Book Image

Mastering Cyber Intelligence

By : Jean Nestor M. Dahj
Book Image

Mastering Cyber Intelligence

By: Jean Nestor M. Dahj

Overview of this book

The sophistication of cyber threats, such as ransomware, advanced phishing campaigns, zero-day vulnerability attacks, and advanced persistent threats (APTs), is pushing organizations and individuals to change strategies for reliable system protection. Cyber Threat Intelligence converts threat information into evidence-based intelligence that uncovers adversaries' intents, motives, and capabilities for effective defense against all kinds of threats. This book thoroughly covers the concepts and practices required to develop and drive threat intelligence programs, detailing the tasks involved in each step of the CTI lifecycle. You'll be able to plan a threat intelligence program by understanding and collecting the requirements, setting up the team, and exploring the intelligence frameworks. You'll also learn how and from where to collect intelligence data for your program, considering your organization level. With the help of practical examples, this book will help you get to grips with threat data processing and analysis. And finally, you'll be well-versed with writing tactical, technical, and strategic intelligence reports and sharing them with the community. By the end of this book, you'll have acquired the knowledge and skills required to drive threat intelligence operations from planning to dissemination phases, protect your organization, and help in critical defense decisions.

Related Content you might be interested in

Current Title:

Small book image
Mastering Cyber Intelligence
Jean Nestor M. Dahj
Apr, 2022 | 528 pages
Small book image
Operationalizing Threat Intelligence
Joseph Opacki | Kyle Wilhoit
Jun, 2022 | 460 pages
Small book image
Incident Response in the Age of Cloud
Erdal Ozkaya
Feb, 2021 | 622 pages
Small book image
Purple Team Strategies
Samuel Rossier | David Routin | Simon Thoores
Jun, 2022 | 450 pages
Table of Contents (20 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share your thoughts
1
Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft
Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft
Free Chapter
2
Chapter 1: Cyber Threat Intelligence Life Cycle
Chapter 1: Cyber Threat Intelligence Life Cycle
Technical requirements
Cyber threat intelligence – a global overview
Intelligence data collection
Intelligence data processing
Analysis and production
Threat intelligence dissemination
Threat intelligence feedback
Summary
3
Chapter 2: Requirements and Intelligence Team Implementation
Chapter 2: Requirements and Intelligence Team Implementation
Technical requirements
Threat intelligence requirements and prioritization
Requirements development
Intelligence team layout and prerequisites
Intelligence team implementation
Summary
4
Chapter 3: Cyber Threat Intelligence Frameworks
Chapter 3: Cyber Threat Intelligence Frameworks
Technical requirements
Intelligence frameworks – overview
Lockheed Martin's Cyber Kill Chain framework
MITRE's ATT&CK knowledge-based framework
Diamond model of intrusion analysis framework
Summary
5
Chapter 4: Cyber Threat Intelligence Tradecraft and Standards
Chapter 4: Cyber Threat Intelligence Tradecraft and Standards
Technical requirements
The baseline of intelligence analytic tradecraft
Understanding and adapting ICD 203 to CTI
Understanding the STIX standard
Understanding the TAXII standard
AFI14-133 tradecraft standard for CTI
Summary
6
Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases
Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases
Technical requirements
The threat intelligence strategy map and goal setting
TIPs – an overview
Case study 1 – CTI for Level 1 organizations
Case study 2 – CTI for Level 2 organizations
Case study 3 – CTI for Level 3 organizations
Installing the MISP platform (optional)
Summary
7
Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms
Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms
8
Chapter 6: Cyber Threat Modeling and Adversary Analysis
Chapter 6: Cyber Threat Modeling and Adversary Analysis
Technical requirements
The strategic threat modeling process
Threat modeling methodologies
Threat modeling use case
User behavior logic
Adversary analysis techniques
Summary
9
Chapter 7: Threat Intelligence Data Sources
Chapter 7: Threat Intelligence Data Sources
Technical requirements
Defining the right sources for threat intelligence
Open Source Intelligence Feeds (OSINT)
Malware data for threat intelligence
Other non-open source intelligence sources
Intelligence data structuring and storing
Summary
10
Chapter 8: Effective Defense Tactics and Data Protection
Chapter 8: Effective Defense Tactics and Data Protection
Technical requirements
Enforcing the CIA triad – overview
Challenges and pitfalls of threat defense mechanisms
Data monitoring and active analytics
Vulnerability assessment and data risk analysis
Encryption, tokenization, masking and quarantining
Endpoint management
Summary
11
Chapter 9: AI Applications in Cyber Threat Analytics
Chapter 9: AI Applications in Cyber Threat Analytics
Technical requirements
AI and CTI
AI's position in the CTI program and security stack
AI integration – the IBM QRadar Advisor approach
Summary
12
Chapter 10: Threat Modeling and Analysis – Practical Use Cases
Chapter 10: Threat Modeling and Analysis – Practical Use Cases
Technical requirements
Understanding the analysis process
Intrusion analysis case – how to proceed
MISP for automated threat analysis and storing
Summary
13
Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes
Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes
14
Chapter 11: Usable Security: Threat Intelligence as Part of the Process
Chapter 11: Usable Security: Threat Intelligence as Part of the Process
Technical requirements
Threat modeling guidelines for secured operations
Data privacy in modern business
Social engineering and mental models
Intelligence-based DevSecOps high-level architecture
Summary
15
Chapter 12: SIEM Solutions and Intelligence-Driven SOCs
Chapter 12: SIEM Solutions and Intelligence-Driven SOCs
Technical requirements
Integrating threat intelligence into SIEM tools – Reactive and proactive defense through SIEM tools
Making SOCs intelligent – Intelligence-driven SOCs
Threat intelligence and IR
Integrating threat intelligence into SIEM systems
Summary
16
Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain
Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain
Technical requirements
Understanding threat intelligence metrics
IOCs, the CTI warhead
PoP, the adversary padlock
Understanding IOAs
Summary
17
Chapter 14: Threat Intelligence Reporting and Dissemination
Chapter 14: Threat Intelligence Reporting and Dissemination
Technical requirements
Understanding threat intelligence reporting
Building and understanding adversaries' campaigns
Disseminating threat intelligence
The threat intelligence feedback loop
Summary
18
Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases
Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases
Technical requirements
Creating and sharing IOCs
Understanding and performing threat attribution
Summary
Why subscribe?
19
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

