Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Know the Enemy - How to Make Threat Intelligence Work

via YouTube

Overview

Explore the intricacies of effective threat intelligence in this BSides Detroit 2018 conference talk. Delve into the importance of attribution, the varying quality of threat feeds and indicators, and the enduring relevance of the kill chain. Examine the attack phases of APT 28 (Fancy Bear) and learn how to develop a robust threat intelligence program. Discover key steps in the process, including knowing yourself, identifying relevant threats, and disseminating information effectively. Gain insights into intelligence requirements, processing techniques, and analysis methods. Understand the maturity levels of threat intelligence programs and essential functions to consider. Equip yourself with the knowledge to ask critical questions and enhance your organization's cybersecurity posture through strategic threat intelligence implementation.

Syllabus

Intro
INTELLIGENCE IS A FEED
ATTRIBUTION IS A MUST
NOT ALL THREAT FEEDS CREATED EQUAL
NOT ALL INDICATORS CREATED EQUAL
APT 28 (Fancy Bear)
THE KILL CHAIN IS NOT DEAD
APT 28 Attack Phases
STEP 1 - KNOW YOURSELF
KNOW YOUR ENEMY
FIND RELEVANT THREATS
DISSEMINATE
REQUIREMENTS (EXAMPLES)
PROCESSING (EXAMPLES)
ANALYSIS (EXAMPLES)
DISSEMINATION (EXAMPLE)
THREAT INTEL PROGRAM MATURITY
KEY THREAT INTELLIGENCE FUNCTIONS
ASK YOURSELF

Reviews

Start your review of Know the Enemy - How to Make Threat Intelligence Work

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.