Mastering Cyber Intelligence
eBook - ePub

Mastering Cyber Intelligence

  1. 528 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Mastering Cyber Intelligence

About this book

Develop the analytical skills to effectively safeguard your organization by enhancing defense mechanisms, and become a proficient threat intelligence analyst to help strategic teams in making informed decisionsKey Featuresโ€ข Build the analytics skills and practices you need for analyzing, detecting, and preventing cyber threatsโ€ข Learn how to perform intrusion analysis using the cyber threat intelligence (CTI) processโ€ข Integrate threat intelligence into your current security infrastructure for enhanced protectionBook DescriptionThe sophistication of cyber threats, such as ransomware, advanced phishing campaigns, zero-day vulnerability attacks, and advanced persistent threats (APTs), is pushing organizations and individuals to change strategies for reliable system protection. Cyber Threat Intelligence converts threat information into evidence-based intelligence that uncovers adversaries' intents, motives, and capabilities for effective defense against all kinds of threats.This book thoroughly covers the concepts and practices required to develop and drive threat intelligence programs, detailing the tasks involved in each step of the CTI lifecycle. You'll be able to plan a threat intelligence program by understanding and collecting the requirements, setting up the team, and exploring the intelligence frameworks. You'll also learn how and from where to collect intelligence data for your program, considering your organization level. With the help of practical examples, this book will help you get to grips with threat data processing and analysis. And finally, you'll be well-versed with writing tactical, technical, and strategic intelligence reports and sharing them with the community.By the end of this book, you'll have acquired the knowledge and skills required to drive threat intelligence operations from planning to dissemination phases, protect your organization, and help in critical defense decisions.What you will learnโ€ข Understand the CTI lifecycle which makes the foundation of the studyโ€ข Form a CTI team and position it in the security stackโ€ข Explore CTI frameworks, platforms, and their use in the programโ€ข Integrate CTI in small, medium, and large enterprisesโ€ข Discover intelligence data sources and feedsโ€ข Perform threat modelling and adversary and threat analysisโ€ข Find out what Indicators of Compromise (IoCs) are and apply the pyramid of pain in threat detectionโ€ข Get to grips with writing intelligence reports and sharing intelligenceWho this book is forThis book is for security professionals, researchers, and individuals who want to gain profound knowledge of cyber threat intelligence and discover techniques to prevent varying types of cyber threats. Basic knowledge of cybersecurity and network fundamentals is required to get the most out of this book.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft

The section introduces the concept of Cyber Threat Intelligence (CTI) and breaks down its life cycle, explaining the main building blocks of threat intelligence life cycle and strategy. It also discusses intelligence requirements and their importance in a CTI program's success. The section, then, covers standards and tradecraft that analysts can apply to CTI programs. Finally, it concludes with practical use cases to help organizations and individuals adopt CTI. Upon completion of this section, you should have mastered the CTI life cycle, acquiring a global idea of what is required at each stage of the cycle; understand how to generate requirements and build an effective team for your CTI program; understand and use threat intelligence frameworks for threat and intrusion analyses; be familiar with different standards and tradecrafts adopted by the cybersecurity community, military, and intelligence agencies to conduct intelligence and apply them to your CTI program; be able to start a CTI program in an organization, whether it is new to CTI or has experience in the matter; and finally, select the appropriate threat intelligence platform for your program.
This section contains the following chapters:
  • Chapter 1, Cyber Threat Intelligence Life Cycle
  • Chapter 2, Requirements and Intelligent Team Implementation
  • Chapter 3, Cyber Threat Intelligence Frameworks
  • Chapter 4, Cyber Threat Intelligence Tradecraft and Standards
  • Chapter 5, Goal Setting, Procedures for CTI Strategy, and Practical Use Cases

Chapter 1: Cyber Threat Intelligence Life Cycle

This chapter will explain the steps of the threat intelligence life cycle. We will provide a high-level description of each step while looking at some practical examples to help you understand what each step entails. By the end of the chapter, you will be able to explain each stage of the intelligence life cycle and join the practical with the theoretical. This chapter forms the baseline of this book, and various intelligence strategies and processes will be built on top of this knowledge.
By the end of this chapter, you should be able to do the following:
  • Clearly explain what cyber threat intelligence is, why organizations must integrate it into the business and security team, who benefits from it, and be able to define its scope.
  • Understand the challenges related to threat intelligence and cybersecurity in general.
  • Know and understand the required components to effectively plan and set directions for a threat intelligence project.
  • Know and understand the data required to build an intelligence project and how to acquire it globally.
  • Understand intelligence data processing, why it is essential in integrating a CTI project, and justify the need for automating the processing step.
  • Understand the analysis step, its application, and its impact on the entire CTI project. In this step, you will also learn about intelligence analysis bias and different techniques that can be used to avoid a biased intelligence analysis.
  • Explain the cycle's dissemination step and how to share an intelligence product with the relevant stakeholders. You should also understand the importance of the audience when consuming the product.
  • Understand and explain the feedback phase of the cycle and state why it is critical in the project.
In this chapter, we are going to cover the following main topics:
  • Cyber threat intelligence โ€“ a global overview
  • Planning, objectives, and direction
  • Intelligence data collection
  • Intelligence data processing
  • Intelligence analysis and production
  • Threat intelligence dissemination
  • Threat intelligence feedback

Technical requirements

For this chapter, no special technical requirements have been highlighted. Most of the use cases will make use of web applications if necessary.

Cyber threat intelligence โ€“ a global overview

Many businesses and organizations aim for maximum digital presence to augment and optimize visibility (effectively reach the desired customers), as well as maximize it from the current digitalization age. For that, they are regularly exposed to cyber threats and attacks based on the underlying attack surface โ€“ the organization's size, architecture, applications, operating systems, and more.
Threat intelligence allows businesses to collect and process information in such a way as to mitigate cyberattacks. Hence, businesses and organizations have to protect themselves against threats, especially human threats. Cyber threat intelligence (CTI), as approached in this book, consists of intelligent information collection and processing to help organizations develop a proactive security infrastructure for effective decision making. When engaging in a CTI project, the main threats to consider are humans, referred to as adversaries or threat actors. Therefore, it is essential to understand and master adversaries' methodologies to conduct cyberattacks and uncover intrusions. Tactics, techniques, and procedures (TTPs) are used by threat actors. By doing so, organizations aim for cyber threats from the source rather than the surface. CTI works on evidence, and that evidence is the foundation of the knowledge required to build an effective cyber threat response unit for any organization.
Many organizations regard threat intelligence as a product that allows them to implement protective cyber fences. While this is true, note that threat intelligence hides an effective process behind the scenes to get to the finished package. As the intelligence team implements mechanisms to protect against existing and potential threats, adversaries change tactics and techniques. It becomes crucial for the intelligence team to implement measures that allow new threats to be analyzed and collected. Hence, the process becomes a cycle that is continually looked at to ensure that the organizations are not only reactive but proactive as well. The term threat intelligence life cycle is used to define the process required to implement an efficient cyber threat intelligence project in an organization. The following diagram shows this process:
Figure 1.1 โ€“ Threat intelligence life cycle
Figure 1.1 โ€“ Threat intelligence life cycle
Threat intelligence is an ongoing process because adversaries update their methods, and so should organizations. The CTI product's feedback is used to enrich and generate new requirements for the next intelligence cycle.

