Book Image

Mastering Cyber Intelligence

By : Jean Nestor M. Dahj
Book Image

Mastering Cyber Intelligence

By: Jean Nestor M. Dahj

Overview of this book

The sophistication of cyber threats, such as ransomware, advanced phishing campaigns, zero-day vulnerability attacks, and advanced persistent threats (APTs), is pushing organizations and individuals to change strategies for reliable system protection. Cyber Threat Intelligence converts threat information into evidence-based intelligence that uncovers adversaries' intents, motives, and capabilities for effective defense against all kinds of threats. This book thoroughly covers the concepts and practices required to develop and drive threat intelligence programs, detailing the tasks involved in each step of the CTI lifecycle. You'll be able to plan a threat intelligence program by understanding and collecting the requirements, setting up the team, and exploring the intelligence frameworks. You'll also learn how and from where to collect intelligence data for your program, considering your organization level. With the help of practical examples, this book will help you get to grips with threat data processing and analysis. And finally, you'll be well-versed with writing tactical, technical, and strategic intelligence reports and sharing them with the community. By the end of this book, you'll have acquired the knowledge and skills required to drive threat intelligence operations from planning to dissemination phases, protect your organization, and help in critical defense decisions.

Related Content you might be interested in

Current Title:

Small book image
Mastering Cyber Intelligence
Jean Nestor M. Dahj
Apr, 2022 | 528 pages
Small book image
Operationalizing Threat Intelligence
Joseph Opacki | Kyle Wilhoit
Jun, 2022 | 460 pages
Small book image
Incident Response in the Age of Cloud
Erdal Ozkaya
Feb, 2021 | 622 pages
Small book image
Digital Forensics and Incident Response.
Gerard Johansen
Dec, 2022 | 532 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share your thoughts
1
Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft
Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft
Free Chapter
2
Chapter 1: Cyber Threat Intelligence Life Cycle
Chapter 1: Cyber Threat Intelligence Life Cycle
Technical requirements
Cyber threat intelligence – a global overview
Intelligence data collection
Intelligence data processing
Analysis and production
Threat intelligence dissemination
Threat intelligence feedback
Summary
3
Chapter 2: Requirements and Intelligence Team Implementation
Chapter 2: Requirements and Intelligence Team Implementation
Technical requirements
Threat intelligence requirements and prioritization
Requirements development
Intelligence team layout and prerequisites
Intelligence team implementation
Summary
4
Chapter 3: Cyber Threat Intelligence Frameworks
Chapter 3: Cyber Threat Intelligence Frameworks
Technical requirements
Intelligence frameworks – overview
Lockheed Martin's Cyber Kill Chain framework
MITRE's ATT&CK knowledge-based framework
Diamond model of intrusion analysis framework
Summary
5
Chapter 4: Cyber Threat Intelligence Tradecraft and Standards
Chapter 4: Cyber Threat Intelligence Tradecraft and Standards
Technical requirements
The baseline of intelligence analytic tradecraft
Understanding and adapting ICD 203 to CTI
Understanding the STIX standard
Understanding the TAXII standard
AFI14-133 tradecraft standard for CTI
Summary
6
Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases
Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases
Technical requirements
The threat intelligence strategy map and goal setting
TIPs – an overview
Case study 1 – CTI for Level 1 organizations
Case study 2 – CTI for Level 2 organizations
Case study 3 – CTI for Level 3 organizations
Installing the MISP platform (optional)
Summary
7
Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms
Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms
8
Chapter 6: Cyber Threat Modeling and Adversary Analysis
Chapter 6: Cyber Threat Modeling and Adversary Analysis
Technical requirements
The strategic threat modeling process
Threat modeling methodologies
Threat modeling use case
User behavior logic
Adversary analysis techniques
Summary
9
Chapter 7: Threat Intelligence Data Sources
Chapter 7: Threat Intelligence Data Sources
Technical requirements
Defining the right sources for threat intelligence
Open Source Intelligence Feeds (OSINT)
Malware data for threat intelligence
Other non-open source intelligence sources
Intelligence data structuring and storing
Summary
10
Chapter 8: Effective Defense Tactics and Data Protection
Chapter 8: Effective Defense Tactics and Data Protection
Technical requirements
Enforcing the CIA triad – overview
Challenges and pitfalls of threat defense mechanisms
Data monitoring and active analytics
Vulnerability assessment and data risk analysis
Encryption, tokenization, masking and quarantining
Endpoint management
Summary
11
Chapter 9: AI Applications in Cyber Threat Analytics
Chapter 9: AI Applications in Cyber Threat Analytics
Technical requirements
AI and CTI
AI's position in the CTI program and security stack
AI integration – the IBM QRadar Advisor approach
Summary
12
Chapter 10: Threat Modeling and Analysis – Practical Use Cases
Chapter 10: Threat Modeling and Analysis – Practical Use Cases
Technical requirements
Understanding the analysis process
Intrusion analysis case – how to proceed
MISP for automated threat analysis and storing
Summary
13
Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes
Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes
14
Chapter 11: Usable Security: Threat Intelligence as Part of the Process
Chapter 11: Usable Security: Threat Intelligence as Part of the Process
Technical requirements
Threat modeling guidelines for secured operations
Data privacy in modern business
Social engineering and mental models
Intelligence-based DevSecOps high-level architecture
Summary
15
Chapter 12: SIEM Solutions and Intelligence-Driven SOCs
Chapter 12: SIEM Solutions and Intelligence-Driven SOCs
Technical requirements
Integrating threat intelligence into SIEM tools – Reactive and proactive defense through SIEM tools
Making SOCs intelligent – Intelligence-driven SOCs
Threat intelligence and IR
Integrating threat intelligence into SIEM systems
Summary
16
Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain
Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain
Technical requirements
Understanding threat intelligence metrics
IOCs, the CTI warhead
PoP, the adversary padlock
Understanding IOAs
Summary
17
Chapter 14: Threat Intelligence Reporting and Dissemination
Chapter 14: Threat Intelligence Reporting and Dissemination
Technical requirements
Understanding threat intelligence reporting
Building and understanding adversaries' campaigns
Disseminating threat intelligence
The threat intelligence feedback loop
Summary
18
Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases
Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases
Technical requirements
Creating and sharing IOCs
Understanding and performing threat attribution
Summary
Why subscribe?
19
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Chapter 1: Cyber Threat Intelligence Life Cycle

