Professional Diploma in Cyber Security

The role of threat

intelligence in
business
protection
Module 2 Lesson 8
Summary Notes
 2 www.shawacademy.com

Contents
3 Lesson outcomes

3 Introduction

3 Using attack to deploy a threat-informed

defence

4 An AR-spoofing attack

4 Conclusion

4 References
3 www.shawacademy.com

Lesson objectives
By the end of this lesson, you should be able to:

• Highlight how cyber threat intelligence is used within an enterprise to protect resources.
• Examine how the SOC team can be structured to improve security.
• Stage an ARP-Spoofing/ DOS attack on LANs (DEMO).

Introduction
In this lesson, we will show you how cyber threat intelligence can be used within an enterprise to protect resources and
how to best structure a security operation centre (SOC).

Using attack to deploy a threat-informed defence

In an enterprise network, cybersecurity analysts currently look at the people, processes, and technologies; because these
are the vulnerable parts of a business where intrusion is targeted. Continuously scanning the enterprise network and
testing for weaknesses gives the team a good idea of what measures need to be put in place to improve the security in
those areas and improve the entire security of the enterprise.

When MITRE ATT&CK or another similar framework is deployed properly in an enterprise network, it lays the foundation
for how cybersecurity analysts should focus on their security system and configure it to be able to withstand an attack.
This fact cannot be overemphasised. Using an available cyber threat intelligence framework makes the company more
threat-informed and puts them in a better position to form a defence strategy against attacks.

How can threat intelligence help?

Adopting threat intelligence like MITRE ATT&CK can help a company to:
• Identify their threat actor on their network simply by using a global IP management framework.
• Have a live update on threat actors in real-time operation and
• Be able to analyse the impact to the enterprise.
• Create room for growth and improvement among cybersecurity companies, by creating a shared knowledge on threat
intelligence.
• Strengthen weaknesses and increase defence strategies.

Organising an efficient SOC

Having a fully competent team in the Security Operation Centre (SOC) means a company will be able to counter an attack
and attain detection and analytical skills to be able to fully protect the network or system.
Using threat intelligence and the MITRE ATT&CK framework companies could improve their security by splitting their SOC
into three teams to tackle different threat areas, as portrayed in this table:
4 www.shawacademy.com

The primary goal of setting up a SOC based on the three-coloured teams is to GET SAFE and STAY SAFE – to have a
constant safety perimeter around the enterprise network.

An ARP-spoofing attack
An ARP spoofing, also known as ARP poisoning, is a Man-in-the Middle attack that allows attackers to intercept
communication between network devices.

ARP-spoofing/DOS attack (Demo)

In this demonstration, we will take you through how to conduct ARP spoofing. We will show you how to send malicious
falsified ARP (Address Resolution Protocol) messages to a victim’s computer on the same LAN. We’ll also cover how to
conduct a DOS attack on the same LAN.
https://drive.google.com/file/d/1HPu54VUX2soyzFQCzxO4Lmz5ojr8Oq8A/view?usp=sharing

Conclusion
In this lesson, we explored CTI within enterprise resources, highlighting how and why SOC developed teams are organised.
We also conducted a demonstration of an ARP-Spoofing/DOS attack on a LAN.

References
MITRE Engenuity. (n.d.). Homepage. [online] Available at: https://www.mitre-engenuity.org.

Orion Cassetto Director, Product Marketing (2019). Security Operations Center Roles and Responsibilities. [online]
Exabeam. Available at: https://www.exabeam.com/security-operations-center/security-operations-center-roles-and-
responsibilities/.

Veracode. (2014). ARP Spoofing. [online] Available at: https://www.veracode.com/security/arp-spoofing.

www.mcafee.com. (n.d.). What Is a Security Operations Center (SOC)? [online] Available at:
https://www.mcafee.com/enterprise/en-us/security-awareness/operations/what-is-soc.html.