Did you know Cybrary has FREE video training? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
The concluding video of Module 10 deals with the managing multiple CKCs. Dean takes us through examining similarities, methodology, threat actors, and overlapping indicators. Progress tracking and triage engagement are also covered. As discussed in the previous video, identifying a correlation between multiple events is challenging, but the ability to do so allows for managing related campaigns and the grouping of events. Understanding intruder intent and mission objectives form the basis of an incident response plan. Finding clues can be challenging due to adversaries changing up behavior in order to not be predictable. Sometimes requesting assistance from in-house developers can prove helpful when analysts are lacking tools and detection capability.