Book Image

Operationalizing Threat Intelligence

By : Kyle Wilhoit, Joseph Opacki
Book Image

Operationalizing Threat Intelligence

By: Kyle Wilhoit, Joseph Opacki

Overview of this book

We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps. In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence. By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.

Related Content you might be interested in

Current Title:

Small book image
Operationalizing Threat Intelligence
Kyle Wilhoit | Joseph Opacki
Jun, 2022 | 460 pages
Small book image
Mastering Cyber Intelligence
Jean Nestor M Dahj
Apr, 2022 | 528 pages
Small book image
Digital Forensics and Incident Response.
Gerard Johansen
Dec, 2022 | 532 pages
Small book image
Practical Cyber Intelligence
Wilson Bautista
Mar, 2018 | 322 pages
Table of Contents (18 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Share Your Thoughts
1
Section 1: What Is Threat Intelligence?
Section 1: What Is Threat Intelligence?
Free Chapter
2
Chapter 1: Why You Need a Threat Intelligence Program
Chapter 1: Why You Need a Threat Intelligence Program
What is CTI, and why is it important?
Tactical, strategic, operational, and technical threat intelligence
The uses and benefits of CTI
How to get CTI
What is good CTI?
Intelligence cycles
Threat intelligence maturity, detection, and hunting models
What to do with threat intelligence
Summary
3
Chapter 2: Threat Actors, Campaigns, and Tooling
Chapter 2: Threat Actors, Campaigns, and Tooling
Actor motivations
Threat actors
Threat campaigns
Vulnerabilities and malware
Malware, campaigns, and actor naming
Tooling
Threat actor attribution
Summary
4
Chapter 3: Guidelines and Policies
Chapter 3: Guidelines and Policies
The needs and benefits of guidelines, procedures, standards, and policies
SIRs
PIRs
GIRs
FCRs
Developing intelligence requirements
Summary
5
Chapter 4: Threat Intelligence Frameworks, Standards, Models, and Platforms
Chapter 4: Threat Intelligence Frameworks, Standards, Models, and Platforms
The importance of adopting frameworks and standards
Threat modeling methods and frameworks
Threat intelligence and data sharing frameworks
Storage platforms
Summary
6
Section 2: How to Collect Threat Intelligence
Section 2: How to Collect Threat Intelligence
7
Chapter 5: Operational Security (OPSEC)
Chapter 5: Operational Security (OPSEC)
What is OPSEC?
Types of OPSEC
Identity OPSEC
Technical OPSEC types and concepts
Actor engagement
Source protection
OPSEC monitoring
Personnel training and metrics
Summary
8
Chapter 6: Technical Threat Intelligence – Collection
Chapter 6: Technical Threat Intelligence – Collection
The collection management process
The role of the collection manager
Prioritized collection requirements
The collection operations life cycle
Surveying your collection needs
Planning and administration
The collection operation
Data types
The artifact and observable repositories
Intelligence collection metrics
Summary
9
Chapter 7: Technical Threat Analysis – Enrichment
Chapter 7: Technical Threat Analysis – Enrichment
The need and motivation for enrichment and analysis
Infrastructure-based IOCs
File-based IOCs
Dynamic malware analysis
Reverse engineering
Summary
10
Chapter 8: Technical Threat Analysis – Threat Hunting and Pivoting
Chapter 8: Technical Threat Analysis – Threat Hunting and Pivoting
The motivation for hunting and pivoting
Hunting methods
Pivot methods
Pivot and hunting tools and services
Summary
11
Chapter 9: Technical Threat Analysis – Similarity Analysis
Chapter 9: Technical Threat Analysis – Similarity Analysis
The motivations behind similarity analysis
Graph theory with similarity groups
Similarity analysis tools
Hashing and fingerprinting tools
Summary
12
Section 3: What to Do with Threat Intelligence
Section 3: What to Do with Threat Intelligence
13
Chapter 10: Preparation and Dissemination
Chapter 10: Preparation and Dissemination
Data interpretation and alignment
Data versus information versus intelligence
Critical thinking and reasoning in cyber threat intelligence
Metadata tagging in threat intelligence
Thoughts before dissemination
Summary
14
Chapter 11: Fusion into Other Enterprise Operations
Chapter 11: Fusion into Other Enterprise Operations
SOC
IR
Red and blue teams
Threat intelligence
Information security
Other departments to consider
Summary
15
Chapter 12: Overview of Datasets and Their Practical Application
Chapter 12: Overview of Datasets and Their Practical Application
Planning and direction
Collection
Analysis
Production
Dissemination and feedback
Summary
16
Chapter 13: Conclusion
Chapter 13: Conclusion
What Is Cyber Threat Intelligence?
How to Collect Cyber Threat Intelligence
What to Do with Cyber Threat Intelligence
Summary
Why subscribe?
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts

Preface

The volume of cyber threat events that occur has reached a point at which the world is talking about numerous attacks against various organizations' attack surfaces daily. Additionally, the reasoning behind these attacks ranges from opportunistic to financially motivated to revenge, and even to support ongoing physical conflicts between nations. It's no longer a question of if you or your organization will be impacted by a cyber threat event; it's now a question of when.

This book is written for one purpose, and that is to introduce individuals and organizations to cyber threat intelligence operations. In this book, we take you through the process of evaluating the cyber threat intelligence life cycle and discuss the various motivations, operating processes, and points to consider when establishing or maturing a cyber threat intelligence program. During the process, you are introduced to the different phases of the intelligence life cycle that assist you with understanding your knowledge gaps, evaluating threats, building a program to collect data about threats, analyzing those threats, and using the information collected to make hypotheses that inform strategic decision making about the threats most organization are facing.

By the end of this book, you will be able to build a cyber threat intelligence program that focuses on threat actors, campaigns, and actor tools, in addition to establishing processes and procedures that focus on the analysis and enrichment of technical data collection about threats that will assist you or any organization with key decision making around security posture improvements.

Previous Section
Next Section