Characteristics of a threat

Understanding what a threat is helps organizations avoid focusing on security alerts and cyber events that may not be a problem to the system. For example, a company running Linux servers discovers a .exe trojan in the system through the incident management tool. Although dangerous by nature, this trojan cannot compromise the company's structure. Therefore, it is not a threat. As a security intelligence analyst, it is vital to notify the system manager about the file's low priority level and its inability to infect the network. Secondly, government agencies are one of the highest adopters and owners of cyber projects. Governments have the tools and the knowledge necessary to attack each other. However, to avoid a cyberwar and ruin their friendship, the Canadian and American governments have no intention of attacking each other. Thus, they are not a threat to each other. If one party announces a spying tool's design, that does not mean that it wants to use it against another. Although there is the capability of spying, there might be no intent to do so. Therefore, one is not always a threat to another. Lastly, you can have the capability and the intent, but would need the opportunity to compromise a system.
Therefore, we can summarize a threat as everything or everyone with the capability, the intent, and the opportunity to attack and compromise a system, independent of the resource level. When the intelligence team performs threat analysis, any alert that does not meet these three conditions is not considered a threat. If any of these three elements is missing, the adversary is unlikely to be considered a threat.

Threat intelligence and data security challenges

Organizations face a lot of challenges when it comes to data protection and cybersecurity in general. Those challenges are located in all the functional levels of the organization. There are several challenges, but the most common ones include the following:
  • The threat landscape: In most cases, cyberattacks are orchestrated by professionals and teams that have the necessary resources and training at their disposal. This includes state-sponsored attacks. However, with access to specific tools and training, private groups have developed sophisticated ways to conduct destructive cyberattacks. The landscape of threats is growing and changing as adversaries rely on new exploits and advanced social engineering techniques. McAfee Labs reported an average of 588 threats per minute (a 40% increase) in the third quarter of 2020, while Q3 to Q4 2020 saw more than a 100% increase in vulnerabilities and more than a 43% increase in malware.
Targeted attacks such as ransomware were the main concern for organizations in 2020, with more than a 40% increase by the end of the year (https://www.mcafee.com/enterprise/en-us/assets/reports/rp-quarterly-threats-apr-2021.pdf). Approximately 17,447 vulnerabilities (CVEs) were recorded in 2020, with more than 4,000 high-severity ones (https://www.darkreading.com/threat-intelligence/us-cert-reports-17447-vulnerabilities-recorded-in-2020/d/d-id/1339741). Thus, the threat landscape presents a dangerous parameter for organizations that have most of their resources, assets, services, and products on the internet. And understanding the threat landscape facilitates the risk mitigation process. Personal information is one of the most targeted components on the internet โ€“ Personally Identifiable Information (PII), payment card data, and HIPAA data, to name a few.
  • Security alerts and data growth: Organizations are acquiring different security platforms and technologies to address security concerns and challenges โ€“ sandbox, firewalls, incident response, threat hunting, fraud detection, intrusion detection, network scanners,...

Table of contents

  1. Mastering Cyber Intelligence
  2. Contributors
  3. Preface
  4. Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft
  5. Chapter 1: Cyber Threat Intelligence Life Cycle
  6. Chapter 2: Requirements and Intelligence Team Implementation
  7. Chapter 3: Cyber Threat Intelligence Frameworks
  8. Chapter 4: Cyber Threat Intelligence Tradecraft and Standards
  9. Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases
  10. Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms
  11. Chapter 6: Cyber Threat Modeling and Adversary Analysis
  12. Chapter 7: Threat Intelligence Data Sources
  13. Chapter 8: Effective Defense Tactics and Data Protection
  14. Chapter 9: AI Applications in Cyber Threat Analytics
  15. Chapter 10: Threat Modeling and Analysis โ€“ Practical Use Cases
  16. Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes
  17. Chapter 11: Usable Security: Threat Intelligence as Part of the Process
  18. Chapter 12: SIEM Solutions and Intelligence-Driven SOCs
  19. Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain
  20. Chapter 14: Threat Intelligence Reporting and Dissemination
  21. Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution โ€“ Practical Use Cases
  22. Other Books You May Enjoy

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, weโ€™ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere โ€” even offline. Perfect for commutes or when youโ€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Mastering Cyber Intelligence by Jean Nestor M. Dahj in PDF and/or ePUB format, as well as other popular books in Computer Science & Artificial Intelligence (AI) & Semantics. We have over one million books available in our catalogue for you to explore.