Preface

The increase in security breaches and attacks in the last two decades indicates that the traditional security defense methods are falling short. The sophistication of attacks – such as the Advanced Persistent Threats (APTs) – leaves organizations with more worries despite the heavy investment in security tools, which often work in silos. The lack of analytics skills, the struggle to incorporate security into processes, and the gap in structured security analytics are the main concern in the fight against augmented cyber threats.

Cyber Threat Intelligence (CTI) is a collaborative security program that uses advanced analysis of data collected from several sources (internal and external) to discover, detect, deny, disrupt, degrade, deceive, or destroy adversaries' activities. Because it is actionable and encourages information sharing between community members, individuals, and so on, it is becoming the de facto method to fight against APTs. However, many organizations are still struggling to embrace and integrate CTI in their existing security solutions and extract value from it.

This book, Mastering Cyber Intelligence, provides the knowledge required to dive into the CTI world. It equips you with the theoretical and practical skills to conduct a threat intelligence program from planning to dissemination and feedback processing. It details strategies you can use to integrate CTI into an organization's security stack from the ground up, allowing you to effectively deal with cyber threats.

Through step-by-step explanations and examples, you learn how to position CTI in the organization strategy and plan, and set objectives for your CTI program, collect the appropriate data for your program, process and format the collected data, perform threat modeling and conduct threat analysis, and share intelligence output internally (with the strategic, tactical, and operational security teams) and externally (with the community). By the end of the book, you will master CTI and be confident to help organizations implement it to protect revenue, assets, and sensitive information (and data).

Previous Section
Next Section