SlideShare a Scribd company logo

Cyber Threat Intelligence - Minority Report

E
Eliahu (Eli) Assif (Amar)

Cyber threat intelligence (TI) allows organizations to make better defensive decisions by providing evidence-based information about existing or emerging cyber threats. TI supports decision-makers by helping cope with threats before they become incidents. While historically intelligence was seen as offensive, the purpose of TI is to enable defensive decision-making. Sharing TI information is more effective than keeping it private, as it improves understanding and defenses across organizations. Automated platforms like MISP facilitate rapid, widespread TI sharing while reducing unknown risks. Developing analytical skills is essential for cyber threat analysts to effectively leverage TI.

Business
1 of 8
Download to read offline
Cyber Threat Intelligence – Minority Report Threat intelligence (TI) is at the maturity level to become a decision making tool. TI refers to evidence based information including context such as mechanisms, Indicators of Compromise (IOC), Indicators of Attribution (IOA), implications and actionable advice about existing or emerging hazards to assets. TI allows the technical staff professionals to make better decisions and take action accordingly. Historically, intelligence tactics, techniques & procedures (TTPs), as well as various types of intelligence operations, existed long before cyberspace was conceived. Intelligence is often seen as “offensive” in nature when viewed through the lens of spying. The ultimate purpose of TI is actually to enable the CISO or the CIO to make a decision based on evidence and the SOC entities to defend against attack before is materialized. There is a correlation between the type of the IOC’s, the potential of usefulness and difficulty to obtain the necessary data. The base of the pyramid starts with unique signatures of files such as MD5, SHA1 etc. While they are easy to find and share, they are less effective in the long run. On the other hand, the top of the pyramid refers to TTPs, which are more complicated to find and learn, but much more effective in deface prospective. The Pyramid of Pain1 TI supports decision makers as it allows coping with a threat before it becomes an incident. In addition, it offers the ability to manage and contain the attribution of the threat, and not only the tactical aspect or means. 1 http://detect-respond.blogspot.co.il/2013/03/the-pyramid-of-pain.html?m=1.
Those advantages provide the defender with a working process and mechanism that is well customized and designed for his organization by covering their needs, assets and working procedures. It is a known customary practice that security organizations and agencies put a lot of effort into keeping intelligence to themselves, and protect it from leaking out. The concept of information compartmentalization is the basic common practice of these types of organizations. When we look at the necessary practice for cyber security, we find that it is the other way around. Sharing information rapidly and to a wide audience is more efficient & effective to improving your understanding and defending abilities. TI flow Lastly, we see that sharing information from bottom up is another key element. The free flow of information from an organization to the cybersecurity global ecosystem, by using platforms such as MISP (as will be further explained), is highly recommended. By following the Traffic Light Protocol (TLP) we can find it as a win-win opportunity that will upgrade the data & information into knowledge. Why Is Cyber Threat Intelligence Necessary? From the Movie Minority Report "In a future where a special police unit is able to arrest murderers before they commit their crimes", this provides a narrow window of time for the defend forces (police) the time to prevent an event to become an incident. Cyber events are not limited to companies, sectors or states. Today it is possible to learn from historical cyber events and protect yourself accordingly before the threat reaches your organization. This can be done by detecting and identifying the threat beforehand. TI is often considered as a collection of “IOC’s or actionable information”, or limited to information about specific security threats. However, there is much more to the story. If an organization does not first understand
its assets, infrastructure, personnel & business operations, it cannot understand if the data presents opportunities for malicious actors to attack. Cyber TI can help identify and address potential vulnerabilities in our operations and prepare accordingly. In the past, security organizations’ efforts involved keeping information to themselves. Today, sharing actionable information (without the identity of the organization been attack) is the most efficient defense mechanism available (i.e. FIRST, MISP etc.). The fruitful cooperation between companies & organizations is an example for one of the leading defense tools there is in the world. Organizations hire cyber threat intelligence analysts or engage with threat intelligence service providers to perform the task of identifying potential risks and threats in an organization. Cyber threat analysts conduct digital forensics, and adversary targeting to identify, monitor, assess and counter the threat posed by foreign cyber actors against information systems, critical infrastructure and cyber- related interests. Since one service is related to multiple suppliers - for example ATM or credit card kiosks for a supermarket that reflect Banking, Energy, ISP, Land lines etc. - the defense for that service is based on mutual information sharing for all relevant sectors just to protect one service. EY presents2 a hypothetical adversary life cycle. By using this model, TI can help the cyber security team understand which level of the incident they are at. The first and basic phase starts with intelligence gathering. EY adversary life cycle 2 http://www.ey.com/Publication/vwLUAssets/EY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime/$FILE/EY- cyber-threat-intelligence-how-to-get-ahead-of-cybercrime.pdf
In the SANS’s 2017 Threat Landscape Survey,3 includes about 600 cyber security experts from various organizations, the respondents responded on their TI teams and abilities. Among the conclusions, we can find fruitful food for thoughts. The following charts emphasize how TI is implemented and in which scope among the organizations, while the majority use or plan to use TI as part of their activities. Organizations TI abilities Organizations produce and purchase TI data, whether some of it is raw or finalized intelligence. 60% of organizations produce their TI raw data while more than 90% consume commercial data: Sources of TI 3 https://www.sans.org/reading-room/whitepapers/awareness/defending-wrong-enemy-2017-insider-threat-survey- 37890
According to the survey, there are different kinds for organizations TI sources. Over 70% of the TI data sources come from industry & community groups like CERTs or ISACs TI sources Organizations have different type of TI dedicated teams. Almost 50% have a dedicated team for this task. TI dedicated Teams While in most cases, the TI team is part of the cyber security team.
Departments in the organization in which the TI team reside From the survey, we can learn that most organization are using or planning to use TI as part of their operation. A IHS Markit’s report from October 2016 investigated end-users in a variety of organizations, found the following4 – 4 https://www.youtube.com/watch?v=LIvvQoceDKk
Automated Platforms for TI Sharing Timing is an additional element for improving your intelligence as working with automated process for sharing and enrichment becoming the basic practice. MISP5 is a leading platform for sharing TI among national CERTs, CSIRTS and over 2,500 organizations worldwide. Another leading tool is IntelMQ6 . One of the goals of organizations is reducing the amount of unknown unknowns. Automated platforms can contribute with gathering information from both "official" national CERTs, as well as commercial corporates. The question of reliability of the information is mandatory as at the end we would like to reduce the amount of false-positive results. Over time we can see that some organizations, governmental or not, can provide better intelligence or less. Each organization has its own responsibility to create their policy for verifying and vouching what to consider as part of their working process. MISP is an open source platform and allows any organization to store and analyze their IOCs. One of the advantages is the ability to connect and share your information among other users and organization. This option is important as the users can enrich his information and find more relevant data which will provide a deeper analysis of the incident. Being an open source platform, there are many plugins and add-ons available. One example is the ability to import and export the data in various known formats such as CSV, JSON, XML. In the end, these platforms may be used to support decision makers and improve the intelligence process. Essential Skills Cyber threat analysts are professional intelligence officers who apply their analytics, scientific and technical knowledge to solving complex independent variables on a certain research question, produce short-term & long-term written assessments and brief the organization. This work demands initiative, creativity, analytical skills, and technical expertise. However, the most important requirement for intelligence analysis is analytical skill. At times, this skill is more of an art form than a hard science. However, it can be developed and improved in a few ways. First, it requires 5 http://www.misp-project.org/ 6 https://github.com/certtools/intelmq
an analyst to become a technical expert in interdisciplinary expertise. Unfortunately, many analysts who are just starting out feel that intelligence tradecraft is a “fuzzy” field in which people without technical skills can still be experts. As they work in the field, however, they will find that the opposite is actually the case: cyber threat intelligence analysis, when performed correctly, is also very demanding from a technical perspective. A good analyst should be able to pick out what is obviously true or obviously false almost instantly based on automation, scoring system etc. In Conclusion The growth and sophistication of cyber-attacks against each and every one of us has turned Threat Intelligence from a luxury to a necessity. TI allows organizations to go beyond just collecting data about their threats, but also get to know them, be aware of what they are confronting with, maximize security, and pinpoint reconnaissance and weaponization methods before the breach occurs. The moment the organization directs it, the real challenge is to analyze the data. There is a multitude of TI sources, and many security tools are able to incorporate some sort of processed TI. However, if you want to do it professionally and tailored, you must have dedicated TI analysts. A well-equipped analyst, armed with this intelligence, can understand how the adversary relates to the target environment and know what he is capable of and what methods he uses. So, whether your enterprise is small or large, public or private, financially motivated or working for the good of mankind, TI has become something that is necessary, inevitable, committed to reality and a decision making tool. It is also not going to change anytime soon.

