SlideShare a Scribd company logo

Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecurity' by Warren Finch for Cyberdefcon

Download as PPTX, PDF
APNIC
APNIC

Threat intelligence is about understanding cyber threats and can help organizations anticipate, prepare for, and respond to potential security issues. The document discusses threat intelligence including defining it, importance, types, sources, how to gather and analyze it, how to use it, and challenges in implementing it. It emphasizes moving more threats from unknown to known categories to better inform security decisions.

Internet
1 of 39
1 v1.3
2 v1.3 Understanding and Utilising Threat Intelligence in Cybersecurity Threat intelligence is about understanding the who, what, when, where, why, and how of the threats facing your organization. - Lance Spitzner, Director of SANS Institute's Security Awareness
3 v1.3 • Definition of Threat Intelligence • Importance of Threat Intelligence • Types of Threat Intelligence • Sources of Threat Intelligence • Gathering and Analysing Threat Intelligence • Using Threat Intelligence • Challenges in Implementing Agenda
4 v1.3 Definition of Threat Intelligence (TI) • Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors. CrowdStrike (2022) Retrieved from https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/ • Threat intelligence looks at the bigger picture – by interrogating the data and the broader context to construct a narrative that can inform decision-making. Kaspersky. (n.d.). Threat Intelligence. Retrieved from https://www.kaspersky.com/resource- center/definitions/threat-intelligence • Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision- making processes. NIST (n.d) Retrieved from https://csrc.nist.gov/glossary/term/threat_intelligence
5 v1.3 Importance of Threat Intelligence (TI) https://medium.com/@scardot/the-evolution-of-cyber-security-be9fedc8f4c5
6 v1.3 Importance of Threat Intelligence (TI) https://www.cyber.gov.au/sites/default/files/2019-03/Mitigation_Strategies_2017.pdf
7 v1.3 What is this animal? • Likes to swim? What do you think it is? – Fish – Seal – Otter • Has a bill? – Duck – Goose – Swan • Has fur?
8 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
9 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
10 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
11 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
12 v1.3 Importance of Threat Intelligence (TI) • Gathers, analyse & share information on cyber threats to an organisation. • Helps to anticipate and prepare for potential threats before they occur. • Allows for efficient and effective use of security resources. • Improves incident response capabilities. • Helps to maintain a good reputation and trust of clients and stakeholders.
13 v1.3 Types of Threat Intelligence (TI) • Strategic: Bigger picture of threat landscape • Operational: Current specific threats • Technical: Vulnerabilities, attack methods, malware • Tactical: Actionable information for detection and response to specific threats. https://doi.org/10.1007/978-3-030- 60425-7_3
14 v1.3 Types of Threat Intelligence (TI) • Reputation: Tracking malicious actors • Risk-based: Prioritizing threats • Industry-specific: Industry- specific threats & vulnerabilities https://doi.org/10.1007/978-3-030- 60425-7_3
15 v1.3 Sources of Threat Intelligence (TI) https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf#page=57 https://www.mindmeister.com/1202902455/threat-intelligence
16 v1.3 Sources of Threat Intelligence (TI) https://www.threatblockr.com/wp-content/uploads/ThreatIntelIntegrationsInfographicMay2021.pdf
17 v1.3 Open Source projects • MISP (Malware Information Sharing Platform): https://www.misp-project.org/ • TheHive: https://thehive-project.org/ • OpenCTI: https://opencti.io/ • OSINT-SPY: https://github.com/SharadKumar97/OSINT-SPY • OTX AlienVault: https://otx.alienvault.com/ • STIX/TAXII: – https://stixproject.github.io/ – https://taxiiproject.github.io/ • CIF (Collective Intelligence Framework): https://github.com/csirtgadgets/massive-octo- spice • Mitre ATT&CK - https://attack.mitre.org • Awesome Threat Intelligence - https://github.com/hslatman/awesome-threat-intelligence
18 v1.3 Sources of Threat Intelligence (TI) • Structured Threat Intelligence eXpression (STIX) – Schema for threat intelligence – Cyber Observables • Schema for lower level observations • Trusted Automated eXchange of Indicator Information (TAXII) – HTTPS Application layer transport protocol – Exchange STIX content between systems Interoperability STIX Domain Objects & relationships Cyber Observables Patterning Language TAXII https://www.oasis-open.org/committees/tc_home.php
19 v1.3 Gathering and Analysing Threat Intelligence https://doi.org/10.3390/app12031205
20 v1.3 Gathering and Analysing Threat Intelligence https://doi.org/10.3390/app12031205
Gathering and Analysing Threat Intelligence Unknown- Unknowns: • Threats that an organisation is not aware of and has no information about. Unknown- Knowns: • Threats that an organisation is not aware of but should be aware of. Known- Unknowns: • Threats that an organisation is aware of but does not have detailed information about. Known- Knowns: • Threats that an organisation is aware of and has detailed information about.
22 v1.3 Using Threat Intelligence • Improving security posture • Detecting and defending against threats • Responding to incidents https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/
23 v1.3 Using Threat Intelligence https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fmitigations%2FM1019%2FM1019- enterprise-layer.json
24 v1.3 Using Threat Intelligence https://attack.mitre.org/mitigations/M1019/
25 v1.3 Using Threat Intelligence https://assets.sentinelone.com/wt-reports/watchtower_2022_eoy#page=6
26 v1.3 Using Threat Intelligence • Do your systems detect these malicious activities: – CLI or PowerShell attacks – C2 server communications – Ransomware – Trojans – Malicious scripts or executables – Man in the Middle attacks – Disabling Security Tools (T1089) – … and many more • Can you prove it? https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
27 v1.3 Challenges in implementing Threat Intelligence • Difficulty in obtaining high-quality intelligence • Limited resources for analysis and dissemination • Ensuring the accuracy and reliability of the intelligence • Financial Implications • Use of Artificial Intelligence (AI) https://www.pinterest.com.au/pin/552605816791388928/
28 v1.3 Financial implications
29 v1.3 Using Artificial Intelligence (AI) • Automate the process of collecting, analyzing, and disseminating • Identify patterns and anomalies in large amounts of data that might be difficult for humans to detect. • Produce biased results if the data used to train them is biased or if the algorithm used is not fair. Can lead to inaccurate results. • Require high computational power and big data storage, which may be costly and difficult to implement. • AI systems are only as good as the data they are fed, and if the data is not accurate or incomplete, the system might produce inaccurate results. • Can also be used by malicious actors to improve their capabilities.
30 v1.3 Using Artificial Intelligence (AI) • Artificial intelligence (AI) tools like ChatGPT3 can be useful for helping to plan and implement threat intelligence projects. • How to use: – Create an account – Think of a topic – Create a list of questions to ask – Refine or re-phrase the questions – Do more research if required
31 v1.3 Request for Comments (RFC) • RFC 7452 Intelligence-Based Security: A Request for Comments – This RFC discusses the concept of intelligence-based security and how intelligence can be used to inform security decisions and actions. • RFC 7708 Threat Intelligence on the Internet – This RFC discusses the use of threat intelligence on the Internet and how it can be used to improve security. • RFC 7970 A Framework for Threat Intelligence – This RFC provides a framework for understanding threat intelligence and how it can be used to improve security. • RFC 7979 Threat Intelligence Feeds and Sharing – This RFC discusses the use of threat intelligence feeds and the importance of sharing threat intelligence among organizations. • RFC 8049 Threat Intelligence Sharing for Internet Service Providers – This RFC discusses the use of threat intelligence by Internet Service Providers (ISPs) and how it can be used to improve security.
32 v1.3 International Telecommunication Union (ITU) • ITU-T Recommendation X.1055: Use of threat intelligence for cybersecurity – This recommendation provides guidance on the use of threat intelligence for cybersecurity, including how to collect, analyse, and use threat intelligence to improve security. • ITU-T Recommendation X.1530: Framework for threat intelligence sharing – This recommendation provides a framework for sharing threat intelligence among organisations, including guidelines for the format, structure, and content of threat intelligence reports. • ITU-T Recommendation X.1540: Guidelines for the use of threat intelligence in incident response – – This recommendation provides guidelines for the use of threat intelligence in incident response, including how to collect, analyse, and use threat intelligence to improve the effectiveness of incident response efforts. • ITU-T Recommendation X.1550: Best practices for the use of threat intelligence in cybersecurity – This recommendation provides best practices for the use of threat intelligence in cybersecurity, including how to collect, analyze, and use threat intelligence to improve security.
33 v1.3 Future of Threat Intelligence (TI) • Increased use of Artificial Intelligence (AI) and Machine Learning (ML). • Greater focus on proactive defenses. • More emphasis on sharing and collaboration. • Greater focus on privacy and security. • More emphasis on multi-vector and multi-stage attack vectors.
34 v1.3 Summary • Definition of threat intelligence and its importance in cybersecurity • Different types of threat intelligence. • Different sources of threat intelligence and how to gather and analyse it • How threat intelligence can be used in cybersecurity • The challenges in implementing threat intelligence, such as: – difficulty in obtaining high-quality intelligence, – limited resources for analysis and dissemination and – ensuring the accuracy and reliability of the intelligence
35 v1.3 Summary • Importance of threat intelligence to inform security decisions and actions, and the goal of moving as much information as possible from the unknown-unknown and unknown-known categories to the known-unknown and known-known categories.
36 v1.3 References • https://chat.openai.com • https://www.th3protocol.com/2022/ChatGPT-LeakSite-Analysis • https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf • https://github.com/topics/cyber-threat-intelligence • https://www.enisa.europa.eu/publications/cyberthreat-intelligence- overview/at_download/fullReport • https://gbhackers.com/cyber-threat-intelligence-tools/amp/ • https://attack.mitre.org • https://www.mindmeister.com/1202902455/threat-intelligence
37 v1.3 References • https://www.auditscripts.com/free-resources/open-threat-taxonomy
38 v1.3 International Telecommunication Union (ITU) • ITU-T Recommendation X.1217: Guidelines for applying threat intelligence in telecommunication network operation – This recommendation provides guidance for using threat intelligence to secure telecommunication networks.
39 v1.3 Thank You!

