Cyber Threat Intelligence Course Introduction
Video Activity
Welcome to the Cyber Threat Intelligence (CTI) course! Your Cybrary SME will be Dean Pompilio. In this course, Dean will be covering all aspects and phases of CTI and kicks things off with a basic definition: CTI is concerned with detecting and responding to threats using evidence-based knowledge. The more valuable an organization's data, the great...
Video Description
Welcome to the Cyber Threat Intelligence (CTI) course! Your Cybrary SME will be Dean Pompilio. In this course, Dean will be covering all aspects and phases of CTI and kicks things off with a basic definition: CTI is concerned with detecting and responding to threats using evidence-based knowledge. The more valuable an organization's data, the greater the threats if faces. Highlights of the topics covered in the course are:
- CTI terminology
- Lifecycle
- Perceptions and priorities
- Roles of the various CTI analysts
- Indicators of Compromise (IOCs)
- Tactical Threat Intelligence
- The Cyber Kill Chain (CKC)
- The Diamond Model for process visualization
- Threat campaigns
- Advanced persistent threats
- Strategic Threat Intelligence
- Tactical Threat Intelligence Requirement
- Open source CTI
As you can see, there's quite a bit of information covered in this course, so let's get started!
Video Transcription
00:04
Hello, Sy Berry.
00:05
My name is Dean Pompilio, also known as polymath.
00:09
And today we're gonna be talking about Cyber Threat Intelligence or C T. I.
00:15
It's a pretty interesting topic. There's, Ah, a lot of
00:18
effort being put into detecting and responding to threats by organizations worldwide.
00:25
The more important your organization is, the more valuable your data is. Then, more likely, you're going to need
00:31
some extra cheese in this in this body of knowledge.
00:35
So what exactly is cyber threat Intelligence? What does it actually mean?
00:40
I got a couple of quotes here. Thio illustrate the concept a little bit.
00:44
First one's from Gardner.
00:46
Some of you may be familiar with Gartner dot com
00:49
and their rating system that they have for
00:52
software security Software's another software in general,
00:57
and they have a pretty good description here, showing that it's evidence based knowledge
01:02
and that it's not just guessing or acting on a hunch.
01:07
Then we have the quote from James Comey, the director of the FBI,
01:11
and we all know that the FBI has their hands full with cyber terrorism, state sponsored hacking
01:18
and, uh,
01:19
other
01:21
individuals who are trying to cause harm to our nation. or to our organizations within the government. First,
01:27
you have serious problems.
01:30
And for that reason,
01:32
the ability to detect threats and respond accordingly in a timely fashion is extremely
01:38
critical.
01:41
Here we have an overview of some of the topics we'll be discussing in this course.
01:45
Remember, this is an introduction to cyber Threat intelligence.
01:48
I'll be producing a second course with some of the advanced concepts
01:52
later this year,
01:55
all right, so starting off with intelligence foundations will cover some terminology
02:00
and a little bit about the life cycle of this type of information, where it begins, how it's used, where it ends
02:07
and then also done a little bit into the perceptions of Sita.
02:12
I was treated within your organization. What kind of priorities given versus other areas of research and such
02:19
also touched a little bit on the different analyst roles that are
02:23
important. Thio Consider, for any organization that's taking this. C t. I work seriously
02:30
also touched on
02:32
indicators of compromise or IOC's
02:37
that will get into tactical threat intelligence.
02:39
There's an animal scroll that might be focused on this. We'll talk about that a little bit,
02:45
but more importantly, we're going to get into the cyber kill chain.
02:47
Otherwise known. A C K. C seven
02:52
Cyber Kill chain is a Lockheed Martin
02:55
creation that has seven steps so that hence the abbreviation c k c. Seven.
03:04
We'll discuss some operational threat. Intelligence considerations,
03:08
the role of an operational threat. Intelligence analyst, for instance,
03:13
how your organization will manage this kind of information more from a day to day perspective
03:20
also get into the diamond model.
03:22
This is a popular method for
03:24
visualizing the incident response process.
03:28
Once threats have been detected,
03:31
we'll talk about it.
03:34
Threat campaigns because advanced, persistent threats are things that go on over long periods of time
03:39
up to, you know, several months, maybe even years at a time.
03:44
And so that's considered a longer term effort
03:46
by the Attackers and the defenders.
03:51
Next, we'll go into strategic threat intelligence.
03:53
This stipulates a longer time frame.
03:57
We can think about tactics versus strategy,
03:59
and we know that that strategy is sometimes
04:02
depending on who you ask ng away sometimes something that's a year out two years out, three years out
04:10
versus tactical considerations, which are more near term like on the order of several months, up to a year perhaps
04:16
in any case, there is most likely going to be a threat. Intelligence analyst
04:19
functioning. It's a tactical
04:24
method. A swell is a strategic method.
04:28
So modeling threats, looking at
04:30
the complexities of change man's written configuration management,
04:34
we'll have a look at some tools of various tool.
04:38
There's some
04:39
interesting things that will see that are possible there for doing some research
04:43
that will get into the cyber kill chain a little bit more detail.
04:46
We look at the seven different steps,
04:48
and we'll cover the some of the higher level uses of this methodology
04:54
in order for organizations to respond effectively when threats or detective next, more talk about tactical threat intelligence requirements.
05:01
You can't just dive into this kind of activity
05:04
straightaway. There are some preparatory steps and organization needs to consider
05:11
get some foundation in place and some tools in place in order to accomplish these goals effectively.
05:17
So that includes deciding which
05:19
sources of data will be considered. Which one's incredible effectively
05:24
and which kinds of service is. And products from third party vendors might be used,
05:29
and we'll do a bit of a deep dive into the cyber kill chain itself,
05:33
huh?
05:34
We'll have a case study to demonstrate how the seven steps might work.
05:39
In a realistic scenario,
05:43
we'll talk a little bit more about how the indicators of compromise
05:46
can be used to identify whether you've got a
05:50
A single intrusion or multiple intrusion. For instance,
05:54
what kind of information can you get from your from your network from your different hosts or even your other end points like workstations and laptops?
06:01
Incident Response plays a large role. Well, adult into that a little bit.
06:05
Also, mala reverse engineering and that in the next module will talk about the management of cyber kill chains because you're most likely as a practitioner going to have more than one of these in progress at any given time.
06:19
So there are some considerations for how did
06:21
keep everything organized
06:24
and how to look for correlation or
06:28
coordinated activity between
06:30
what appeared to be separate threats.
06:32
And then the last manager will get into is using open source threat intelligence.
06:38
There are tremendous resource is available on the Internet.
06:41
Most of them are actually free.
06:43
Some of these service's will offer a
06:46
more detailed
06:47
capabilities if you're willing to pay
06:50
a monthly subscription fee for instance, but most of this stuff is free, so
06:55
we'll go through several examples of tools that can make
06:58
life of the animals a lot easier
07:00
in looking at threats and trying to understand
07:03
what the next course of action might be. All right, so that's it for the introduction I'll see in the next module. Thank you.
Up Next
Intro to Cyber Threat Intelligence
The CTI course consists of 12 information-packed modules. CTI is a critical function within any organization that involves roles like analysts, methodologies, tools, teams, and policies. From threat analysis to the Cyber Kill Chain, learn it here.
Instructed By