Recommended

Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...Hansa Edirisinghe
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskJohn Loveland
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summarypatmisasi
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 

Recommended

Interset-advanced threat detection wp
Interset-advanced threat detection wpInterset-advanced threat detection wp
Interset-advanced threat detection wpCMR WORLD TECH
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
The Security Challenge: What's Next?
The Security Challenge: What's Next?The Security Challenge: What's Next?
The Security Challenge: What's Next?Cognizant
 
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...
INFORMATION SECURITY MANAGEMENT - Critique the employment of ethical hacking ...Hansa Edirisinghe
 
Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman - The Risk Report October 2015
Mark Lanterman - The Risk Report October 2015Mark Lanterman
 
ZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskZoomLens - Loveland, Subramanian -Tackling Info Risk
ZoomLens - Loveland, Subramanian -Tackling Info RiskJohn Loveland
 
2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summary2015 Scalar Security Study Executive Summary
2015 Scalar Security Study Executive Summarypatmisasi
 
br-security-connected-top-5-trends
br-security-connected-top-5-trendsbr-security-connected-top-5-trends
br-security-connected-top-5-trendsChristopher Bennett
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
CISO Survey Report 2010
CISO Survey Report 2010CISO Survey Report 2010
CISO Survey Report 2010Scientia Groups
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Operational CyberSecurity Final Case Report
Operational CyberSecurity Final Case ReportOperational CyberSecurity Final Case Report
Operational CyberSecurity Final Case ReportJames Konderla
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber ResilienceIan-Edward Stafrace
 
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...Spark Security
 
Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFSeven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFTor Cannady
 
Empowering Cyber Threat Intelligence with AI
Empowering Cyber Threat Intelligence with AIEmpowering Cyber Threat Intelligence with AI
Empowering Cyber Threat Intelligence with AIIJCI JOURNAL
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITEnvision Technology Advisors
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Roy Ramkrishna
 

More Related Content

What's hot

State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksConstantin Cocioaba
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSantiago Cavanna
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecuritySpark Security
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...Casey Ellis
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsKim Jensen
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameTatainteractive1
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020Jessica Graf
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligencewbesse
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForcePatrick Bouillaud
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementDMIMarketing
 
Operational CyberSecurity Final Case Report
Operational CyberSecurity Final Case ReportOperational CyberSecurity Final Case Report
Operational CyberSecurity Final Case ReportJames Konderla
 
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...Spark Security
 

What's hot (17)

State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Kaspersky: Global IT Security Risks
Kaspersky: Global IT Security RisksKaspersky: Global IT Security Risks
Kaspersky: Global IT Security Risks
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
CISO Survey Report 2010
CISO Survey Report 2010CISO Survey Report 2010
CISO Survey Report 2010
 
A1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for CybersecurityA1 - Cibersegurança - Raising the Bar for Cybersecurity
A1 - Cibersegurança - Raising the Bar for Cybersecurity
 
Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
MCCA Global TEC Forum - Bug Bounties, Ransomware, and Other Cyber Hype for Le...
 
Forcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security PredictionsForcepoint Whitepaper 2016 Security Predictions
Forcepoint Whitepaper 2016 Security Predictions
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
Corporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious GameCorporate Cybersecurity: A Serious Game
Corporate Cybersecurity: A Serious Game
 
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
The Role of Information Security Policy Jessica Graf Assignment 1 Unit 8 IAS5020
 
Protective Intelligence
Protective IntelligenceProtective Intelligence
Protective Intelligence
 
Securité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-ForceSecurité : Le rapport 2Q de la X-Force
Securité : Le rapport 2Q de la X-Force
 
Mobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk ManagementMobile Security: 5 Steps to Mobile Risk Management
Mobile Security: 5 Steps to Mobile Risk Management
 
Operational CyberSecurity Final Case Report
Operational CyberSecurity Final Case ReportOperational CyberSecurity Final Case Report
Operational CyberSecurity Final Case Report
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
A3 - Análise de ameaças - Threat analysis in goal oriented security requireme...
 

Similar to Cyber Threat Intelligence - Minority Report

Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence pptKumar Gaurav
 
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFSeven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFTor Cannady
 
Empowering Cyber Threat Intelligence with AI
Empowering Cyber Threat Intelligence with AIEmpowering Cyber Threat Intelligence with AI
Empowering Cyber Threat Intelligence with AIIJCI JOURNAL
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Roy Ramkrishna
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Karl Kispert
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
What makes OSINT Methodologies Vital for Penetration Testing?
What makes OSINT Methodologies Vital for Penetration Testing?What makes OSINT Methodologies Vital for Penetration Testing?
What makes OSINT Methodologies Vital for Penetration Testing?Zoe Gilbert
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionSeamus Tuohy
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultSOCVault
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting InformationLaura Martin
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber securitySandip Juthani
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityEMC
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligenceseadeloitte
 

Similar to Cyber Threat Intelligence - Minority Report (20)

Cyber threat intelligence ppt
Cyber threat intelligence pptCyber threat intelligence ppt
Cyber threat intelligence ppt
 
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDFSeven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
Seven_Ways_to_Apply_the_Cyber_Kill_Chain_with_a_Threat_Intelligence_Platform.PDF
 
Empowering Cyber Threat Intelligence with AI
Empowering Cyber Threat Intelligence with AIEmpowering Cyber Threat Intelligence with AI
Empowering Cyber Threat Intelligence with AI
 
Avoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of ITAvoiding The Seven Deadly Sins of IT
Avoiding The Seven Deadly Sins of IT
 
Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015Sans cyber-threat-intelligence-survey-2015
Sans cyber-threat-intelligence-survey-2015
 
Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016Aujas incident management webinar deck 08162016
Aujas incident management webinar deck 08162016
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
What makes OSINT Methodologies Vital for Penetration Testing?
What makes OSINT Methodologies Vital for Penetration Testing?What makes OSINT Methodologies Vital for Penetration Testing?
What makes OSINT Methodologies Vital for Penetration Testing?
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence Collection
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdf
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence
 
What Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVaultWhat Is Cyber Threat Intelligence | How It Work? | SOCVault
What Is Cyber Threat Intelligence | How It Work? | SOCVault
 
Securing And Protecting Information
Securing And Protecting InformationSecuring And Protecting Information
Securing And Protecting Information
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outline
 
The future of cyber security
The future of cyber securityThe future of cyber security
The future of cyber security
 
Adopting Intelligence-Driven Security
Adopting Intelligence-Driven SecurityAdopting Intelligence-Driven Security
Adopting Intelligence-Driven Security
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 

Recently uploaded

BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfKhaled Al Awadi
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckHajeJanKamps
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...lizamodels9
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 

Recently uploaded (20)

BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdfNewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
NewBase 19 April 2024 Energy News issue - 1717 by Khaled Al Awadi.pdf
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deckPitch Deck Teardown: NOQX's $200k Pre-seed deck
Pitch Deck Teardown: NOQX's $200k Pre-seed deck
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
Lowrate Call Girls In Sector 18 Noida ❤️8860477959 Escorts 100% Genuine Servi...
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 