Recommended

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 

Recommended

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
How is ai important to the future of cyber security
How is ai important to the future of cyber security How is ai important to the future of cyber security
How is ai important to the future of cyber security Robert Smith
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
penetration testing
penetration testingpenetration testing
penetration testingShitesh Sachan
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AIDexterJanPineda
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 

More Related Content

What's hot

6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERAErik Van Buggenhout
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightDeep Shankar Yadav
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsPECB
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You AreKatie Nickels
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsSergey Soldatov
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKKatie Nickels
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceFaction XYZ
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CKArpan Raval
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence WorkshopPriyanka Aash
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™Katie Nickels
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligenceabhisheksinghcs
 

What's hot (20)

6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
penetration testing
penetration testingpenetration testing
penetration testing
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
Adversary Emulation using CALDERA
Adversary Emulation using CALDERAAdversary Emulation using CALDERA
Adversary Emulation using CALDERA
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Cyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to InsightCyber Threat Intelligence | Information to Insight
Cyber Threat Intelligence | Information to Insight
 
The Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact UsThe Future of Security: How Artificial Intelligence Will Impact Us
The Future of Security: How Artificial Intelligence Will Impact Us
 
Putting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You ArePutting MITRE ATT&CK into Action with What You Have, Where You Are
Putting MITRE ATT&CK into Action with What You Have, Where You Are
 
How MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operationsHow MITRE ATT&CK helps security operations
How MITRE ATT&CK helps security operations
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence Matrix
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Security in the age of Artificial Intelligence
Security in the age of Artificial IntelligenceSecurity in the age of Artificial Intelligence
Security in the age of Artificial Intelligence
 
Introduction to MITRE ATT&CK
Introduction to MITRE ATT&CKIntroduction to MITRE ATT&CK
Introduction to MITRE ATT&CK
 
Threat Intelligence Workshop
Threat Intelligence WorkshopThreat Intelligence Workshop
Threat Intelligence Workshop
 
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
FIRST CTI Symposium: Turning intelligence into action with MITRE ATT&CK™
 
Cyber security and AI
Cyber security and AICyber security and AI
Cyber security and AI
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 

Similar to Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecurity' by Warren Finch for Cyberdefcon

Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecuritySaqib Chaudhry
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxmanas23pgdm157
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptxInfosectrain3
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseEMC
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalJohn Dunne
 
IRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
IRJET - Unauthorized Terror Attack Tracking System using Web Usage MiningIRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
IRJET - Unauthorized Terror Attack Tracking System using Web Usage MiningIRJET Journal
 
Terrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data MiningTerrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data MiningIRJET Journal
 

Similar to Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecurity' by Warren Finch for Cyberdefcon (20)

Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber Security
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptx
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and Response
 
cyber security notes
cyber security notescyber security notes
cyber security notes
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 Final
 
IRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
IRJET - Unauthorized Terror Attack Tracking System using Web Usage MiningIRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
IRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
 
Terrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data MiningTerrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data Mining
 

More from APNIC

APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 

More from APNIC (20)

APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 

Recently uploaded

VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663Call Girls Mumbai
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.CarlotaBedoya1
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Onlineanilsa9823
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 

Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecurity' by Warren Finch for Cyberdefcon

