Video Description

Module 9 consists of three parts as we take a deeper dive into the Cyber Kill Chain 7 (CKC7). Deans discusses which IoC are worth using for pivotings along with the identification and categorization of network and host data, incident response, and malware reverse engineering. CKC analysis begins with malicious activity notification. Physical monitoring consisting of gates, guards, and security cameras are concerned with protecting the perimeter. Similarly, on the network side, NIDS and NIPS provide defense between the public internet and the DMZ and between the DMZ and private intranet. HIDS and HIPS are then discussed. These devices provide monitoring and defenses between the DMZ and intranet. Data passing across this boundary should be monitored looking for malicious data traversal. Such devices should be in place at the boundary of any adjacent security zone. The video concludes with a discussion of SIEMs and host-based IDS/IPS. Correlating events assists with the aggregation of intel to provide a better picture of the intruder.

Course Modules

Intro to Cyber Threat Intelligence

Module 8 - Tactical Threat Intelligence Requirements

Module 12 - Summary