Time
4 hours
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:01
Hello, France. Welcome back to introduction to savor tread intelligence.
00:06
Today we're going to review the last part on developing the core of cyber Craddick intelligence. Marty.
00:12
This is technical resources,
00:15
oldest searches, systems, technology and l's that you may wonder if it is or it is not needed for a successful cyber tread intelligence team.
00:26
So let's get into it.
00:30
We talk a little bit about sources of trip data in the last video. This time, we're going to explore how a saver treading Killian's team can work with a range of search is to ensure accuracy and relevance.
00:44
These are the human element
00:47
technologies, the combination of searches, cyber tracked intelligence with artificial intelligence that is a subject that we've been discussing in past episodes and cyber threat intelligence communities. And how can you benefit from relationships and interactions with these communities?
01:07
First, the human element.
01:10
So I will treat intelligence vendors can provide some types of off strategic intelligence, but you can also develop in house capabilities to gather information about the topics and events most relevant to your enterprise.
01:26
For example, you could develop an internal Web crawler that analyzes the webpage code off the top 5000 Web destination visit by your employees.
01:36
Decent analyses might provide insights into the potential for great by download attacks. You can share the insights with the security architect ER team to help them propose Contra LS that defend against those attacks?
01:51
This kind of cyber threat intelligence generates concrete data, which is much more useful than an anecdote. Is contractor and generous statistics about attacks? This is a capability that most Bendel's won't be able to generate because it's completely based on in house experience.
02:09
This is the advantage off having
02:12
on actual cyber trade intelligence unit inside your organization. And not only research is generated by third parties.
02:23
Preparatory sources that can extreme judges is strengthened. Your cyber tracked in Italian researches include vendor or Isaac feet.
02:31
These are one of the most important aspects because if your role is not about generating information or collecting information, your limitations are quite large in this feel. For vendors often
02:50
invest their abilities, their capabilities during for structure in order to collect information that they can sell after that, so day organizations are actually based on collecting this information,
03:04
your organization may not have the focus on collecting information in order to generate intelligence. That's why
03:13
getting the feeds from Fred Data Company or a vendor it's much more efficient when talking about money
03:23
the white lease researches. This is very important, since most of the time we're bombarded when talking about email with domains that we may or may not know. But they're certain e mails or domains that we're pretty sure that are allowed in. Urgh in on in
03:42
our organization.
03:44
These can be widely said in order to prevent false positive related to these remains. But you have to be careful. You cannot wide least any domain that you have interaction with. You can only wide list those that you are completely sure that are not affected, because
04:01
even though I domain convey legit,
04:03
it can be also compromised. And if if that domain is in a white least, it will, it will generate a greater risk for your organization.
04:15
The same thing happens with black. Lee's older black lists can
04:20
can be provided from Bender's just at the first item, because normally there there several vendors there. There are constantly monitoring doing Internet so they can detect fishing campaigns. They can detect malicious I P actually most off the
04:39
off cyber trades Intelligence Solutions have
04:41
and score a score on I P addresses on domain names, deferring subjects that will
04:50
that will categorize the element based on its behavior. And they will say, Okay, these have been This has been involved in malicious attempts previously, or it is known that these domain behaves correctly, So he has a good score.
05:06
And you can actually connect your devices or your security devices
05:12
to these black lists in order to have the upper hand and not have to find out for yourself.
05:19
And last but not least, this ever tread the intelligence team research
05:25
he sees. This is pretty important. Esteem is the one that is going to be making research and surf in the dark with the dark net in order to understand and to get on and to collect more information that can be helpful for the organization in the cyber trading telling his unit
05:45
No,
05:46
when come one into ratings searches,
05:48
you have to be
05:50
very careful on the solution that you will. You will get
05:55
on automated cyber threat. Intelligence solution will enable the disciple threat intelligence team to centralize, combine and then reach data from multiple sources before the data is ingested by other security systems or view by human analyst on security operation teams
06:13
on screen, you can see the elements off such an automated threat solution. In this process, information from attracting Telia's vendor is filter to find data that is important to the enterprise and its specific cyber security teams. Then it isn't rich but by data from internal cyber threat intelligence sources
06:31
on output informer
06:33
