Book Image

Mastering Cyber Intelligence

By : Jean Nestor M. Dahj

Book Image

Mastering Cyber Intelligence

By: Jean Nestor M. Dahj

Overview of this book

The sophistication of cyber threats, such as ransomware, advanced phishing campaigns, zero-day vulnerability attacks, and advanced persistent threats (APTs), is pushing organizations and individuals to change strategies for reliable system protection. Cyber Threat Intelligence converts threat information into evidence-based intelligence that uncovers adversaries' intents, motives, and capabilities for effective defense against all kinds of threats. This book thoroughly covers the concepts and practices required to develop and drive threat intelligence programs, detailing the tasks involved in each step of the CTI lifecycle. You'll be able to plan a threat intelligence program by understanding and collecting the requirements, setting up the team, and exploring the intelligence frameworks. You'll also learn how and from where to collect intelligence data for your program, considering your organization level. With the help of practical examples, this book will help you get to grips with threat data processing and analysis. And finally, you'll be well-versed with writing tactical, technical, and strategic intelligence reports and sharing them with the community. By the end of this book, you'll have acquired the knowledge and skills required to drive threat intelligence operations from planning to dissemination phases, protect your organization, and help in critical defense decisions.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Share your thoughts

Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft

Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft

Free Chapter

Chapter 1: Cyber Threat Intelligence Life Cycle

Chapter 1: Cyber Threat Intelligence Life Cycle

Technical requirements

Cyber threat intelligence – a global overview

Intelligence data collection

Intelligence data processing

Analysis and production

Threat intelligence dissemination

Threat intelligence feedback

Chapter 2: Requirements and Intelligence Team Implementation

Chapter 2: Requirements and Intelligence Team Implementation

Technical requirements

Threat intelligence requirements and prioritization

Requirements development

Intelligence team layout and prerequisites

Intelligence team implementation

Chapter 3: Cyber Threat Intelligence Frameworks

Chapter 3: Cyber Threat Intelligence Frameworks

Technical requirements

Intelligence frameworks – overview

Lockheed Martin's Cyber Kill Chain framework

MITRE's ATT&CK knowledge-based framework

Diamond model of intrusion analysis framework

Chapter 4: Cyber Threat Intelligence Tradecraft and Standards

Chapter 4: Cyber Threat Intelligence Tradecraft and Standards

Technical requirements

The baseline of intelligence analytic tradecraft

Understanding and adapting ICD 203 to CTI

Understanding the STIX standard

Understanding the TAXII standard

AFI14-133 tradecraft standard for CTI

Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases

Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases

Technical requirements

The threat intelligence strategy map and goal setting

TIPs – an overview

Case study 1 – CTI for Level 1 organizations

Case study 2 – CTI for Level 2 organizations

Case study 3 – CTI for Level 3 organizations

Installing the MISP platform (optional)

Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms

Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms

Chapter 6: Cyber Threat Modeling and Adversary Analysis

Chapter 6: Cyber Threat Modeling and Adversary Analysis

Technical requirements

The strategic threat modeling process

Threat modeling methodologies

Threat modeling use case

User behavior logic

Adversary analysis techniques

Chapter 7: Threat Intelligence Data Sources

Chapter 7: Threat Intelligence Data Sources

Technical requirements

Defining the right sources for threat intelligence

Open Source Intelligence Feeds (OSINT)

Malware data for threat intelligence

Other non-open source intelligence sources

Intelligence data structuring and storing

Chapter 8: Effective Defense Tactics and Data Protection

Chapter 8: Effective Defense Tactics and Data Protection

Technical requirements

Enforcing the CIA triad – overview

Challenges and pitfalls of threat defense mechanisms

Data monitoring and active analytics

Vulnerability assessment and data risk analysis

Encryption, tokenization, masking and quarantining

Endpoint management

Chapter 9: AI Applications in Cyber Threat Analytics

Chapter 9: AI Applications in Cyber Threat Analytics

Technical requirements

AI's position in the CTI program and security stack

AI integration – the IBM QRadar Advisor approach

Chapter 10: Threat Modeling and Analysis – Practical Use Cases

Chapter 10: Threat Modeling and Analysis – Practical Use Cases

Technical requirements

Understanding the analysis process

Intrusion analysis case – how to proceed

MISP for automated threat analysis and storing

Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes

Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes

Chapter 11: Usable Security: Threat Intelligence as Part of the Process

Chapter 11: Usable Security: Threat Intelligence as Part of the Process

Technical requirements

Threat modeling guidelines for secured operations

Data privacy in modern business

Social engineering and mental models

Intelligence-based DevSecOps high-level architecture

Chapter 12: SIEM Solutions and Intelligence-Driven SOCs

Chapter 12: SIEM Solutions and Intelligence-Driven SOCs

Technical requirements

Integrating threat intelligence into SIEM tools – Reactive and proactive defense through SIEM tools

Making SOCs intelligent – Intelligence-driven SOCs

Threat intelligence and IR

Integrating threat intelligence into SIEM systems

Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain

Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain

Technical requirements

Understanding threat intelligence metrics

IOCs, the CTI warhead

PoP, the adversary padlock

Understanding IOAs

Chapter 14: Threat Intelligence Reporting and Dissemination

Chapter 14: Threat Intelligence Reporting and Dissemination

Technical requirements

Understanding threat intelligence reporting

Building and understanding adversaries' campaigns

Disseminating threat intelligence

The threat intelligence feedback loop

Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases

Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases

Technical requirements

Creating and sharing IOCs

Understanding and performing threat attribution

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Share your thoughts

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Summary

This chapter has covered the most prevalent threat intelligence frameworks that a good threat analyst should know. We explained the general concept of threat intelligence frameworks and why it is important to integrate them into cyber threat intelligence programs. The analyst should know more about the frameworks to select the most appropriate one for an intelligence task. However, a few parameters can be looked at when choosing an intelligence framework. The more practical ones include how deep the framework goes into analyzing threats, what the scope of the framework is (what kinds of threats does it cover – cloud, enterprise, mobile?), how often the framework is updated to accommodate new threats, how easy it is to integrate into a threat intelligence program, and how easy it is to understand its overall structure. In the next chapter, we review the tradecrafts and standards of threat intelligence.