Video Description

Module 10 deals with the challenge of handling simultaneous intrusions. Multiple kill chains come into effect and the challenge is heightened to determine if any are related. Extra methodology is required in such a situation. Identification of separate, simultaneous intrusions begins with pattern recognition. Reliable methods are critical in this step to prevent the risk of confirmation bias and reaching false correlations. Assistance with correlation can come in the form of vendors alerts or correlation with other analysts and other teams via a comms plan. Coordination in the form of plans, policies, and procedures are required to govern info-sharing. Building a knowledge base of sanitized data is a challenging but worthwhile effort in order to assist with future simultaneous events.

Course Modules

Intro to Cyber Threat Intelligence

Module 8 - Tactical Threat Intelligence Requirements

Module 12 - Summary