00:05
My name is Dean Pompilio, also known as polymath.
00:09
And today we're gonna be talking about Cyber Threat Intelligence or C T. I.
00:15
It's a pretty interesting topic. There's, Ah, a lot of
00:18
effort being put into detecting and responding to threats by organizations worldwide.
00:25
The more important your organization is, the more valuable your data is. Then, more likely, you're going to need
00:31
some extra cheese in this in this body of knowledge.
00:35
So what exactly is cyber threat Intelligence? What does it actually mean?
00:40
I got a couple of quotes here. Thio illustrate the concept a little bit.
00:44
First one's from Gardner.
00:46
Some of you may be familiar with Gartner dot com
00:49
and their rating system that they have for
00:52
software security Software's another software in general,
00:57
and they have a pretty good description here, showing that it's evidence based knowledge
01:02
and that it's not just guessing or acting on a hunch.
01:07
Then we have the quote from James Comey, the director of the FBI,
01:11
and we all know that the FBI has their hands full with cyber terrorism, state sponsored hacking
01:21
individuals who are trying to cause harm to our nation. or to our organizations within the government. First,
01:27
you have serious problems.
01:30
And for that reason,
01:32
the ability to detect threats and respond accordingly in a timely fashion is extremely
01:41
Here we have an overview of some of the topics we'll be discussing in this course.
01:45
Remember, this is an introduction to cyber Threat intelligence.
01:48
I'll be producing a second course with some of the advanced concepts
01:55
all right, so starting off with intelligence foundations will cover some terminology
02:00
and a little bit about the life cycle of this type of information, where it begins, how it's used, where it ends
02:07
and then also done a little bit into the perceptions of Sita.
02:12
I was treated within your organization. What kind of priorities given versus other areas of research and such
02:19
also touched a little bit on the different analyst roles that are
02:23
important. Thio Consider, for any organization that's taking this. C t. I work seriously
02:32
indicators of compromise or IOC's
02:37
that will get into tactical threat intelligence.
02:39
There's an animal scroll that might be focused on this. We'll talk about that a little bit,
02:45
but more importantly, we're going to get into the cyber kill chain.
02:47
Otherwise known. A C K. C seven
02:52
Cyber Kill chain is a Lockheed Martin
02:55
creation that has seven steps so that hence the abbreviation c k c. Seven.
03:04
We'll discuss some operational threat. Intelligence considerations,
03:08
the role of an operational threat. Intelligence analyst, for instance,
03:13
how your organization will manage this kind of information more from a day to day perspective
03:20
also get into the diamond model.
03:22
This is a popular method for
03:24
visualizing the incident response process.
03:28
Once threats have been detected,
03:31
we'll talk about it.
03:34
Threat campaigns because advanced, persistent threats are things that go on over long periods of time
03:39
up to, you know, several months, maybe even years at a time.
03:44
And so that's considered a longer term effort
03:46
by the Attackers and the defenders.
03:51
Next, we'll go into strategic threat intelligence.
03:53
This stipulates a longer time frame.
03:57
We can think about tactics versus strategy,
03:59
and we know that that strategy is sometimes
04:02
depending on who you ask ng away sometimes something that's a year out two years out, three years out
04:10
versus tactical considerations, which are more near term like on the order of several months, up to a year perhaps
04:16
in any case, there is most likely going to be a threat. Intelligence analyst
04:19
functioning. It's a tactical
04:24
method. A swell is a strategic method.
04:28
So modeling threats, looking at
04:30
the complexities of change man's written configuration management,
04:34
we'll have a look at some tools of various tool.
04:39
interesting things that will see that are possible there for doing some research
04:43
that will get into the cyber kill chain a little bit more detail.
04:46
We look at the seven different steps,
04:48
and we'll cover the some of the higher level uses of this methodology
04:54
in order for organizations to respond effectively when threats or detective next, more talk about tactical threat intelligence requirements.
05:01
You can't just dive into this kind of activity
05:04
straightaway. There are some preparatory steps and organization needs to consider
05:11
get some foundation in place and some tools in place in order to accomplish these goals effectively.
05:17
So that includes deciding which
05:19
sources of data will be considered. Which one's incredible effectively
05:24
and which kinds of service is. And products from third party vendors might be used,
05:29
and we'll do a bit of a deep dive into the cyber kill chain itself,
05:34
We'll have a case study to demonstrate how the seven steps might work.
05:39
In a realistic scenario,
05:43
we'll talk a little bit more about how the indicators of compromise
05:46
can be used to identify whether you've got a
05:50
A single intrusion or multiple intrusion. For instance,
05:54
what kind of information can you get from your from your network from your different hosts or even your other end points like workstations and laptops?
06:01
Incident Response plays a large role. Well, adult into that a little bit.
06:05
Also, mala reverse engineering and that in the next module will talk about the management of cyber kill chains because you're most likely as a practitioner going to have more than one of these in progress at any given time.
06:19
So there are some considerations for how did
06:21
keep everything organized
06:24
and how to look for correlation or
06:28
coordinated activity between
06:30
what appeared to be separate threats.
06:32
And then the last manager will get into is using open source threat intelligence.
06:38
There are tremendous resource is available on the Internet.
06:41
Most of them are actually free.
06:43
Some of these service's will offer a
06:47
capabilities if you're willing to pay
06:50
a monthly subscription fee for instance, but most of this stuff is free, so
06:55
we'll go through several examples of tools that can make
06:58
life of the animals a lot easier
07:00
in looking at threats and trying to understand
07:03
what the next course of action might be. All right, so that's it for the introduction I'll see in the next module. Thank you.