Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Operationalizing Threat Intelligence
  • Table Of Contents Toc
Operationalizing Threat Intelligence

Operationalizing Threat Intelligence

By : Wilhoit, Opacki
4.6 (14)
Buy this Book
close
close
Operationalizing Threat Intelligence

Operationalizing Threat Intelligence

4.6 (14)
By: Wilhoit, Opacki
Buy this Book

Overview of this book

We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps. In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence. By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.
Table of Contents (18 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Share Your Thoughts
1
Section 1: What Is Threat Intelligence?
Icon
Section 1: What Is Threat Intelligence?
Lock Free Chapter
2
Chapter 1: Why You Need a Threat Intelligence Program
Icon
Chapter 1: Why You Need a Threat Intelligence Program
Icon
What is CTI, and why is it important?
Icon
Tactical, strategic, operational, and technical threat intelligence
Icon
The uses and benefits of CTI
Icon
How to get CTI
Icon
What is good CTI?
Icon
Intelligence cycles
Icon
Threat intelligence maturity, detection, and hunting models
Icon
What to do with threat intelligence
Icon
Summary
3
Chapter 2: Threat Actors, Campaigns, and Tooling
chevron up
Icon
Chapter 2: Threat Actors, Campaigns, and Tooling
Icon
Actor motivations
Icon
Threat actors
Icon
Threat campaigns
Icon
Vulnerabilities and malware
Icon
Malware, campaigns, and actor naming
Icon
Tooling
Icon
Threat actor attribution
Icon
Summary
4
Chapter 3: Guidelines and Policies
Icon
Chapter 3: Guidelines and Policies
Icon
The needs and benefits of guidelines, procedures, standards, and policies
Icon
SIRs
Icon
PIRs
Icon
GIRs
Icon
FCRs
Icon
Developing intelligence requirements
Icon
Summary
5
Chapter 4: Threat Intelligence Frameworks, Standards, Models, and Platforms
Icon
Chapter 4: Threat Intelligence Frameworks, Standards, Models, and Platforms
Icon
The importance of adopting frameworks and standards
Icon
Threat modeling methods and frameworks
Icon
Threat intelligence and data sharing frameworks
Icon
Storage platforms
Icon
Summary
6
Section 2: How to Collect Threat Intelligence
Icon
Section 2: How to Collect Threat Intelligence
7
Chapter 5: Operational Security (OPSEC)
Icon
Chapter 5: Operational Security (OPSEC)
Icon
What is OPSEC?
Icon
Types of OPSEC
Icon
Identity OPSEC
Icon
Technical OPSEC types and concepts
Icon
Actor engagement
Icon
Source protection
Icon
OPSEC monitoring
Icon
Personnel training and metrics
Icon
Summary
8
Chapter 6: Technical Threat Intelligence – Collection
Icon
Chapter 6: Technical Threat Intelligence – Collection
Icon
The collection management process
Icon
The role of the collection manager
Icon
Prioritized collection requirements
Icon
The collection operations life cycle
Icon
Surveying your collection needs
Icon
Planning and administration
Icon
The collection operation
Icon
Data types
Icon
The artifact and observable repositories
Icon
Intelligence collection metrics
Icon
Summary
9
Chapter 7: Technical Threat Analysis – Enrichment
Icon
Chapter 7: Technical Threat Analysis – Enrichment
Icon
The need and motivation for enrichment and analysis
Icon
Infrastructure-based IOCs
Icon
File-based IOCs
Icon
Dynamic malware analysis
Icon
Reverse engineering
Icon
Summary
10
Chapter 8: Technical Threat Analysis – Threat Hunting and Pivoting
Icon
Chapter 8: Technical Threat Analysis – Threat Hunting and Pivoting
Icon
The motivation for hunting and pivoting
Icon
Hunting methods
Icon
Pivot methods
Icon
Pivot and hunting tools and services
Icon
Summary
11
Chapter 9: Technical Threat Analysis – Similarity Analysis
Icon
Chapter 9: Technical Threat Analysis – Similarity Analysis
Icon
The motivations behind similarity analysis
Icon
Graph theory with similarity groups
Icon
Similarity analysis tools
Icon
Hashing and fingerprinting tools
Icon
Summary
12
Section 3: What to Do with Threat Intelligence
Icon
Section 3: What to Do with Threat Intelligence
13
Chapter 10: Preparation and Dissemination
Icon
Chapter 10: Preparation and Dissemination
Icon
Data interpretation and alignment
Icon
Data versus information versus intelligence
Icon
Critical thinking and reasoning in cyber threat intelligence
Icon
Metadata tagging in threat intelligence
Icon
Thoughts before dissemination
Icon
Summary
14
Chapter 11: Fusion into Other Enterprise Operations
Icon
Chapter 11: Fusion into Other Enterprise Operations
Icon
SOC
Icon
IR
Icon
Red and blue teams
Icon
Threat intelligence
Icon
Information security
Icon
Other departments to consider
Icon
Summary
15
Chapter 12: Overview of Datasets and Their Practical Application
Icon
Chapter 12: Overview of Datasets and Their Practical Application
Icon
Planning and direction
Icon
Collection
Icon
Analysis
Icon
Production
Icon
Dissemination and feedback
Icon
Summary
16
Chapter 13: Conclusion
Icon
Chapter 13: Conclusion
Icon
What Is Cyber Threat Intelligence?
Icon
How to Collect Cyber Threat Intelligence
Icon
What to Do with Cyber Threat Intelligence
Icon
Summary
Icon
Why subscribe?
17
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Packt is searching for authors like you
Icon
Share Your Thoughts

Chapter 2: Threat Actors, Campaigns, and Tooling

When people think of threat actors, they often associate the iconography of the hooded miscreant; hiding out in a basement, their features illuminated by the glow of the monitor, tirelessly pecking on the keys of a worn-out keyboard. While this may be a semi-accurate portrayal for a percentage, the reality is that threat actors are far more professional and organized. Studying their behaviors and approaches to committing cybercrimes is much more detailed and involves studying the threat actors, their motivations, and the associated tactics, techniques, and procedures (TTPs) that they utilize in their attack chain.

As we learned in the previous chapter, there are many diverse methods we can use to collect, enrich, rate, and operationalize threat intelligence. A foundational part of CTI involves studying and understanding threat actors, campaigns, vulnerabilities, and malware. These building blocks, when properly defined, help determine...

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Operationalizing Threat Intelligence
End of Section 3
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon