SlideShare a Scribd company logo

Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecurity' by Warren Finch for Cyberdefcon

Download as PPTX, PDF
APNIC
APNIC

Threat intelligence is about understanding cyber threats and can help organizations anticipate, prepare for, and respond to potential security issues. The document discusses threat intelligence including defining it, importance, types, sources, how to gather and analyze it, how to use it, and challenges in implementing it. It emphasizes moving more threats from unknown to known categories to better inform security decisions.

Internet
1 of 39
1 v1.3
2 v1.3 Understanding and Utilising Threat Intelligence in Cybersecurity Threat intelligence is about understanding the who, what, when, where, why, and how of the threats facing your organization. - Lance Spitzner, Director of SANS Institute's Security Awareness
3 v1.3 • Definition of Threat Intelligence • Importance of Threat Intelligence • Types of Threat Intelligence • Sources of Threat Intelligence • Gathering and Analysing Threat Intelligence • Using Threat Intelligence • Challenges in Implementing Agenda
4 v1.3 Definition of Threat Intelligence (TI) • Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors. CrowdStrike (2022) Retrieved from https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/ • Threat intelligence looks at the bigger picture – by interrogating the data and the broader context to construct a narrative that can inform decision-making. Kaspersky. (n.d.). Threat Intelligence. Retrieved from https://www.kaspersky.com/resource- center/definitions/threat-intelligence • Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision- making processes. NIST (n.d) Retrieved from https://csrc.nist.gov/glossary/term/threat_intelligence
5 v1.3 Importance of Threat Intelligence (TI) https://medium.com/@scardot/the-evolution-of-cyber-security-be9fedc8f4c5
6 v1.3 Importance of Threat Intelligence (TI) https://www.cyber.gov.au/sites/default/files/2019-03/Mitigation_Strategies_2017.pdf
7 v1.3 What is this animal? • Likes to swim? What do you think it is? – Fish – Seal – Otter • Has a bill? – Duck – Goose – Swan • Has fur?
8 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
9 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
10 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
11 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
12 v1.3 Importance of Threat Intelligence (TI) • Gathers, analyse & share information on cyber threats to an organisation. • Helps to anticipate and prepare for potential threats before they occur. • Allows for efficient and effective use of security resources. • Improves incident response capabilities. • Helps to maintain a good reputation and trust of clients and stakeholders.
13 v1.3 Types of Threat Intelligence (TI) • Strategic: Bigger picture of threat landscape • Operational: Current specific threats • Technical: Vulnerabilities, attack methods, malware • Tactical: Actionable information for detection and response to specific threats. https://doi.org/10.1007/978-3-030- 60425-7_3
14 v1.3 Types of Threat Intelligence (TI) • Reputation: Tracking malicious actors • Risk-based: Prioritizing threats • Industry-specific: Industry- specific threats & vulnerabilities https://doi.org/10.1007/978-3-030- 60425-7_3
15 v1.3 Sources of Threat Intelligence (TI) https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf#page=57 https://www.mindmeister.com/1202902455/threat-intelligence
16 v1.3 Sources of Threat Intelligence (TI) https://www.threatblockr.com/wp-content/uploads/ThreatIntelIntegrationsInfographicMay2021.pdf
17 v1.3 Open Source projects • MISP (Malware Information Sharing Platform): https://www.misp-project.org/ • TheHive: https://thehive-project.org/ • OpenCTI: https://opencti.io/ • OSINT-SPY: https://github.com/SharadKumar97/OSINT-SPY • OTX AlienVault: https://otx.alienvault.com/ • STIX/TAXII: – https://stixproject.github.io/ – https://taxiiproject.github.io/ • CIF (Collective Intelligence Framework): https://github.com/csirtgadgets/massive-octo- spice • Mitre ATT&CK - https://attack.mitre.org • Awesome Threat Intelligence - https://github.com/hslatman/awesome-threat-intelligence
18 v1.3 Sources of Threat Intelligence (TI) • Structured Threat Intelligence eXpression (STIX) – Schema for threat intelligence – Cyber Observables • Schema for lower level observations • Trusted Automated eXchange of Indicator Information (TAXII) – HTTPS Application layer transport protocol – Exchange STIX content between systems Interoperability STIX Domain Objects & relationships Cyber Observables Patterning Language TAXII https://www.oasis-open.org/committees/tc_home.php
19 v1.3 Gathering and Analysing Threat Intelligence https://doi.org/10.3390/app12031205
20 v1.3 Gathering and Analysing Threat Intelligence https://doi.org/10.3390/app12031205
Gathering and Analysing Threat Intelligence Unknown- Unknowns: • Threats that an organisation is not aware of and has no information about. Unknown- Knowns: • Threats that an organisation is not aware of but should be aware of. Known- Unknowns: • Threats that an organisation is aware of but does not have detailed information about. Known- Knowns: • Threats that an organisation is aware of and has detailed information about.
22 v1.3 Using Threat Intelligence • Improving security posture • Detecting and defending against threats • Responding to incidents https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/
23 v1.3 Using Threat Intelligence https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fmitigations%2FM1019%2FM1019- enterprise-layer.json
24 v1.3 Using Threat Intelligence https://attack.mitre.org/mitigations/M1019/
25 v1.3 Using Threat Intelligence https://assets.sentinelone.com/wt-reports/watchtower_2022_eoy#page=6