  • 2. 2 v1.3 Understanding and Utilising Threat Intelligence in Cybersecurity Threat intelligence is about understanding the who, what, when, where, why, and how of the threats facing your organization. - Lance Spitzner, Director of SANS Institute's Security Awareness
  • 3. 3 v1.3 • Definition of Threat Intelligence • Importance of Threat Intelligence • Types of Threat Intelligence • Sources of Threat Intelligence • Gathering and Analysing Threat Intelligence • Using Threat Intelligence • Challenges in Implementing Agenda
  • 4. 4 v1.3 Definition of Threat Intelligence (TI) • Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors. CrowdStrike (2022) Retrieved from https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/ • Threat intelligence looks at the bigger picture – by interrogating the data and the broader context to construct a narrative that can inform decision-making. Kaspersky. (n.d.). Threat Intelligence. Retrieved from https://www.kaspersky.com/resource- center/definitions/threat-intelligence • Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision- making processes. NIST (n.d) Retrieved from https://csrc.nist.gov/glossary/term/threat_intelligence
  • 5. 5 v1.3 Importance of Threat Intelligence (TI) https://medium.com/@scardot/the-evolution-of-cyber-security-be9fedc8f4c5
  • 6. 6 v1.3 Importance of Threat Intelligence (TI) https://www.cyber.gov.au/sites/default/files/2019-03/Mitigation_Strategies_2017.pdf
  • 7. 7 v1.3 What is this animal? • Likes to swim? What do you think it is? – Fish – Seal – Otter • Has a bill? – Duck – Goose – Swan • Has fur?
  • 8. 8 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  • 9. 9 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  • 10. 10 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  • 11. 11 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  • 12. 12 v1.3 Importance of Threat Intelligence (TI) • Gathers, analyse & share information on cyber threats to an organisation. • Helps to anticipate and prepare for potential threats before they occur. • Allows for efficient and effective use of security resources. • Improves incident response capabilities. • Helps to maintain a good reputation and trust of clients and stakeholders.
  • 13. 13 v1.3 Types of Threat Intelligence (TI) • Strategic: Bigger picture of threat landscape • Operational: Current specific threats • Technical: Vulnerabilities, attack methods, malware • Tactical: Actionable information for detection and response to specific threats. https://doi.org/10.1007/978-3-030- 60425-7_3
  • 14. 14 v1.3 Types of Threat Intelligence (TI) • Reputation: Tracking malicious actors • Risk-based: Prioritizing threats • Industry-specific: Industry- specific threats & vulnerabilities https://doi.org/10.1007/978-3-030- 60425-7_3
  • 15. 15 v1.3 Sources of Threat Intelligence (TI) https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf#page=57 https://www.mindmeister.com/1202902455/threat-intelligence
  • 16. 16 v1.3 Sources of Threat Intelligence (TI) https://www.threatblockr.com/wp-content/uploads/ThreatIntelIntegrationsInfographicMay2021.pdf
  • 17. 17 v1.3 Open Source projects • MISP (Malware Information Sharing Platform): https://www.misp-project.org/ • TheHive: https://thehive-project.org/ • OpenCTI: https://opencti.io/ • OSINT-SPY: https://github.com/SharadKumar97/OSINT-SPY • OTX AlienVault: https://otx.alienvault.com/ • STIX/TAXII: – https://stixproject.github.io/ – https://taxiiproject.github.io/ • CIF (Collective Intelligence Framework): https://github.com/csirtgadgets/massive-octo- spice • Mitre ATT&CK - https://attack.mitre.org • Awesome Threat Intelligence - https://github.com/hslatman/awesome-threat-intelligence
  • 18. 18 v1.3 Sources of Threat Intelligence (TI) • Structured Threat Intelligence eXpression (STIX) – Schema for threat intelligence – Cyber Observables • Schema for lower level observations • Trusted Automated eXchange of Indicator Information (TAXII) – HTTPS Application layer transport protocol – Exchange STIX content between systems Interoperability STIX Domain Objects & relationships Cyber Observables Patterning Language TAXII https://www.oasis-open.org/committees/tc_home.php
  • 19. 19 v1.3 Gathering and Analysing Threat Intelligence https://doi.org/10.3390/app12031205
  • 20. 20 v1.3 Gathering and Analysing Threat Intelligence https://doi.org/10.3390/app12031205
  • 21. Gathering and Analysing Threat Intelligence Unknown- Unknowns: • Threats that an organisation is not aware of and has no information about. Unknown- Knowns: • Threats that an organisation is not aware of but should be aware of. Known- Unknowns: • Threats that an organisation is aware of but does not have detailed information about. Known- Knowns: • Threats that an organisation is aware of and has detailed information about.
  • 22. 22 v1.3 Using Threat Intelligence • Improving security posture • Detecting and defending against threats • Responding to incidents https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/
  • 23. 23 v1.3 Using Threat Intelligence https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fmitigations%2FM1019%2FM1019- enterprise-layer.json
  • 24. 24 v1.3 Using Threat Intelligence https://attack.mitre.org/mitigations/M1019/
  • 25. 25 v1.3 Using Threat Intelligence https://assets.sentinelone.com/wt-reports/watchtower_2022_eoy#page=6
