Video Description

Part 2 of the module on the CKC examines the steps concerned with analyzing threats and the various defensive actions available to thwart them. Threat analysis can consist of looking at the delivery mechanism, examining log files from various sources along with looking for obvious signs of malicious intent such as emails with harmful links and attachments or infected software. Knowing what assets and individuals are being targeted can provide valuable clues. This type of intel can be extracted from log files, IDPS, firewalls and proxies as well as from phishing and social engineering attacks. Intent can also be inferred from the targeting of databases, websites, Active Directory servers, and evidence of network mapping. The synchronization of events from various sources is critical for proper forensic reconstruction. This entails the use of NTP (Network Time Protocol). It entails extra work, but is required to prevent possible incorrect conclusions. Delaying and degrading adversary tactics and malware are key steps in the CKC. Processes and methods for these steps consist of security awareness training, secure coding practices, vulnerability scanning and pentesting, endpoint hardening of servers and mobile devices to reduce attack surfaces, along with endpoint process auditing.

Course Modules

Intro to Cyber Threat Intelligence

Module 8 - Tactical Threat Intelligence Requirements

Module 12 - Summary