26 v1.3 Using Threat Intelligence • Do your systems detect these malicious activities: – CLI or PowerShell attacks – C2 server communications – Ransomware – Trojans – Malicious scripts or executables – Man in the Middle attacks – Disabling Security Tools (T1089) – … and many more • Can you prove it? https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
27 v1.3 Challenges in implementing Threat Intelligence • Difficulty in obtaining high-quality intelligence • Limited resources for analysis and dissemination • Ensuring the accuracy and reliability of the intelligence • Financial Implications • Use of Artificial Intelligence (AI) https://www.pinterest.com.au/pin/552605816791388928/
28 v1.3 Financial implications
29 v1.3 Using Artificial Intelligence (AI) • Automate the process of collecting, analyzing, and disseminating • Identify patterns and anomalies in large amounts of data that might be difficult for humans to detect. • Produce biased results if the data used to train them is biased or if the algorithm used is not fair. Can lead to inaccurate results. • Require high computational power and big data storage, which may be costly and difficult to implement. • AI systems are only as good as the data they are fed, and if the data is not accurate or incomplete, the system might produce inaccurate results. • Can also be used by malicious actors to improve their capabilities.
30 v1.3 Using Artificial Intelligence (AI) • Artificial intelligence (AI) tools like ChatGPT3 can be useful for helping to plan and implement threat intelligence projects. • How to use: – Create an account – Think of a topic – Create a list of questions to ask – Refine or re-phrase the questions – Do more research if required
31 v1.3 Request for Comments (RFC) • RFC 7452 Intelligence-Based Security: A Request for Comments – This RFC discusses the concept of intelligence-based security and how intelligence can be used to inform security decisions and actions. • RFC 7708 Threat Intelligence on the Internet – This RFC discusses the use of threat intelligence on the Internet and how it can be used to improve security. • RFC 7970 A Framework for Threat Intelligence – This RFC provides a framework for understanding threat intelligence and how it can be used to improve security. • RFC 7979 Threat Intelligence Feeds and Sharing – This RFC discusses the use of threat intelligence feeds and the importance of sharing threat intelligence among organizations. • RFC 8049 Threat Intelligence Sharing for Internet Service Providers – This RFC discusses the use of threat intelligence by Internet Service Providers (ISPs) and how it can be used to improve security.
32 v1.3 International Telecommunication Union (ITU) • ITU-T Recommendation X.1055: Use of threat intelligence for cybersecurity – This recommendation provides guidance on the use of threat intelligence for cybersecurity, including how to collect, analyse, and use threat intelligence to improve security. • ITU-T Recommendation X.1530: Framework for threat intelligence sharing – This recommendation provides a framework for sharing threat intelligence among organisations, including guidelines for the format, structure, and content of threat intelligence reports. • ITU-T Recommendation X.1540: Guidelines for the use of threat intelligence in incident response – – This recommendation provides guidelines for the use of threat intelligence in incident response, including how to collect, analyse, and use threat intelligence to improve the effectiveness of incident response efforts. • ITU-T Recommendation X.1550: Best practices for the use of threat intelligence in cybersecurity – This recommendation provides best practices for the use of threat intelligence in cybersecurity, including how to collect, analyze, and use threat intelligence to improve security.
33 v1.3 Future of Threat Intelligence (TI) • Increased use of Artificial Intelligence (AI) and Machine Learning (ML). • Greater focus on proactive defenses. • More emphasis on sharing and collaboration. • Greater focus on privacy and security. • More emphasis on multi-vector and multi-stage attack vectors.
34 v1.3 Summary • Definition of threat intelligence and its importance in cybersecurity • Different types of threat intelligence. • Different sources of threat intelligence and how to gather and analyse it • How threat intelligence can be used in cybersecurity • The challenges in implementing threat intelligence, such as: – difficulty in obtaining high-quality intelligence, – limited resources for analysis and dissemination and – ensuring the accuracy and reliability of the intelligence
35 v1.3 Summary • Importance of threat intelligence to inform security decisions and actions, and the goal of moving as much information as possible from the unknown-unknown and unknown-known categories to the known-unknown and known-known categories.
36 v1.3 References • https://chat.openai.com • https://www.th3protocol.com/2022/ChatGPT-LeakSite-Analysis • https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf • https://github.com/topics/cyber-threat-intelligence • https://www.enisa.europa.eu/publications/cyberthreat-intelligence- overview/at_download/fullReport • https://gbhackers.com/cyber-threat-intelligence-tools/amp/ • https://attack.mitre.org • https://www.mindmeister.com/1202902455/threat-intelligence
37 v1.3 References • https://www.auditscripts.com/free-resources/open-threat-taxonomy
38 v1.3 International Telecommunication Union (ITU) • ITU-T Recommendation X.1217: Guidelines for applying threat intelligence in telecommunication network operation – This recommendation provides guidance for using threat intelligence to secure telecommunication networks.
39 v1.3 Thank You!

