How to Define and Build an Effective Cyber Threat Intelligence Capability
eBook - ePub

How to Define and Build an Effective Cyber Threat Intelligence Capability

  1. 42 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

How to Define and Build an Effective Cyber Threat Intelligence Capability

About this book

Intelligence-Led Security: How to Understand, Justify and Implement a New Approach to Security is a concise review of the concept of Intelligence-Led Security. Protecting a business, including its information and intellectual property, physical infrastructure, employees, and reputation, has become increasingly difficult. Online threats come from all sides: internal leaks and external adversaries; domestic hacktivists and overseas cybercrime syndicates; targeted threats and mass attacks. And these threats run the gamut from targeted to indiscriminate to entirely accidental. Among thought leaders and advanced organizations, the consensus is now clear. Defensive security measures: antivirus software, firewalls, and other technical controls and post-attack mitigation strategies are no longer sufficient. To adequately protect company assets and ensure business continuity, organizations must be more proactive. Increasingly, this proactive stance is being summarized by the phrase Intelligence-Led Security: the use of data to gain insight into what can happen, who is likely to be involved, how they are likely to attack and, if possible, to predict when attacks are likely to come. In this book, the authors review the current threat-scape and why it requires this new approach, offer a clarifying definition of what Cyber Threat Intelligence is, describe how to communicate its value to business, and lay out concrete steps toward implementing Intelligence-Led Security. - Learn how to create a proactive strategy for digital security - Use data analysis and threat forecasting to predict and prevent attacks before they start - Understand the fundamentals of today's threatscape and how best to organize your defenses

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access How to Define and Build an Effective Cyber Threat Intelligence Capability by Henry Dalziel, Eric Olson,James Carnall in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.
Chapter 1

Introduction

Abstract

One of the most important concepts in the world of information security today is defining and building an effective cyber threat-intelligence capability. We discuss the notions of Why, What, How, and Who in order to help readers define how to build an effective cyber threat-intelligence capability.

Keywords

cyber threat intelligence
cyber threat center
One of the most important concepts in the world of information security today is defining and building an effective Cyber Threat Intelligence capability. To ensure that all the concepts are covered, we have teamed up with Cyveillance, a world leader in cyber intelligence, to create a storyline that covers the following topics.
We start with discussing why the notion of defining an effective capability is so important. As we will see, threat intelligence is one of the buzzwords of the day, but it means different things to different people. As a result, it can end up meaning next to nothing, unless you define it according to your organization’s individual goals.
As a cybersecurity professional, you may have been exposed to the current trend to discuss, plan, or even build and operate some kind of cyber threat center, “super SEIM,” super SOC or whatever your particular organization may have chosen to call it. Despite a lot of buzz, startup money, and industry discussion, what we have seen most often is that there are far more organizations in the “planning” stage, the “thinking about it” stage or the “wondering if it’s a good idea” stage than those successfully operating a functional center, and it is for that larger group, that is, those who are not yet in operation, or are just getting started, for whom this book is intended.
There’s a lot of technical jargon thrown around, but in our opinion, it really boils down to the following: Why, What, How and Who. Each of those elements will be tackled in detail in the following chapters. You will also be introduced to an easy-to-follow process to translate your objectives – or the “why” in colloquial terms – into activities and needs, or the “what.” With this information at hand, you will be able to determine what intelligence you would need on the basis of those objectives, that is, the options available to you to build a program, and how the process can be implemented to make your center or threat intelligence capability a reality.
Another key aspect we cover is an overview of the common landmines that organizations tend to step on. This book will go over the keys to successful implementation, which is really a nice way of saying how to avoid stepping on those landmines! Then, and only then would it be worth discussing who the right vendors, partners, or employees are to build, staff, and run your cyber threat intelligence program.
Last, but not by any means the least, the book will cover reporting and management communication as well as its importance in an effective threat intelligence operation. From there, the conversation will come to an end at the “block and tackle” planning, budgeting, and submitting a request for money stage, without which none of this happens.
Before getting down to the nitty-gritty of cyber threat intelligence, we would like to share a quote. Taken from Lewis Carroll’s Alice in Wonderland, it is part of a conversation between Alice and the Cheshire Cat, but it is also applicable in real life while talking to stakeholders in the planning or thinking stages of building a threat intelligence capability.
Alice: Would you tell me please, which way I ought to go?
The Cat: Well that depends a good deal on where you want to get to.
Alice: I don’t care much where.
The Cat: Then it doesn’t matter which way you go, does it?
Any threat intelligence program that does not support a clear business objective; pursue a well-defined mission that is bounded, scoped and relatively rigid; work within a set of clear expectations in a portfolio of responsibilities that everyone agrees to; and meaningfully report metrics that matter to management and budget holders is doomed, in our opinion, to fail.
These factors are critical to understand at the outset for defining and building a threat intelligence capability. If you do not ensure that these elements are considered, if you do not set out with a clear end state in mind, you are like Alice talking to the Cheshire Cat. If you do not know where you are going, it is easy to meander about, spending time and money, with no clear idea of where you are going, or knowing if you are actually getting any closer to your destination.
Chapter 2

A Problem Well-Defined is Half-Solved

Abstracts

This chapter covers the importance of molding a threat-intelligence program around (company-specific) business objectives, that is, it must pursue a well-defined mission that is bounded, scoped, and relatively rigid; work within a set of clear expectations in a portfolio of responsibilities that everyone agrees to; and meaningfully report metrics that matter to management and budget holders.

Keywords

application vulnerabilities
malware signatures
URL blacklists
botted nodes
vulnerability threat intelligence
security posture
risk assessment
spear phishing
Threat intelligence is absolutely the buzzword “du jour.” It is being used to seek venture capital and fund start-ups. It is being aggressively pitched to the enterprise market by the provider industry as the solution to all their woes. Well, to put a fairly aggressive stake in the ground, we would argue that the majority of what is being sold and billed as “threat intelligence” is not. It is data. From lists of bad IPs, or application vulnerabilities, or malware signatures, or URL blacklists, to botted nodes, or botnet C2 servers, or social media data; from open source or web-based content to RSS feeds and IRC channels, in their initial form, none of these things is “intelligence,” they are data.

2.1. Data feeds vs. intelligence

Our contributing editor, Cyveillance, will tell you they love data. Data is great! They produce data, buy data, sell data, and there is no question data plays a pivotal role here. However, we are going to cover the subject of data as it relates specifically to building a threat intelligence capability, and there is an absolute distinction between data and intelligence. So, in the spirit of “a problem well-defined is half-solved,” we can save a lot of confusion if we start by explicitly defining the differences bet...

Table of contents

  1. Cover
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Author Biography
  6. Contributing Editors' Biography
  7. Chapter 1: Introduction
  8. Chapter 2: A Problem Well-Defined is Half-Solved
  9. Chapter 3: Defining Business Objectives or “Start with Why”
  10. Chapter 4: Common Objectives of a Threat Intelligence Program
  11. Chapter 5: Translating Objectives into Needs, or “Why Drives What”
  12. Chapter 6: How Technology Models Operationalize Threat Data
  13. Chapter 7: Who: Given Why, What, and How, Now You Can Ask Where To Get It
  14. Chapter 8: Conclusion and Recap