Time
3 hours 1 minute
Difficulty
Advanced
CEU/CPE
3

Video Transcription

00:04
hello and welcome to the fourth module in the Advanced Cyber Threat Intelligence Course In this module, we're going to be thinking about strategic threat, intelligence analysis,
00:14
strategic meaning, the longest time frame
00:17
of the organization's analysis efforts. As we talked about in previous sections, there is a tactical and operational time frame to consider
00:28
Strategic might be thought of as the big picture,
00:32
trying to understand, how do these other efforts build up the capability to and understand things like when campaigns are
00:40
underway? And how does this, for instance, affected the organization as it moves forward through the various challenges?
00:48
I, uh, you know, month to month, year to year basis one of the biggest challenges for the analyst, anyway, is trying to understand how they're their own mind may betray them.
01:00
There are lots of ways where human thinking can
01:04
give us some tremendous advantages, you know, as far as how we've evolved over time to where we are now.
01:11
But some of those same
01:12
abilities that our brains have can also work against us.
01:18
So we're going to explore some of the,
01:19
uh, biases that are thinking can, can generate
01:26
and hopefully identify ways, too,
01:29
to understand when this is happening, why it might be happening.
01:32
And also consider some methods to circumvent these problems.
01:38
These could be in the form of logical fallacies, cognitive biases,
01:42
errors in logical thinking. These are all areas where
01:47
the analyst needs to be very careful.
01:49
Trying to pay attention to critical thinking skills
01:53
will certainly help,
01:55
because this means that the analyst is looking Maur at evidence and facts and trying to draw a more objective conclusion
02:05
based on the information that's right in front of them.
02:07
If you can completely remove emotion from
02:10
from the analysis that serves everyone's purposes much better, so we'll take a little bit deeper into that and see what you think about
02:17
how your own brain might be
02:21
playing tricks on you occasionally and giving you a sense of intuition that could turn out to be trying to be incorrect. So beyond these mental considerations, we also have to think about
02:31
the concept of attribution
02:35
in the case of malware in the case of a new incident or attack attribution In the case of a campaign or advanced persistent threat.
02:43
This is a tricky business, for sure, and as we'll see, there's sometimes doubt as to the certainty of
02:52
an ATTRIBUTION being done correctly or having enough conclusive evidence
02:57
when it involves a nation state. This is especially critical to get correct or get us closer to correct as possible because
03:05
there are big geopolitical considerations in those instances and
03:08
in intelligence information of this type has to be presented very carefully
03:14
to make sure that
03:15
there is solid reasoning behind
03:19
a conclusion of that type. Historical evidence from previous analyses can certainly be useful.
03:25
Could be useful in attribution sense Or maybe in a methodology sense, it could also again work against you when
03:35
the conclusions of previous analyses
03:38
pointed in the wrong direction. That would be interesting to study as a method of quality control or quality assurance.
03:46
Toe look at previous work to see did that
03:50
assumption pan out wasn't correct
03:53
where their errors that were made and if there were errors, what were they and how do we identify those situations again so that we can prevent the errors from happening
04:01
during current and future analysis?
04:03
The generation and consumption of this kind of reporting
04:08
also has to be considered very carefully as I've touched on previously in different sections.
04:15
There always has to be an understanding of the intended audience. On the flip side of that, as a consumer of intelligence,
04:25
you would also be looking for consistency
04:28
and a A a positive look and feel
04:31
to the information that's being presented, so let's get started.

Up Next

Advanced Cyber Threat Intelligence

The Cyber Threat Intelligence (CTI) course is taught by Cybrary SME, Dean Pompilio. It consists of 12 modules and provides a comprehensive introduction to CTI. The subject is an important one, and in addition to discussing tactics and methods, quite a bit of focus is placed on operational matters including the various CTI analyst roles.

Instructed By

Instructor Profile Image
Dean Pompilio
CEO of SteppingStone Solutions
Instructor