  • 26. 26 v1.3 Using Threat Intelligence • Do your systems detect these malicious activities: – CLI or PowerShell attacks – C2 server communications – Ransomware – Trojans – Malicious scripts or executables – Man in the Middle attacks – Disabling Security Tools (T1089) – … and many more • Can you prove it? https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
  • 27. 27 v1.3 Challenges in implementing Threat Intelligence • Difficulty in obtaining high-quality intelligence • Limited resources for analysis and dissemination • Ensuring the accuracy and reliability of the intelligence • Financial Implications • Use of Artificial Intelligence (AI) https://www.pinterest.com.au/pin/552605816791388928/
  • 29. 29 v1.3 Using Artificial Intelligence (AI) • Automate the process of collecting, analyzing, and disseminating • Identify patterns and anomalies in large amounts of data that might be difficult for humans to detect. • Produce biased results if the data used to train them is biased or if the algorithm used is not fair. Can lead to inaccurate results. • Require high computational power and big data storage, which may be costly and difficult to implement. • AI systems are only as good as the data they are fed, and if the data is not accurate or incomplete, the system might produce inaccurate results. • Can also be used by malicious actors to improve their capabilities.
  • 30. 30 v1.3 Using Artificial Intelligence (AI) • Artificial intelligence (AI) tools like ChatGPT3 can be useful for helping to plan and implement threat intelligence projects. • How to use: – Create an account – Think of a topic – Create a list of questions to ask – Refine or re-phrase the questions – Do more research if required
  • 31. 31 v1.3 Request for Comments (RFC) • RFC 7452 Intelligence-Based Security: A Request for Comments – This RFC discusses the concept of intelligence-based security and how intelligence can be used to inform security decisions and actions. • RFC 7708 Threat Intelligence on the Internet – This RFC discusses the use of threat intelligence on the Internet and how it can be used to improve security. • RFC 7970 A Framework for Threat Intelligence – This RFC provides a framework for understanding threat intelligence and how it can be used to improve security. • RFC 7979 Threat Intelligence Feeds and Sharing – This RFC discusses the use of threat intelligence feeds and the importance of sharing threat intelligence among organizations. • RFC 8049 Threat Intelligence Sharing for Internet Service Providers – This RFC discusses the use of threat intelligence by Internet Service Providers (ISPs) and how it can be used to improve security.
  • 32. 32 v1.3 International Telecommunication Union (ITU) • ITU-T Recommendation X.1055: Use of threat intelligence for cybersecurity – This recommendation provides guidance on the use of threat intelligence for cybersecurity, including how to collect, analyse, and use threat intelligence to improve security. • ITU-T Recommendation X.1530: Framework for threat intelligence sharing – This recommendation provides a framework for sharing threat intelligence among organisations, including guidelines for the format, structure, and content of threat intelligence reports. • ITU-T Recommendation X.1540: Guidelines for the use of threat intelligence in incident response – – This recommendation provides guidelines for the use of threat intelligence in incident response, including how to collect, analyse, and use threat intelligence to improve the effectiveness of incident response efforts. • ITU-T Recommendation X.1550: Best practices for the use of threat intelligence in cybersecurity – This recommendation provides best practices for the use of threat intelligence in cybersecurity, including how to collect, analyze, and use threat intelligence to improve security.
  • 33. 33 v1.3 Future of Threat Intelligence (TI) • Increased use of Artificial Intelligence (AI) and Machine Learning (ML). • Greater focus on proactive defenses. • More emphasis on sharing and collaboration. • Greater focus on privacy and security. • More emphasis on multi-vector and multi-stage attack vectors.
  • 34. 34 v1.3 Summary • Definition of threat intelligence and its importance in cybersecurity • Different types of threat intelligence. • Different sources of threat intelligence and how to gather and analyse it • How threat intelligence can be used in cybersecurity • The challenges in implementing threat intelligence, such as: – difficulty in obtaining high-quality intelligence, – limited resources for analysis and dissemination and – ensuring the accuracy and reliability of the intelligence
  • 35. 35 v1.3 Summary • Importance of threat intelligence to inform security decisions and actions, and the goal of moving as much information as possible from the unknown-unknown and unknown-known categories to the known-unknown and known-known categories.
  • 36. 36 v1.3 References • https://chat.openai.com • https://www.th3protocol.com/2022/ChatGPT-LeakSite-Analysis • https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf • https://github.com/topics/cyber-threat-intelligence • https://www.enisa.europa.eu/publications/cyberthreat-intelligence- overview/at_download/fullReport • https://gbhackers.com/cyber-threat-intelligence-tools/amp/ • https://attack.mitre.org • https://www.mindmeister.com/1202902455/threat-intelligence
  • 38. 38 v1.3 International Telecommunication Union (ITU) • ITU-T Recommendation X.1217: Guidelines for applying threat intelligence in telecommunication network operation – This recommendation provides guidance for using threat intelligence to secure telecommunication networks.

