8.1 Summary

00:00

we arrive it to the end of the advance of Cyber Threat Intelligence scores.

00:05

This is the last video on the last model off this course.

00:10

In this video, we are going to talk about the most important parts off each module.

00:17

In the introduction to this course, we introduce it the intelligence life cycle, and you explained how the course is built based on each face off this cycle,

00:28

our first module was dedicated to the data collection sources,

00:33

and here we discuss it, the to be categories off data collections for says, which are the internal sources and the external sources for the internal sources. We define it three categories which our endpoint resources network sources and

00:50

finishes reports or reports from previous investigations.

00:55

And when it comes to external data sources, we discussed three types which are private data sources, including feeds, threat, intelligence platforms and finish and reports

01:07

community sources, which our eyes, axe and Ice House

01:11

and the public sources, which includes threat feeds, threat, intelligence platforms, finish and reports, and

01:19

the next module was dedicated to processing

01:23

and data management.

01:25

And as you've already seen, almost all row data collected needs to be process it in some manners, whether about humans or machines. We have also seen that using standard is an important part off data processing because

01:44

data standard defines how particle or information elements

01:49

are represented in files or in communications

01:53

and standards were created to represent actionable information, including their context to facilitate their storage and sharing.

02:04

And in particular, we've seen some of the common threatened collision site standards, such as taxi standards stick standards. We have also seen example off scoring standard, which is cdss. After this,

02:21

I dedicated three modules for the analyzes face

02:24

because I believe that analysts should spend most off 30 times on this face because a good and a license will help forge proper conclusions. This is why we started with the module. Intrusion analyzes,

02:43

and we discover it together. Some of the techniques that are commonly used, such as A. C H or analyzes off competing hypothesis,

02:53

cyber kill chain,

02:55

Diamond model,

02:57

Saira, Cool Chain and Diamant model, map it together and cyber kill chain and courses off actions. Then we move it to more complex cases, including analyzes off campaigns using their proper tools and methodologies like the heat map, unlicensed

03:16

visual and the license and miter attack framework.

03:21

And for those who just started their cyber threat, intelligence teams and still lacking real cases they can rely on Miter Threat Group tracker. It was also worth noting that while analyzes

03:37

cyber Threat, intelligence teams and

03:39

any security analysts, especially those with experience, might find themselves in situations where they tend to use shortcuts to quickly get conclusion.

03:52

And unfortunately,

03:53

this behavior may lead toa errors in conclusion.

03:58

This is why it waas

04:00

unavoidable to explain cognitive biases and a logical fallacies. We've also seen howto identify them and, most importantly, how to manage or mitigate them. Our final module was dedicated to the last phase off intelligence life cycle, which was

04:19

dissemination and feedback.

04:21

We talked about the three forms or pillars off Threat Intelligence, which our tactical operational and strategic intelligence and off course. We talked about sharing because single entities are no longer able to handle

04:40

the vast amount off possible attack scenarios,

04:43

then cooperative approaches, in particular those based our exchange off cyber threat. Intelligence information can contribute significantly to improve defensive capabilities. Another part that we discuss. It wants feedback

04:59

as its main goal east to adjust the requirements made by the decision makers in the first phase off the intelligence life cycle.

05:09

And like this, we finish it our course off Advance it. Cyber Threat Intelligence. Lastly, here are some references that helped me to build the scores from scratch. I highly recommend reading

05:21

these articles, publications and books for better and deeper understanding off the concepts that I mentioned

05:30

and explained during the previous modules.

05:34

The list in this slide on the following one doesn't include all the resources. This is why I added a doc file as supplemental reading material that you can download directly from the description below the video.

05:50

Well, we arrive in tow our finish line.

05:55

I hope this course would be helpful for you as individual and helpful to enhance the security poster off your organization.

06:04

It was a pleasure for me to be your instructor. For this course.

06:10

You can contact me. All might wear and LinkedIn accounts shared on this light.

06:15

Please feel free to share your feedbacks. Or if you have any suggestions