Cyber Threat Intelligence - Minority Report

  • 1. Cyber Threat Intelligence – Minority Report Threat intelligence (TI) is at the maturity level to become a decision making tool. TI refers to evidence based information including context such as mechanisms, Indicators of Compromise (IOC), Indicators of Attribution (IOA), implications and actionable advice about existing or emerging hazards to assets. TI allows the technical staff professionals to make better decisions and take action accordingly. Historically, intelligence tactics, techniques & procedures (TTPs), as well as various types of intelligence operations, existed long before cyberspace was conceived. Intelligence is often seen as “offensive” in nature when viewed through the lens of spying. The ultimate purpose of TI is actually to enable the CISO or the CIO to make a decision based on evidence and the SOC entities to defend against attack before is materialized. There is a correlation between the type of the IOC’s, the potential of usefulness and difficulty to obtain the necessary data. The base of the pyramid starts with unique signatures of files such as MD5, SHA1 etc. While they are easy to find and share, they are less effective in the long run. On the other hand, the top of the pyramid refers to TTPs, which are more complicated to find and learn, but much more effective in deface prospective. The Pyramid of Pain1 TI supports decision makers as it allows coping with a threat before it becomes an incident. In addition, it offers the ability to manage and contain the attribution of the threat, and not only the tactical aspect or means. 1 http://detect-respond.blogspot.co.il/2013/03/the-pyramid-of-pain.html?m=1.
  • 2. Those advantages provide the defender with a working process and mechanism that is well customized and designed for his organization by covering their needs, assets and working procedures. It is a known customary practice that security organizations and agencies put a lot of effort into keeping intelligence to themselves, and protect it from leaking out. The concept of information compartmentalization is the basic common practice of these types of organizations. When we look at the necessary practice for cyber security, we find that it is the other way around. Sharing information rapidly and to a wide audience is more efficient & effective to improving your understanding and defending abilities. TI flow Lastly, we see that sharing information from bottom up is another key element. The free flow of information from an organization to the cybersecurity global ecosystem, by using platforms such as MISP (as will be further explained), is highly recommended. By following the Traffic Light Protocol (TLP) we can find it as a win-win opportunity that will upgrade the data & information into knowledge. Why Is Cyber Threat Intelligence Necessary? From the Movie Minority Report "In a future where a special police unit is able to arrest murderers before they commit their crimes", this provides a narrow window of time for the defend forces (police) the time to prevent an event to become an incident. Cyber events are not limited to companies, sectors or states. Today it is possible to learn from historical cyber events and protect yourself accordingly before the threat reaches your organization. This can be done by detecting and identifying the threat beforehand. TI is often considered as a collection of “IOC’s or actionable information”, or limited to information about specific security threats. However, there is much more to the story. If an organization does not first understand
  • 3. its assets, infrastructure, personnel & business operations, it cannot understand if the data presents opportunities for malicious actors to attack. Cyber TI can help identify and address potential vulnerabilities in our operations and prepare accordingly. In the past, security organizations’ efforts involved keeping information to themselves. Today, sharing actionable information (without the identity of the organization been attack) is the most efficient defense mechanism available (i.e. FIRST, MISP etc.). The fruitful cooperation between companies & organizations is an example for one of the leading defense tools there is in the world. Organizations hire cyber threat intelligence analysts or engage with threat intelligence service providers to perform the task of identifying potential risks and threats in an organization. Cyber threat analysts conduct digital forensics, and adversary targeting to identify, monitor, assess and counter the threat posed by foreign cyber actors against information systems, critical infrastructure and cyber- related interests. Since one service is related to multiple suppliers - for example ATM or credit card kiosks for a supermarket that reflect Banking, Energy, ISP, Land lines etc. - the defense for that service is based on mutual information sharing for all relevant sectors just to protect one service. EY presents2 a hypothetical adversary life cycle. By using this model, TI can help the cyber security team understand which level of the incident they are at. The first and basic phase starts with intelligence gathering. EY adversary life cycle 2 http://www.ey.com/Publication/vwLUAssets/EY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime/$FILE/EY- cyber-threat-intelligence-how-to-get-ahead-of-cybercrime.pdf