Editor's Notes

  1. Welcome to this course on Linux Basics by APNIC.
  2. So, what is Linux?
  3. Imagine that a city is under constant threat of attacks from criminals and bandits. The city's leaders have invested heavily in a strong police force, surveillance cameras and other security tools to protect the city's citizens and their properties. However, despite these efforts, the city is still experiencing regular attacks. One day, the city's leaders decide to establish a specialized intelligence unit, tasked with gathering information about the criminals, their methods and their plans. This unit starts to gather information from various sources, such as police reports, eyewitness accounts and even undercover agents. They also started to track the activities of known criminal groups and individuals. With this new intelligence, the city's leaders were able to take proactive measures to protect the city and its citizens. They were able to identify and block specific attacks, increase patrols in high-risk areas and develop new security measures to protect against emerging threats. As a result, the number of attacks in the city dropped dramatically and the citizens felt much safer. The city's reputation as a safe place to live also improved, and more people decided to move there. This analogy illustrates how threat intelligence can be used to stay ahead of attackers and protect an organization or a city from security breaches. It highlights the importance of gathering and analyzing threat intelligence, and how this information can be used to improve an organization's security posture.
  4. The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents https://www.cyber.gov.au/publications/strategies-to-mitigate-cyber-security-incidents
  5. You have a packet capture of network activity; how would you know if there is any suspicious activity? https://academy.apnic.net/virtual-labs?labId=126072 https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  6. You have a packet capture of network activity; how would you know if there is any suspicious activity? https://academy.apnic.net/virtual-labs?labId=126072 https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  7. You have a packet capture of network activity; how would you know if there is any suspicious activity? https://academy.apnic.net/virtual-labs?labId=126072 https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  8. You have a packet capture of network activity; how would you know if there is any suspicious activity? https://academy.apnic.net/virtual-labs?labId=126072 https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  9. Imagine that a city is under constant threat of attacks from criminals and bandits. The city's leaders have invested heavily in a strong police force, surveillance cameras and other security tools to protect the city's citizens and their properties. However, despite these efforts, the city is still experiencing regular attacks. One day, the city's leaders decide to establish a specialized intelligence unit, tasked with gathering information about the criminals, their methods and their plans. This unit starts to gather information from various sources, such as police reports, eyewitness accounts and even undercover agents. They also started to track the activities of known criminal groups and individuals. With this new intelligence, the city's leaders were able to take proactive measures to protect the city and its citizens. They were able to identify and block specific attacks, increase patrols in high-risk areas and develop new security measures to protect against emerging threats. As a result, the number of attacks in the city dropped dramatically and the citizens felt much safer. The city's reputation as a safe place to live also improved, and more people decided to move there. This analogy illustrates how threat intelligence can be used to stay ahead of attackers and protect an organization or a city from security breaches. It highlights the importance of gathering and analyzing threat intelligence, and how this information can be used to improve an organization's security posture.
  10. Image from: Montasari, R., Carroll, F., Macdonald, S., Jahankhani, H., Hosseinian-Far, A., & Daneshkhah, A. (2020). Application of Artificial Intelligence and Machine Learning in Producing Actionable Cyber Threat Intelligence. In Digital Forensic Investigation of Internet of Things (IoT) Devices (pp. 47–64). Springer International Publishing. https://doi.org/10.1007/978-3-030-60425-7_3
  11. Image from: Montasari, R., Carroll, F., Macdonald, S., Jahankhani, H., Hosseinian-Far, A., & Daneshkhah, A. (2020). Application of Artificial Intelligence and Machine Learning in Producing Actionable Cyber Threat Intelligence. In Digital Forensic Investigation of Internet of Things (IoT) Devices (pp. 47–64). Springer International Publishing. https://doi.org/10.1007/978-3-030-60425-7_3
  12. https://www.mindmeister.com/1202902455/threat-intelligence https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf#page=57 Erik Lopez (2021) Master’s Thesis for Luleå University of Technology called “A Framework to Establish a Threat Intelligence Program”
  13. https://youtu.be/qAb7hL0HQ2M?t=127 https://www.oasis-open.org/committees/tc_home.php
  14. Image is from page 3 of this research paper Amaro, L. J. B., Azevedo, B. W. P., de Mendonca, F. L. L., Giozza, W. F., Albuquerque, R. de O., & Villalba, L. J. G. (2022). Methodological Framework to Collect, Process, Analyze and Visualize Cyber Threat Intelligence Data. Applied Sciences, 12(3), 1205–. https://doi.org/10.3390/app12031205 Also available at https://www.mdpi.com/2076-3417/12/3/1205 Data can be from things like: Alerts, logs, feeds, configuration, dark web or forensics
