Cyber Threat Intelligence

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour
Difficulty
Beginner
CEU/CPE
2
Video Transcription
00:00
>> Welcome to Module 3. This module is split into
00:00
five lessons which all focus on
00:00
the central theme of Operationalizing ATT&CK.
00:00
Specifically, we will explore
00:00
how we can apply the knowledge we've captured in
00:00
[inaudible] attack to various cybersecurity operations
00:00
and practices and how this enables us as
00:00
defenders to perform what we call
00:00
threat-informed defense or the systematic
00:00
application of a deep understanding of
00:00
adversary trade grab and technology to prevent,
00:00
detect, and respond to cyber attacks.
00:00
Without further ado, let's dive in.
00:00
Welcome to Module 3,
00:00
Lesson 1, Cyber Threat Intelligence.
00:00
In this lesson, we will explore
00:00
the importance of cyber threat intelligence within
00:00
security operations and appreciate how attack
00:00
can provide a starting point and
00:00
structure for tracking this intelligence.
00:00
In any battle, intelligence and
00:00
knowledge very often separates winners and losers,
00:00
and cyber is no different.
00:00
A cyber threat intelligence,
00:00
or CTI allows us to track,
00:00
understand, and maybe even
00:00
get ahead of what our adversaries are doing.
00:00
Attack provides a great starting point for identifying
00:00
what behaviors have been reported
00:00
for specific groups or malware.
00:00
As you recall, the model allows us to map
00:00
adversaries to the behaviors
00:00
via techniques or sub techniques,
00:00
but also capturing references to
00:00
the publicly available cyber threat intelligence
00:00
describing these behaviors.
00:00
But as we know, CTI comes in various forms.
00:00
In this case, we can see impactful and
00:00
powerful intelligence captured in the form of blogs,
00:00
reported command lines, or even tweets.
00:00
But attack allows us to consistently capture,
00:00
share, and distribute this intelligence.
00:00
Specifically, we can decompose these reports and capture
00:00
the associated behaviors and capture
00:00
them within the model presented by attack.
00:00
If that, we've used the knowledge check for Lesson 1.
00:00
Which of the following is not true?
00:00
Please pause the video and take a second to
00:00
think of the correct answer before proceeding.
00:00
In this case, the correct answer was b.
00:00
The data in ATT&CK can help us
00:00
format and find cyber threat intelligence.
00:00
But since the data is already mapped to
00:00
publicly available reporting and documentation,
00:00
we're probably not going to produce anything new.
00:00
With that, we've reached the end of Lesson 1.
00:00
In summary, intelligence is critical for decision-making,
00:00
as well as providing priorities
00:00
and shaping cybersecurity operations.
00:00
ATT&CK provides a starting point and means for
00:00
structuring this intelligence about adversary behaviors.
Up Next