  • 4. In the SANS’s 2017 Threat Landscape Survey,3 includes about 600 cyber security experts from various organizations, the respondents responded on their TI teams and abilities. Among the conclusions, we can find fruitful food for thoughts. The following charts emphasize how TI is implemented and in which scope among the organizations, while the majority use or plan to use TI as part of their activities. Organizations TI abilities Organizations produce and purchase TI data, whether some of it is raw or finalized intelligence. 60% of organizations produce their TI raw data while more than 90% consume commercial data: Sources of TI 3 https://www.sans.org/reading-room/whitepapers/awareness/defending-wrong-enemy-2017-insider-threat-survey- 37890
  • 5. According to the survey, there are different kinds for organizations TI sources. Over 70% of the TI data sources come from industry & community groups like CERTs or ISACs TI sources Organizations have different type of TI dedicated teams. Almost 50% have a dedicated team for this task. TI dedicated Teams While in most cases, the TI team is part of the cyber security team.
  • 6. Departments in the organization in which the TI team reside From the survey, we can learn that most organization are using or planning to use TI as part of their operation. A IHS Markit’s report from October 2016 investigated end-users in a variety of organizations, found the following4 – 4 https://www.youtube.com/watch?v=LIvvQoceDKk
  • 7. Automated Platforms for TI Sharing Timing is an additional element for improving your intelligence as working with automated process for sharing and enrichment becoming the basic practice. MISP5 is a leading platform for sharing TI among national CERTs, CSIRTS and over 2,500 organizations worldwide. Another leading tool is IntelMQ6 . One of the goals of organizations is reducing the amount of unknown unknowns. Automated platforms can contribute with gathering information from both "official" national CERTs, as well as commercial corporates. The question of reliability of the information is mandatory as at the end we would like to reduce the amount of false-positive results. Over time we can see that some organizations, governmental or not, can provide better intelligence or less. Each organization has its own responsibility to create their policy for verifying and vouching what to consider as part of their working process. MISP is an open source platform and allows any organization to store and analyze their IOCs. One of the advantages is the ability to connect and share your information among other users and organization. This option is important as the users can enrich his information and find more relevant data which will provide a deeper analysis of the incident. Being an open source platform, there are many plugins and add-ons available. One example is the ability to import and export the data in various known formats such as CSV, JSON, XML. In the end, these platforms may be used to support decision makers and improve the intelligence process. Essential Skills Cyber threat analysts are professional intelligence officers who apply their analytics, scientific and technical knowledge to solving complex independent variables on a certain research question, produce short-term & long-term written assessments and brief the organization. This work demands initiative, creativity, analytical skills, and technical expertise. However, the most important requirement for intelligence analysis is analytical skill. At times, this skill is more of an art form than a hard science. However, it can be developed and improved in a few ways. First, it requires 5 http://www.misp-project.org/ 6 https://github.com/certtools/intelmq
  • 8. an analyst to become a technical expert in interdisciplinary expertise. Unfortunately, many analysts who are just starting out feel that intelligence tradecraft is a “fuzzy” field in which people without technical skills can still be experts. As they work in the field, however, they will find that the opposite is actually the case: cyber threat intelligence analysis, when performed correctly, is also very demanding from a technical perspective. A good analyst should be able to pick out what is obviously true or obviously false almost instantly based on automation, scoring system etc. In Conclusion The growth and sophistication of cyber-attacks against each and every one of us has turned Threat Intelligence from a luxury to a necessity. TI allows organizations to go beyond just collecting data about their threats, but also get to know them, be aware of what they are confronting with, maximize security, and pinpoint reconnaissance and weaponization methods before the breach occurs. The moment the organization directs it, the real challenge is to analyze the data. There is a multitude of TI sources, and many security tools are able to incorporate some sort of processed TI. However, if you want to do it professionally and tailored, you must have dedicated TI analysts. A well-equipped analyst, armed with this intelligence, can understand how the adversary relates to the target environment and know what he is capable of and what methods he uses. So, whether your enterprise is small or large, public or private, financially motivated or working for the good of mankind, TI has become something that is necessary, inevitable, committed to reality and a decision making tool. It is also not going to change anytime soon.