This video explains Cyber Threat Intelligence operations, service model, levels & IoCs Importance Most of these security Technologies are reactive but cyber thread intelligence (CTI) is a proactive mechanism, it is evidence-based knowledge or data and this data can be very granular like indicator of compromise (IoC) or it can be a high level apt group report CTI increase is alert quality and reduces investigation time after or before an incident, it also prioritize your response and makes your effort more focused and overall it improves detection and response capability of an organization Cyber threat intelligence is very specific to an organization and it identifies threat actors which are targeting your organization. it also identifies attack vectors that is a tactics techniques and procedures i.e. adversarial tactics techniques and common knowledge (ATT&CK) and it is a MITRE framework for mapping and classifying cyber attacks further furthermore cyber threat intelligence also identifies what all systems are compromised and what is impact of that attack either system is just being accessed and yet not exploited and furthermore you can then carry out isolation of that system and or May remediate system Cyber thread intelligence can be done using your own resources if you have many so they will carry out this hybrid thread intelligence and threat hunting or then or you can Outsource this to a vendor and these are certain vendors of cyber threat intelligence there are many furthermore information sharing and Analysis systems or ice Acts so these information sharing and Analysis centers is a mechanism of two-way cyber threat intelligence sharing between public and private sectors organization so our an organization has to be part of our particular industry in order to receive Cyber threat intelligence from information sharing and Analysis centers so these are different information sharing analysis centres Rhreat field can be in form of an email alert or it can be integrated I'm in form of iof and can be consumed by your security information and event management platform so these iocs can be inserted into these theme systems manually or maybe you can integrate this process or automate this process by using application programming interface so c will produce will scan environment if you create a role in that theme as per this ioc and it can detect further systems which are compromised as per this indicator of compromise so this indicator compromise you will receive through cyber strategy diligence and then so that if security orchestration Automation and response so same will generate alert and this will also respond Maybe by updating by patching a system and by modifying a firewall rule or by isolating a system now there are different levels of threat feed or threat intelligence that strategic level so this is for cisos or chief information security officers so as a result of Strategic cyber threat intelligence he can then introduce a new security program maybe an awareness program for a particular people of his organization or he can propose a new fuel technology then there are certain operational cyber threat intelligence so purpose is here is to understand tactics techniques and procedures of adversary or attacker for example overall you can find this trend that financial firms are facing denial of service attack from a particular country good so this is operational third intelligence then a tactical level this is actually here you carry out certain remediation for example you receive an ioc and you update your antivirus or your security information and event management or maybe four or maybe a pen testing toolkit and then you scan your environment and you find something and then you remediate that attack or that compromise system now certain researchers are also doing their own thing in cyber threat intelligence and then they share this finding with security Community for betterment of everyone and they also spread this on social media and two platforms which are not easily accessible through internet or Deep Web so deep web is is internet which is not exposed to general public and dark web it requires special access tools like Tor Network or Tor Browser so these two platforms can also provide lot of information regarding to cyber threat intelligence and regarding if an adversary is spreading some data of your organization on this platform en.m.wikipedia.org/wiki/Cyber... www.netscout.com/what-is/cybe...
12 окт 2022
