Introduction to Threat Intelligence

(C|TIA Prep)
DEFINING THREAT INTELLIGENCE ANALYSIS

Christopher Rees
PLURALSIGHT AUTHOR / IT OPS LEADER

@cdrees | https://www.linkedin.com/in/cdrees
 Module
What is Threat Intelligence Analysis?
Overview
- Why is TIA important?
- How does if fit in with other
cybersecurity roles?
- Benefits to the organization
- Supports decisions at the tactical,
operational and strategic levels
 Who Should Take this Course

Computer Security Computer Security Tech Support Staff

Staff Program Managers and Managers

Incident Response System and Network End Users

Teams Administrators (IT and non-IT)
Threat
Possible danger that can be used to exploit an existing
vulnerability (via breach) with intent to cause harm to
systems, networks or entire organizations

Threats can come from external or internal sources

 Specific Types of Threats

Loss of Essential
Physical Damage Natural Events
Services

Compromise of Compromise of
Technical Failures
Information Functions
What is Cyber Threat Intelligence?

Gathering, Evaluating and Analyzing Data

Quickly gather information on what threats are being faced

Strategize Defense
Prevent the threat entirely or limit the damage caused

Understand all Details of a Threat

What tools are used, what was stolen, malware planted, methods of
communication, etc.
 Importance of Cyber Threat Intelligence

Protect Against Continue to Do Retain Customer Increase

Disruption to Business / Make and Shareholder Profitability /
the Business Money Confidence Partner Value
 Malware is Evolving

Malware Historically Malware Current-State

Designed for speed Designed for stealth
Easy to notice Difficult to notice

Quick action/payload Slowly spread over time

Destroy data or some other malicious Gather information over extended

activity soon after infection period prior to exfiltration

Distinct procedures for handling various No one set of procedures as most

categories of infection attacks are blended and use multiple
methods
How does C|TIA certification fit within
cyber-security and other EC-Council
certifications?
- Develops a strong foundation for
detecting known and unknown threats
- Built in compliance with NICE and
CREST frameworks
- Provides actionable intelligence to
help leaders make informed decisions
- Supports all facets of cyber security
efforts (tactical, operational, strategic)
Strategic, Operational and Tactical Intelligence

Tactical Cyber Operational Cyber Strategic Cyber

Intelligence Intelligence Intelligence

Involves specific actions Bridges the strategic and Requires senior

being taken to defend
networks against
malicious actors
attempting infiltration.
Relies upon sufficient
resources being devoted
to the strategic and
operational levels.
tactical levels of leadership to determine
operations. Assess the objectives and guidance,
organization’s operating based on what is known
environment to identify of potential adversaries
indicators and warnings and what security
of potential cyber risks. posture is already in
place, in order to
successfully assess
threats.

Source: Cyber Threat Intelligence Responsibilities and Interrelationships (INSA, 2013)

Mitigating the Gaps: Tactical

How does a Threat Intelligence Analyst add tactical value to

an organization?

• Accurate, actionable intelligence to detect malicious

activity and confirm security events as true or false
positives
• Recent Ponemon institute study showed an
average of 35% of all cyber attacks go
undetected
• Analysts need to be able to take raw threat feeds,
correlate data with other alerts, enrich the data with
internal an external sources (i.e. threat feeds, WHOIS
data, etc)
Mitigating the Gaps: Operational
Assessing risk from specific threat groups is a major
challenge for threat analysts

• Ponemon Institute study suggested that C-level

security leaders (CISOs and CSOs), along with
incident response teams were top two primary users
• Study respondents listed zero-day attacks as their
second highest extreme concern (behind phishing)
• Research however shows these are not common,
and shows a lack of awareness of what threats
are likely to target an organization
Mitigating the Gaps: Strategic
Business leaders need strategic cyber threat intelligence
that is timely, accurate and actionable

• Ponemon study showed that C-suite users were least

likely to be primary users of this intelligence analysis
(roughly 3% of respondents)
• Providing timely strategic intelligence analysis can
enable business leaders to develop appropriate
cybersecurity policies
• Forecast what threats are likely and from
where

• Fund initiatives, tools, training and personnel where

needed to proactively mitigate threats
So what can this do for
your career?
Become a Superhero for your organization!
Module What is Threat Intelligence Analysis?
Review - Why is TIA important?
- How does if fit in with other
cybersecurity roles?
- Benefits to the organization
- Supports decisions at the tactical,
operational and strategic levels
- What’s in it for you?