Book Image

Mastering Cyber Intelligence

By : Jean Nestor M. Dahj

Book Image

Mastering Cyber Intelligence

By: Jean Nestor M. Dahj

Overview of this book

The sophistication of cyber threats, such as ransomware, advanced phishing campaigns, zero-day vulnerability attacks, and advanced persistent threats (APTs), is pushing organizations and individuals to change strategies for reliable system protection. Cyber Threat Intelligence converts threat information into evidence-based intelligence that uncovers adversaries' intents, motives, and capabilities for effective defense against all kinds of threats. This book thoroughly covers the concepts and practices required to develop and drive threat intelligence programs, detailing the tasks involved in each step of the CTI lifecycle. You'll be able to plan a threat intelligence program by understanding and collecting the requirements, setting up the team, and exploring the intelligence frameworks. You'll also learn how and from where to collect intelligence data for your program, considering your organization level. With the help of practical examples, this book will help you get to grips with threat data processing and analysis. And finally, you'll be well-versed with writing tactical, technical, and strategic intelligence reports and sharing them with the community. By the end of this book, you'll have acquired the knowledge and skills required to drive threat intelligence operations from planning to dissemination phases, protect your organization, and help in critical defense decisions.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Share your thoughts

Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft

Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft

Free Chapter

Chapter 1: Cyber Threat Intelligence Life Cycle

Chapter 1: Cyber Threat Intelligence Life Cycle

Technical requirements

Cyber threat intelligence – a global overview

Intelligence data collection

Intelligence data processing

Analysis and production

Threat intelligence dissemination

Threat intelligence feedback

Chapter 2: Requirements and Intelligence Team Implementation

Chapter 2: Requirements and Intelligence Team Implementation

Technical requirements

Threat intelligence requirements and prioritization

Requirements development

Intelligence team layout and prerequisites

Intelligence team implementation

Chapter 3: Cyber Threat Intelligence Frameworks

Chapter 3: Cyber Threat Intelligence Frameworks

Technical requirements

Intelligence frameworks – overview

Lockheed Martin's Cyber Kill Chain framework

MITRE's ATT&CK knowledge-based framework

Diamond model of intrusion analysis framework

Chapter 4: Cyber Threat Intelligence Tradecraft and Standards

Chapter 4: Cyber Threat Intelligence Tradecraft and Standards

Technical requirements

The baseline of intelligence analytic tradecraft

Understanding and adapting ICD 203 to CTI

Understanding the STIX standard

Understanding the TAXII standard

AFI14-133 tradecraft standard for CTI

Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases

Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases

Technical requirements

The threat intelligence strategy map and goal setting

TIPs – an overview

Case study 1 – CTI for Level 1 organizations

Case study 2 – CTI for Level 2 organizations

Case study 3 – CTI for Level 3 organizations

Installing the MISP platform (optional)

Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms

Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms

Chapter 6: Cyber Threat Modeling and Adversary Analysis

Chapter 6: Cyber Threat Modeling and Adversary Analysis

Technical requirements

The strategic threat modeling process

Threat modeling methodologies

Threat modeling use case

User behavior logic

Adversary analysis techniques

Chapter 7: Threat Intelligence Data Sources

Chapter 7: Threat Intelligence Data Sources

Technical requirements

Defining the right sources for threat intelligence

Open Source Intelligence Feeds (OSINT)

Malware data for threat intelligence

Other non-open source intelligence sources

Intelligence data structuring and storing

Chapter 8: Effective Defense Tactics and Data Protection

Chapter 8: Effective Defense Tactics and Data Protection

Technical requirements

Enforcing the CIA triad – overview

Challenges and pitfalls of threat defense mechanisms

Data monitoring and active analytics

Vulnerability assessment and data risk analysis

Encryption, tokenization, masking and quarantining

Endpoint management

Chapter 9: AI Applications in Cyber Threat Analytics

Chapter 9: AI Applications in Cyber Threat Analytics

Technical requirements

AI's position in the CTI program and security stack

AI integration – the IBM QRadar Advisor approach

Chapter 10: Threat Modeling and Analysis – Practical Use Cases

Chapter 10: Threat Modeling and Analysis – Practical Use Cases

Technical requirements

Understanding the analysis process

Intrusion analysis case – how to proceed

MISP for automated threat analysis and storing

Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes

Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes

Chapter 11: Usable Security: Threat Intelligence as Part of the Process

Chapter 11: Usable Security: Threat Intelligence as Part of the Process

Technical requirements

Threat modeling guidelines for secured operations

Data privacy in modern business

Social engineering and mental models

Intelligence-based DevSecOps high-level architecture

Chapter 12: SIEM Solutions and Intelligence-Driven SOCs

Chapter 12: SIEM Solutions and Intelligence-Driven SOCs

Technical requirements

Integrating threat intelligence into SIEM tools – Reactive and proactive defense through SIEM tools

Making SOCs intelligent – Intelligence-driven SOCs

Threat intelligence and IR

Integrating threat intelligence into SIEM systems

Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain

Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain

Technical requirements

Understanding threat intelligence metrics

IOCs, the CTI warhead

PoP, the adversary padlock

Understanding IOAs

Chapter 14: Threat Intelligence Reporting and Dissemination

Chapter 14: Threat Intelligence Reporting and Dissemination

Technical requirements

Understanding threat intelligence reporting

Building and understanding adversaries' campaigns

Disseminating threat intelligence

The threat intelligence feedback loop

Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases

Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases

Technical requirements

Creating and sharing IOCs

Understanding and performing threat attribution

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share your thoughts

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Summary

From this chapter, we can conclude that threat intelligence is not only a finished product but a seven-step process that needs to be understood and mastered to ensure the success of the CTI project. Intelligence must be conducted to support the consumer's vision. Hence, any organization that intends to integrate CTI as part of the business must carefully work through the intelligence life cycle and collaborate with the CTI team at each operation phase. Evidence must accompany each phase's decisions. Because CTI is a continuous process, the next intelligence cycle must primarily use the current cycle's feedback. The first step in planning and directing a threat intelligence project involves generating requirements and implementing an effective CTI team. The next chapter will tackle how to create intelligence requirements and position a team.