  15. Image is from page 7 and 8 of this research paper Amaro, L. J. B., Azevedo, B. W. P., de Mendonca, F. L. L., Giozza, W. F., Albuquerque, R. de O., & Villalba, L. J. G. (2022). Methodological Framework to Collect, Process, Analyze and Visualize Cyber Threat Intelligence Data. Applied Sciences, 12(3), 1205–. https://doi.org/10.3390/app12031205 Also available at https://www.mdpi.com/2076-3417/12/3/1205 • Gathering and analysing threat intelligence o Identifying key information sources o Developing a process for collecting and organising information o Analysing and interpreting the data o Disseminating the intelligence to relevant parties
  16. One way of classifying threat intelligence is based on the degree of certainty and familiarity that an organization has with the threat. One popular framework for this classification is the "known-unknown-unknown-known" framework, which separates threats into four categories: Known-Knowns: These are threats that an organization is aware of and has detailed information about. This type of threat intelligence is typically the easiest to deal with, as the organization has a clear understanding of the threat and can take appropriate actions to mitigate it. Known-Unknowns: These are threats that an organization is aware of, but does not have detailed information about. For example, an organization may know that a certain type of malware exists, but may not have specific information about how it works or how to detect it. This type of threat intelligence can be more challenging to deal with, as the organization will need to conduct further research and analysis to better understand the threat. Unknown-Knowns: These are threats that an organization is not aware of, but should be aware of. For example, an organization may not be aware of a new vulnerability in a piece of software that it uses, even though a patch for the vulnerability has been released. This type of threat intelligence can be particularly challenging to deal with, as the organization may not even realize that it is at risk. Unknown-Unknowns: These are threats that an organization is not aware of and has no information about. This type of threat intelligence is the most difficult to deal with, as the organization has no information to work with and must rely on other means, such as threat hunting, to discover and assess it.
  17. Threat report for 2022, accessed on 20 Jan 2023
  18. Threat report for 2022, accessed on 20 Jan 2023
  19. Difficulty in obtaining high-quality intelligence: One of the main challenges in implementing threat intelligence is obtaining high-quality intelligence that is relevant and actionable. This can be difficult because there is a lot of low-quality or irrelevant information available, and it can be time-consuming and resource-intensive to collect and filter through all of this information to find the valuable intelligence. Limited resources for analysis and dissemination: Another challenge is having the resources to analyze and disseminate the intelligence once it has been collected. This includes having the personnel and technology to process large amounts of data, as well as the ability to communicate the intelligence to the right people within an organization in a timely and effective manner. Ensuring the accuracy and reliability of the intelligence: Ensuring that the intelligence that is collected is accurate and reliable is crucial, as bad intelligence can lead to poor decision-making and wasted resources. This can be a challenge because it can be difficult to verify the accuracy of the information, and there is a risk that false or misleading information may be included in the intelligence. Financial Implications: Implementing threat intelligence can be costly, both in terms of the initial investment and ongoing expenses. This includes the cost of buying or developing the technology and tools to collect and analyze the intelligence, as well as the cost of hiring and training personnel. Using Artificial Intelligence (AI): AI can be used to improve the efficiency and effectiveness of threat intelligence,
  20. https://www.innovationaus.com/cyber-threat-platform-costing-govt-59k-a-day/ https://aws.amazon.com/marketplace/pp/prodview-vffbkdmopipia
  21. In this example I asked the ChatGPT3 AI tool about resources for Threat intelligence and it responded with the following results for standards
  22. In this example I asked the ChatGPT3 AI tool about resources for Threat intelligence and it responded with the following results for standards What is ChatGPT? ChatGPT is a natural language processing (NLP) model developed by OpenAI that is designed to generate human-like text in real-time. It is based on the GPT-3 (Generative Pre-training Transformer v3) language model, which is a transformer-based neural network trained on a large dataset of text. ChatGPT is trained specifically on a dataset of human conversation, which enables it to generate text that is more natural and human-like than models trained on other types of text.   GPT-3 is a large-scale language model that was trained on a dataset of billions of words, including books, articles, and websites. It is able to generate a wide range of text, from short phrases to full-length articles, and is capable of completing tasks such as translation, summarization, and question answering. GPT-3 has received a lot of attention in the media and the tech industry due to its impressive language generation capabilities and its potential to be used in a variety of applications.   One of the key features of ChatGPT is its ability to continue a conversation based on a prompt or previous conversation history. For example, you can provide ChatGPT with a prompt such as "Hello, how are you?" and it will generate a response such as "I'm doing well, thanks for asking. How are you?" You can then provide a follow-up prompt, and ChatGPT will continue the conversation based on its understanding of the previous exchanges.   