This chapter will explain the steps of the threat intelligence life cycle. We will provide a high-level description of each step while looking at some practical examples to help you understand what each step entails. By the end of the chapter, you will be able to explain each stage of the intelligence life cycle and join the practical with the theoretical. This chapter forms the baseline of this book, and various intelligence strategies and processes will be built on top of this knowledge.

By the end of this chapter, you should be able to do the following:

  • Clearly explain what cyber threat intelligence is, why organizations must integrate it into the business and security team, who benefits from it, and be able to define its scope.
  • Understand the challenges related to threat intelligence and cybersecurity in general.
  • Know and understand the required components to effectively plan and set directions for a threat intelligence project.
  • Know and understand the data required to build an intelligence project and how to acquire it globally.
  • Understand intelligence data processing, why it is essential in integrating a CTI project, and justify the need for automating the processing step.
  • Understand the analysis step, its application, and its impact on the entire CTI project. In this step, you will also learn about intelligence analysis bias and different techniques that can be used to avoid a biased intelligence analysis.
  • Explain the cycle's dissemination step and how to share an intelligence product with the relevant stakeholders. You should also understand the importance of the audience when consuming the product.
  • Understand and explain the feedback phase of the cycle and state why it is critical in the project.

In this chapter, we are going to cover the following main topics:

  • Cyber threat intelligence – a global overview
  • Planning, objectives, and direction
  • Intelligence data collection
  • Intelligence data processing
  • Intelligence analysis and production
  • Threat intelligence dissemination
  • Threat intelligence feedback
Previous Section
End of Section 1
Next Section