Book Image

Mastering Cyber Intelligence

By : Jean Nestor M. Dahj
Book Image

Mastering Cyber Intelligence

By: Jean Nestor M. Dahj

Overview of this book

The sophistication of cyber threats, such as ransomware, advanced phishing campaigns, zero-day vulnerability attacks, and advanced persistent threats (APTs), is pushing organizations and individuals to change strategies for reliable system protection. Cyber Threat Intelligence converts threat information into evidence-based intelligence that uncovers adversaries' intents, motives, and capabilities for effective defense against all kinds of threats. This book thoroughly covers the concepts and practices required to develop and drive threat intelligence programs, detailing the tasks involved in each step of the CTI lifecycle. You'll be able to plan a threat intelligence program by understanding and collecting the requirements, setting up the team, and exploring the intelligence frameworks. You'll also learn how and from where to collect intelligence data for your program, considering your organization level. With the help of practical examples, this book will help you get to grips with threat data processing and analysis. And finally, you'll be well-versed with writing tactical, technical, and strategic intelligence reports and sharing them with the community. By the end of this book, you'll have acquired the knowledge and skills required to drive threat intelligence operations from planning to dissemination phases, protect your organization, and help in critical defense decisions.

Related Content you might be interested in

Current Title:

Small book image
Mastering Cyber Intelligence
Jean Nestor M. Dahj
Apr, 2022 | 528 pages
Small book image
Operationalizing Threat Intelligence
Joseph Opacki | Kyle Wilhoit
Jun, 2022 | 460 pages
Small book image
Incident Response in the Age of Cloud
Erdal Ozkaya
Feb, 2021 | 622 pages
Small book image
Purple Team Strategies
Samuel Rossier | David Routin | Simon Thoores
Jun, 2022 | 450 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share your thoughts
1
Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft
Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft
Free Chapter
2
Chapter 1: Cyber Threat Intelligence Life Cycle
Chapter 1: Cyber Threat Intelligence Life Cycle
Technical requirements
Cyber threat intelligence – a global overview
Intelligence data collection
Intelligence data processing
Analysis and production
Threat intelligence dissemination
Threat intelligence feedback
Summary
3
Chapter 2: Requirements and Intelligence Team Implementation
Chapter 2: Requirements and Intelligence Team Implementation
Technical requirements
Threat intelligence requirements and prioritization
Requirements development
Intelligence team layout and prerequisites
Intelligence team implementation
Summary
4
Chapter 3: Cyber Threat Intelligence Frameworks
Chapter 3: Cyber Threat Intelligence Frameworks
Technical requirements
Intelligence frameworks – overview
Lockheed Martin's Cyber Kill Chain framework
MITRE's ATT&CK knowledge-based framework
Diamond model of intrusion analysis framework
Summary
5
Chapter 4: Cyber Threat Intelligence Tradecraft and Standards
Chapter 4: Cyber Threat Intelligence Tradecraft and Standards
Technical requirements
The baseline of intelligence analytic tradecraft
Understanding and adapting ICD 203 to CTI
Understanding the STIX standard
Understanding the TAXII standard
AFI14-133 tradecraft standard for CTI
Summary
6
Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases
Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases
Technical requirements
The threat intelligence strategy map and goal setting
TIPs – an overview
Case study 1 – CTI for Level 1 organizations
Case study 2 – CTI for Level 2 organizations
Case study 3 – CTI for Level 3 organizations
Installing the MISP platform (optional)
Summary
7
Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms
Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms
8
Chapter 6: Cyber Threat Modeling and Adversary Analysis
Chapter 6: Cyber Threat Modeling and Adversary Analysis
Technical requirements
The strategic threat modeling process
Threat modeling methodologies
Threat modeling use case
User behavior logic
Adversary analysis techniques
Summary
9
Chapter 7: Threat Intelligence Data Sources
Chapter 7: Threat Intelligence Data Sources
Technical requirements
Defining the right sources for threat intelligence
Open Source Intelligence Feeds (OSINT)
Malware data for threat intelligence
Other non-open source intelligence sources
Intelligence data structuring and storing
Summary
10
Chapter 8: Effective Defense Tactics and Data Protection
Chapter 8: Effective Defense Tactics and Data Protection
Technical requirements
Enforcing the CIA triad – overview
Challenges and pitfalls of threat defense mechanisms
Data monitoring and active analytics
Vulnerability assessment and data risk analysis
Encryption, tokenization, masking and quarantining
Endpoint management
Summary
11
Chapter 9: AI Applications in Cyber Threat Analytics
Chapter 9: AI Applications in Cyber Threat Analytics
Technical requirements
AI and CTI
AI's position in the CTI program and security stack
AI integration – the IBM QRadar Advisor approach
Summary
12
Chapter 10: Threat Modeling and Analysis – Practical Use Cases
Chapter 10: Threat Modeling and Analysis – Practical Use Cases
Technical requirements
Understanding the analysis process
Intrusion analysis case – how to proceed
MISP for automated threat analysis and storing
Summary
13
Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes
Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes
14
Chapter 11: Usable Security: Threat Intelligence as Part of the Process
Chapter 11: Usable Security: Threat Intelligence as Part of the Process
Technical requirements
Threat modeling guidelines for secured operations
Data privacy in modern business
Social engineering and mental models
Intelligence-based DevSecOps high-level architecture
Summary
15
Chapter 12: SIEM Solutions and Intelligence-Driven SOCs
Chapter 12: SIEM Solutions and Intelligence-Driven SOCs
Technical requirements
Integrating threat intelligence into SIEM tools – Reactive and proactive defense through SIEM tools
Making SOCs intelligent – Intelligence-driven SOCs
Threat intelligence and IR
Integrating threat intelligence into SIEM systems
Summary
16
Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain
Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain
Technical requirements
Understanding threat intelligence metrics
IOCs, the CTI warhead
PoP, the adversary padlock
Understanding IOAs
Summary
17
Chapter 14: Threat Intelligence Reporting and Dissemination
Chapter 14: Threat Intelligence Reporting and Dissemination
Technical requirements
Understanding threat intelligence reporting
Building and understanding adversaries' campaigns
Disseminating threat intelligence
The threat intelligence feedback loop
Summary
18
Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases
Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases
Technical requirements
Creating and sharing IOCs
Understanding and performing threat attribution
Summary
Why subscribe?
19
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Technical requirements

This chapter contains a practical exercise to install an open-source TIP that will be used throughout this book. It is essential to meet the following technical requirements:

  • Hardware: Possess a computer or a server with at least 64 GB of disk space and 8 GB RAM. An i5 (or higher) processor is recommended to smoothly run the malware information sharing platform (MISP) virtual machine (VM).
  • Software: Install a virtualization software environment (VirtualBox is used here, but VMware or any other virtualization software can be used as well). Most virtualization software supports all the major operating systems. Therefore, any OS should work fine.
  • Miscellaneous: Have a basic knowledge of the chosen virtualization software in terms of networking and other configurations.

    Note

    You can still read this book and understand its concepts without installing the MISP platform. The practical aspect is added to equip you with the basic skills required to perform...

Previous Section
End of Section 2
Next Section