Strategic Threat Intelligence - Part 3

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
4 hours 8 minutes
Difficulty
Intermediate
CEU/CPE
4
Video Transcription
00:04
So this has another doctor. We can take a quick look at here.
00:07
Special Pub 800-1 28.
00:10
This is the guy for
00:11
configuration management
00:13
of I T Systems, a security focused configuration management.
00:27
So August 2000 eleven's fairly recent
00:33
we could see that
00:35
it gives us an overview of the different phases of doing this kind of work,
00:39
gives an explanation of some of the concepts, and even goes into the different roles and responsibilities that should be involved in consideration management.
00:50
And because we have different levels of effort here, there are some nice high level steps.
00:56
You should have a plan
00:58
so your configuration management is not at Hockett should be a well defined methodology.
01:03
Most organizations will have a weekly meeting to discuss proposed changes and therefore different members of different teams convert up or down whether they think the changes,
01:15
acceptable or not,
01:19
goes into a little bit more detail about implementing changes. Things like having a rollback plan,
01:23
having
01:26
of evidence of testing to make sure that the changes verified before it's down on a production system, for instance,
01:33
keeping track of your changes
01:36
using tools that can that can utilize the scrap
01:40
security can content automation protocol. Lot of tools
01:44
can use this to send security related information back and forth to each other.
01:49
So it's a good document to look into. It's not very long
01:53
and get some great guidance on dealing with configuration. And if this is something that's fairly new to the practitioner,
02:01
so the only eight pages pretty pretty short overall.
02:09
But I will have a look at various.
02:12
This is the evil candidly for event recording an incident sharing,
02:16
and this is an interesting
02:19
a database that's freely available.
02:22
It's a community database,
02:23
and
02:24
it's kind of similar to
02:28
some of the cloud models that are used by a lot of vendors these days,
02:31
where they have a
02:34
AH repositories being hosted by the organization that gather statistics and
02:39
different kinds of data from from all their customers perhaps millions of customers
02:45
in certain cases,
02:46
so that that information can be aggregated and perhaps analyzed to provide better security and better feedback to people that are using the resource.
02:58
So also, it uses a common language to describe the incidents
03:02
sort of similar to scrap it away, because it's a protocol that allows a standard way for different vendors to communicate with each other.
03:10
So let's go ahead. Look at the website,
03:17
so talks a little bit about the community. You can volunteer for this. You can go to the data actually hosted on, Get up
03:25
if you want,
03:27
and you can interact with that data through various ways.
03:30
But what's easiest to demonstrate
03:32
for for this our purposes is to go to the interactive site.
03:38
He's gonna click on this time first,
03:40
so this allows you to explore the data makes,
03:45
and it shows
03:46
incident counts and various parameters of these incident counts
03:52
going all the way back to the year 2000.
03:54
Then we can see that the
03:57
the data has not been updated for the
04:00
the last year.
04:02
Maybe they're still working on that, but
04:05
there's a lot of good information you can drill down into
04:10
to see what kind of what kind of data is happening,
04:14
not happening. But what kind of date is relevant for different types of attacks where they happening and so on?
04:20
You can look at some geographic
04:23
information on this,
04:25
looking
04:26
by different industries, different countries.
04:30
See, there's a large number of health care in public
04:33
finance and so on information technology,
04:40
and you can
04:41
look at each individual country.
04:44
Look, if you want to look at Australia, for instance, we can break that down
04:50
or even will look at the United States
04:55
quite a bit there.
05:00
And you can also select the countries.
05:02
So it's pretty nice interactive tool.
05:06
And we can see
05:08
different aspects of the type of Bridge
05:15
Day disclosure compared with all breaches
05:23
and then some indication about the numbers of records
05:28
like here. We have
05:30
10 billion records
05:31
going, all without tool of some period in 10 2015.
05:35
And if you hover over one of these, you can see the actual
05:39
event. This one's has a lot of records. Let's see what that is.
05:42
Tense and holdings one
05:44
1.2
05:46
1,000,000,000 records. That's quite a few.
05:49
Quite a few.
05:51
So
05:53
these are interesting things to look at. It is, it can provide some correlation
05:58
to other events you're looking at with your within your organization.
06:02
And of course, if you wish you can,
06:05
you can volunteer to be part of the community
06:10
and add to the information database to make it more useful for other people to, uh, get some value.
06:16
I hope you enjoyed the module. See you in the next one. Thank you.
Up Next
Intro to Cyber Threat Intelligence

The CTI course consists of 12 information-packed modules. CTI is a critical function within any organization that involves roles like analysts, methodologies, tools, teams, and policies. From threat analysis to the Cyber Kill Chain, learn it here.

Instructed By