My name is Dean Pompilio, also known as polymath.
And today we're gonna be talking about Cyber Threat Intelligence or C T. I.
It's a pretty interesting topic. There's, Ah, a lot of
effort being put into detecting and responding to threats by organizations worldwide.
The more important your organization is, the more valuable your data is. Then, more likely, you're going to need
some extra cheese in this in this body of knowledge.
So what exactly is cyber threat Intelligence? What does it actually mean?
I got a couple of quotes here. Thio illustrate the concept a little bit.
First one's from Gardner.
Some of you may be familiar with Gartner dot com
and their rating system that they have for
software security Software's another software in general,
and they have a pretty good description here, showing that it's evidence based knowledge
and that it's not just guessing or acting on a hunch.
Then we have the quote from James Comey, the director of the FBI,
and we all know that the FBI has their hands full with cyber terrorism, state sponsored hacking
individuals who are trying to cause harm to our nation. or to our organizations within the government. First,
you have serious problems.
And for that reason,
the ability to detect threats and respond accordingly in a timely fashion is extremely
Here we have an overview of some of the topics we'll be discussing in this course.
Remember, this is an introduction to cyber Threat intelligence.
I'll be producing a second course with some of the advanced concepts
all right, so starting off with intelligence foundations will cover some terminology
and a little bit about the life cycle of this type of information, where it begins, how it's used, where it ends
and then also done a little bit into the perceptions of Sita.
I was treated within your organization. What kind of priorities given versus other areas of research and such
also touched a little bit on the different analyst roles that are
important. Thio Consider, for any organization that's taking this. C t. I work seriously
indicators of compromise or IOC's
that will get into tactical threat intelligence.
There's an animal scroll that might be focused on this. We'll talk about that a little bit,
but more importantly, we're going to get into the cyber kill chain.
Otherwise known. A C K. C seven
Cyber Kill chain is a Lockheed Martin
creation that has seven steps so that hence the abbreviation c k c. Seven.
We'll discuss some operational threat. Intelligence considerations,
the role of an operational threat. Intelligence analyst, for instance,
how your organization will manage this kind of information more from a day to day perspective
also get into the diamond model.
This is a popular method for
visualizing the incident response process.
Once threats have been detected,
we'll talk about it.
Threat campaigns because advanced, persistent threats are things that go on over long periods of time
up to, you know, several months, maybe even years at a time.
And so that's considered a longer term effort
by the Attackers and the defenders.
Next, we'll go into strategic threat intelligence.
This stipulates a longer time frame.
We can think about tactics versus strategy,
and we know that that strategy is sometimes
depending on who you ask ng away sometimes something that's a year out two years out, three years out
versus tactical considerations, which are more near term like on the order of several months, up to a year perhaps
in any case, there is most likely going to be a threat. Intelligence analyst
functioning. It's a tactical
method. A swell is a strategic method.
So modeling threats, looking at
the complexities of change man's written configuration management,
we'll have a look at some tools of various tool.
interesting things that will see that are possible there for doing some research
that will get into the cyber kill chain a little bit more detail.
We look at the seven different steps,
and we'll cover the some of the higher level uses of this methodology
in order for organizations to respond effectively when threats or detective next, more talk about tactical threat intelligence requirements.
You can't just dive into this kind of activity
straightaway. There are some preparatory steps and organization needs to consider
get some foundation in place and some tools in place in order to accomplish these goals effectively.
So that includes deciding which
sources of data will be considered. Which one's incredible effectively
and which kinds of service is. And products from third party vendors might be used,
and we'll do a bit of a deep dive into the cyber kill chain itself,
We'll have a case study to demonstrate how the seven steps might work.
In a realistic scenario,
we'll talk a little bit more about how the indicators of compromise
can be used to identify whether you've got a
A single intrusion or multiple intrusion. For instance,
what kind of information can you get from your from your network from your different hosts or even your other end points like workstations and laptops?
Incident Response plays a large role. Well, adult into that a little bit.
Also, mala reverse engineering and that in the next module will talk about the management of cyber kill chains because you're most likely as a practitioner going to have more than one of these in progress at any given time.
So there are some considerations for how did
keep everything organized
and how to look for correlation or
coordinated activity between
what appeared to be separate threats.
And then the last manager will get into is using open source threat intelligence.
There are tremendous resource is available on the Internet.
Most of them are actually free.
Some of these service's will offer a
capabilities if you're willing to pay
a monthly subscription fee for instance, but most of this stuff is free, so
we'll go through several examples of tools that can make
life of the animals a lot easier
in looking at threats and trying to understand
what the next course of action might be. All right, so that's it for the introduction I'll see in the next module. Thank you.