To generate text, ChatGPT uses a process called "transformer-based language modeling." This involves using machine learning algorithms to analyze the patterns and relationships in the training data (in this case, human conversation), and using this analysis to predict what words or phrases are likely to come next in a conversation. ChatGPT is able to generate text that is difficult to distinguish from human-written text because it has learned to mimic the patterns and structures of human conversation. Here's an example of how this might work in practice:   Imagine you are playing a game of chess, and you have a computer program that is trying to predict which move you will make next. The computer might start by analyzing the positions of all the pieces on the board, and then creating a list of all the possible moves that you could make. It could then use that list to build a model of what kind of moves you are likely to make based on the current state of the game.   So, in this case, the computer is "looking at" the positions of the pieces on the board (similar to how GPT-3 looks at the previous words in a sequence), and using that information to try to predict what move you will make next (similar to how GPT-3 tries to predict the next word in a sequence).
  23. All of these are incorrect and provided by chatGPT3
  24. All of these are incorrect and provided by chatGPT3
  25. Increased use of Artificial Intelligence (AI) and Machine Learning (ML): As the volume of data and the complexity of threats continue to increase, organizations will likely turn to AI and ML to help them analyze and make sense of this information. This could include using AI and ML to automatically identify patterns and anomalies in large amounts of data, as well as to automate the collection, analysis, and dissemination of threat intelligence. Greater focus on proactive defense: In the past, organizations have primarily focused on reactive defense, meaning they only acted after a threat had been identified. However, the future of threat intelligence is likely to involve a greater focus on proactive defense, where organizations use threat intelligence to identify potential threats before they can cause harm. This could include using threat intelligence to identify vulnerabilities in systems and networks, as well as to identify the tactics, techniques, and procedures (TTPs) used by attackers. More emphasis on sharing and collaboration: As the threat landscape continues to evolve, organizations will need to share information and collaborate more effectively to stay ahead of threats. This could include the development of industry-wide threat intelligence sharing platforms, as well as the formation of information-sharing and analysis centers (ISACs) and government-industry partnerships. Greater focus on privacy and security: The use of threat intelligence will increasingly raise concerns about privacy and security, particularly as organizations begin to collect and analyze more sensitive information. As a result, organizations will need to ensure that they are complying with data protection laws and regulations, as well as implementing robust security controls to protect the information they collect and share. More emphasis on multi-vector and multi-stage attack vectors: The future of threat intelligence will also include more focus on understanding and defending against multi-vector and multi-stage attack vectors. This could include understanding how different types of threat actors work together, and how different types of attacks are orchestrated, in order to develop more effective defense strategies.
  26. But in reality this is a valid ITU-T recommendation
  27. Haven't tested but would assume like previous slides all of these are incorrect and provided by chatGPT3
  28. In this example I asked the ChatGPT3 AI tool about resources for Threat intelligence and it responded with the following results for standards
  29. One way of classifying threat intelligence is based on the degree of certainty and familiarity that an organization has with the threat. One popular framework for this classification is the "known-unknown-unknown-known" framework, which separates threats into four categories: Known-Knowns: These are threats that an organization is aware of and has detailed information about. This type of threat intelligence is typically the easiest to deal with, as the organization has a clear understanding of the threat and can take appropriate actions to mitigate it. Known-Unknowns: These are threats that an organization is aware of, but does not have detailed information about. For example, an organization may know that a certain type of malware exists, but may not have specific information about how it works or how to detect it. This type of threat intelligence can be more challenging to deal with, as the organization will need to conduct further research and analysis to better understand the threat. Unknown-Knowns: These are threats that an organization is not aware of, but should be aware of. For example, an organization may not be aware of a new vulnerability in a piece of software that it uses, even though a patch for the vulnerability has been released. This type of threat intelligence can be particularly challenging to deal with, as the organization may not even realize that it is at risk. Unknown-Unknowns: These are threats that an organization is not aware of and has no information about. This type of threat intelligence is the most difficult to deal with, as the organization has no information to work with and must rely on other means, such as threat hunting, to discover and assess it.