligence providers to produce actual intelligence. We don't need to rely on just one vendor to provide the whole intelligence. We can actually correlate most of them into one tool,
09:41
and that tool most likely will be a security solution. That is a threat intelligence platform that can carry on deep analysis of the information provided and lastly, the war flu is integrated with multiple security tools.
09:54
So that means that the sock and the I R team are gonna be working hand by hand with the cyber tracked intelligence team in order to create ah, full eco system about
10:05
intelligence, about threats and about incidents.
10:09
Now Final objective is to build a sever tread intelligence unit
10:15
that is capable off
10:16
scoured the widest possible range of technical, open and dark Web sources. Use automation to deliver easily consumable intelligence
10:26
provided fully contextualized alert in real time with limited false positives. Integrate with with on enhancing existing security technologies and processes and consists consistently improved efficiency and efficacy off your entire security organization.
10:46
With this key factors in mind, we can easily think of an implementation route that will love our organization to scale up our cyber threat intelligence capabilities. We found making a big investment out front
10:58
in the next video. We're going to take a step forward towards a specific work that should be done when starting a Cyber Trades intelligence unit.
11:07
What type of Secretariat intelligence will be steam be generated and finally, who will be on the Golden Team?
11:15
So that's it for now. Guys and gals see you in the next video

Up Next

Intro to Cyber Threat Intelligence

This Cyber Threat Intelligence training introduction series will cover the main definitions and concepts related to the CTI world. Will also explain the units and organization’s areas that will interact with the CTI processes.

Instructed By

Instructor Profile Image
Melinton Navas
Threat Intelligence Manager
Instructor