informants appropriate for targets such a CM's an Indian Bruce Bohne systems.
06:41
If we go back to the chart, we can actually see how that a flow into a cyber threat intelligence team should go first. We have this sources like recorded future in this case, and we also have the customer service data that we talked a little bit before
06:59
The widely the blacks least the analyst notes that it's really important to consider into the
07:04
context realization of information the watch list and appropriately defeats desire.
07:11
This can be private paid feet or free fits the depends of the ones that you have chosen for this task.
07:18
Then the data manipulation starts we can select by filtering the information that we need. It can be because we're tracking a threat or because e. On alert was seen or because we're just tried hunting. We could filter by the res Krul's Reese score for my date,
07:39
and we can actually create this filters
07:41
to be applied at all time.
07:44
Let's say we just want to watch the threats that are regional or that are relevant to our country s o. We can tailor down the I P addresses that it's Jill Localization on Lee matches the organization's one
07:59
We can join, excludes and reach entrance form data. We can use the data we have
08:05
selected by the filters, and we can correlated with the internal information that we have the information that if I will, has captured or let's say, malicious eyepiece regionally or internationally, and then we can get the output format appropriate for target systems. We can
08:22
feed that information automatically by using taxi and sticks.
08:28
The protocols that we already reviewed went with the Mitri
08:33
organization, and we can integrate it in the CME, the ticketing system, the Inti Andrews bones or any custom applications so we can have that information
08:43
first thing in sight for us. Ocana lists
08:48
now machines can be intelligence. Tomb advances in machine learning and natural language processing and LP can bring additional advantages to the cyber Threat Intelligence Team
09:01
with the right technology. References to threat from all sources can be rendered language, not neutral, so you can be analyzed by humans and machines, regardless of the original language used. We have reached the point where artificial intelligence competence have successfully learned the language of trance
09:20
and can accurately
09:22
accurately identify malicious terms.
09:26
The combination of machine learning NLP, an artificial intelligence offer skillets. Opportunities for organizations to leverage cyber threat intelligence. Not only can this technology is removed language barriers, but they also can reduce analysts work Lou
09:43
by taking on many tasks related to data collection
09:48
and correlation.
09:48
When come back with the power to consider multiple data and information searches concurrently to produce genuine, genuine Secretariat intelligence, these capabilities make it far easier to be a comfort, sensible,
10:01
a comprehensible map of the trait landscape.
10:07
Now remember that you're not alone. You're not the only cyber treading telling Ian's unit out there.
10:13
Several treating Kelly's cannot flourish in a vacuum,
10:18
extend our relationship our delight, float life blood off successfully cybertrips intelligence teams,
10:24
no matter how advanced your team might be, no single group can be as a smart individually as the cyber tracked in telling his world. ***.
10:35
Many Cyber Threat intelligence community communities allow individual enterprises to share really relevant and timely attack data so they can protect in cells before they are victimized. Engaging with trusted communities such as attacks, is crucial for decreasing risk
10:52
not just for individual enterprises
10:56
but also for the entire industry and the cybersecurity world at large.
11:01
Participation requires time on research is, for example, to communicate with piers via email and to attend security conferences. But relationship building must be a priority for the cyber threat. Intelligence to be successful
11:18
Well, you're all set now. You have old and knowledge to start engaging the cyber threat intelligence requirements in order to implement it on your organization.
11:30
There are some questions that you need to take into account before getting on with this, though.
11:35
For example, if you're going to start small and scale it up, what is your plan for development? True throughout time?
11:41
What researchers should be conceived in order to guarantee the appropriate growth?
11:48
What position will decide regret intelligence team taking the organizational chart
11:54
and who will manage it and who will report to
11:58
these questions will help you get a better idea off the development and establish it off the cyber threat Intelligence team INGE organization.
12:09
Okay, we're getting near the end of the road, guys.
12:13
With the end of this model, we're just left with the conclusion off this curse the summary highlighting the most important point of the curse and all the reference you can go to in urgent to get more details about what we've seen through these cars.
12:31
And so the countdown starts. See you in the next video.

Up Next

Intro to Cyber Threat Intelligence

This Cyber Threat Intelligence training introduction series will cover the main definitions and concepts related to the CTI world. Will also explain the units and organization’s areas that will interact with the CTI processes.

Instructed By

Instructor Profile Image
Melinton Navas
Threat Intelligence Manager
Instructor