What do you think?
Rate this book
LEARN to Build a Threat Intelligence Program in 1 Day: and LEARN IT WELL
Ever felt at lost and you were tasked to build a Threat Intelligence Program from the ground up?
LEARN to Build a Threat Intelligence Program in 1 Day and LEARN IT WELL will show you step by step how to do just that.
This works because I have done it myself and many of my clients have used the best practices that I have shared in this book and it works!
Inside, you will learn:
• What is Threat Intelligence
• What is a Threat Intelligence Program
• How do you build up a Threat Intelligence Program from ground up
• How to build a Threat Intelligence Program from a practical standpoint
• What are the key steps to stand up an actionable Threat Intelligence Program
• What are some of the activities in each phase of a Threat Intelligence Program
• What are the deliverables in each phase of a Threat Intelligence Program
• What are the key metrics that you should be measuring
Would you like to know more?
Download and start moving towards your goals.
Scroll up and click the buy button.
LEARN to Build a Threat Intelligence Program in 1 Day and LEARN IT WELL will show you step by step how to do just that.
This works because I have done it myself and many of my clients have used the best practices that I have shared in this book and it works!
Inside, you will learn:
• What is Threat Intelligence
• What is a Threat Intelligence Program
• How do you build up a Threat Intelligence Program from ground up
• How to build a Threat Intelligence Program from a practical standpoint
• What are the key steps to stand up an actionable Threat Intelligence Program
• What are some of the activities in each phase of a Threat Intelligence Program
• What are the deliverables in each phase of a Threat Intelligence Program
• What are the key metrics that you should be measuring
Would you like to know more?
Download and start moving towards your goals.
Scroll up and click the buy button.
66 pages, Kindle Edition
Published January 16, 2019
4 people are currently reading
2 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
December 23, 2021
A decent, short guide to forming a cyber threat intelligence program in an organization. It covers several CTI concepts, but isn't comprehensive. Unfortunately, it's riddled with grammatical and spelling errors, which distracts from the content.
Notes
Threat Intelligence Overview
CTI program creation
1. Planning: define threats, goals, requirements, team
2. Intelligence Collection: collect info on threats
3. Intelligence Analysis: analyze collected intel, to ensure it meets org's requirements
4. Collaboration and Feedback: provide intel to org, and adjust CTI program as needed
Phase 1 – Planning
Assess organization's security posture
• What data is most important to the biz?
• Where is the documentation for the IR process?
• Are current security controls working?
• What's the most important thing missing from a security standpoint? Why?
Threat intelligence gap analysis
• Identify IT systems that are critical to biz ops (e.g., biz applications, public-facing servers, infrastructure, operational control systems).
• Identify internal assets of value.
• Identify threat actors, TTPs, campaigns targeting your industry.
• Evaluate effectiveness of current security systems.
• Assess employees' abilities to monitor, detect, mitigate, prevent, remediate targeted attacks from likely adversaries.
• Identify supporting ops and teams in threat collaboration environment.
• Define ideal states and identify gaps.
Identifying organization's intelligence needs and requirements
• What are your TI (threat intel) goals?
• What assets does your org need to safeguard?
• What threat actors and/or exploits are you watching for?
• What security concerns keep executive leaders up at night?
Areas of threat intel
• Malware analysis & reverse engineering
• Open source and deep web monitoring
• Intelligence dissemination
• Vendor management
CTI core functions
• Extracting IoCs
• Researching TI news
• Fusing internal and external TI into TTPs to provide context
• Participate in intel-sharing groups
• Threat analysis and IR support (e.g., digital forensics)
• Use analytics to detect attack patterns
• Populate threat knowledge portal
• Hunt threats on monitored networks
• Honeypot usage: luring, containing, observing threat in contained environment
Phase 2 – Intelligence Collection
CTI vendor evaluation criteria
• Supplies threat indicators, extensive context, malware analysis
• Can integrate various data types
• Customizable alerts, tags, reports
• Supplies nearly real-time updates
• Supports prioritization based on threats
• Integration with SIEM and other preventative controls
• Allows for real-time reaction to data
CTI source evaluation criteria
• Does source reference their sources?
• Who are authors? What's their authority?
• Who's responsible for data? What's funded by another entity?
• Does source and/or funding entity have ulterior motives?
• How recently has data been published and updated?
• What's the source's quality?
Phase 4 – Collaboration and Feedback
Threat intel alert report template
1. Traffic light protocol
2. Intel type: category
3. Summary: 1-3 sentences describing impact to org, usually drawn from secondary research
4. Analysis: technical details
5. Recommendation: recommended action (block indicators, no action required, etc.)
6. Source: intel source
7. Feedback: allow consumer to rate and give feedback
Notes
Threat Intelligence Overview
CTI program creation
1. Planning: define threats, goals, requirements, team
2. Intelligence Collection: collect info on threats
3. Intelligence Analysis: analyze collected intel, to ensure it meets org's requirements
4. Collaboration and Feedback: provide intel to org, and adjust CTI program as needed
Phase 1 – Planning
Assess organization's security posture
• What data is most important to the biz?
• Where is the documentation for the IR process?
• Are current security controls working?
• What's the most important thing missing from a security standpoint? Why?
Threat intelligence gap analysis
• Identify IT systems that are critical to biz ops (e.g., biz applications, public-facing servers, infrastructure, operational control systems).
• Identify internal assets of value.
• Identify threat actors, TTPs, campaigns targeting your industry.
• Evaluate effectiveness of current security systems.
• Assess employees' abilities to monitor, detect, mitigate, prevent, remediate targeted attacks from likely adversaries.
• Identify supporting ops and teams in threat collaboration environment.
• Define ideal states and identify gaps.
Identifying organization's intelligence needs and requirements
• What are your TI (threat intel) goals?
• What assets does your org need to safeguard?
• What threat actors and/or exploits are you watching for?
• What security concerns keep executive leaders up at night?
Areas of threat intel
• Malware analysis & reverse engineering
• Open source and deep web monitoring
• Intelligence dissemination
• Vendor management
CTI core functions
• Extracting IoCs
• Researching TI news
• Fusing internal and external TI into TTPs to provide context
• Participate in intel-sharing groups
• Threat analysis and IR support (e.g., digital forensics)
• Use analytics to detect attack patterns
• Populate threat knowledge portal
• Hunt threats on monitored networks
• Honeypot usage: luring, containing, observing threat in contained environment
Phase 2 – Intelligence Collection
CTI vendor evaluation criteria
• Supplies threat indicators, extensive context, malware analysis
• Can integrate various data types
• Customizable alerts, tags, reports
• Supplies nearly real-time updates
• Supports prioritization based on threats
• Integration with SIEM and other preventative controls
• Allows for real-time reaction to data
CTI source evaluation criteria
• Does source reference their sources?
• Who are authors? What's their authority?
• Who's responsible for data? What's funded by another entity?
• Does source and/or funding entity have ulterior motives?
• How recently has data been published and updated?
• What's the source's quality?
Phase 4 – Collaboration and Feedback
Threat intel alert report template
1. Traffic light protocol
2. Intel type: category
3. Summary: 1-3 sentences describing impact to org, usually drawn from secondary research
4. Analysis: technical details
5. Recommendation: recommended action (block indicators, no action required, etc.)
6. Source: intel source
7. Feedback: allow consumer to rate and give feedback
Displaying 1 of 1 review