Recommended

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 

Recommended

Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligencePrachi Mishra
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghCyber threat Intelligence and Incident Response by:-Sandeep Singh
Cyber threat Intelligence and Incident Response by:-Sandeep SinghOWASP Delhi
 
Effective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceEffective Threat Hunting with Tactical Threat Intelligence
Effective Threat Hunting with Tactical Threat IntelligenceDhruv Majumdar
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat IntelligenceNTT Innovation Institute Inc.
 
Threat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsThreat Intelligence in Cyber Risk Programs
Threat Intelligence in Cyber Risk ProgramsRahul Neel Mani
 
The Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixThe Cyber Threat Intelligence Matrix
The Cyber Threat Intelligence MatrixFrode Hommedal
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Threat Intelligence
Threat IntelligenceThreat Intelligence
Threat IntelligenceDeepak Kumar (D3)
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting WorkshopSplunk
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentationJesse Ratcliffe, OSCP
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attackAbdelhakim Salama
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 

More Related Content

What's hot

Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing Netpluz Asia Pte Ltd
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUlf Mattsson
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Priyanka Aash
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting WorkshopSplunk
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsMark Arena
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoKatie Nickels
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityOlivier Busolini
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONSylvain Martinez
 
Threat Hunting
Threat HuntingThreat Hunting
Threat HuntingSplunk
 

What's hot (20)

Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - Submitted
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing VAPT - Vulnerability Assessment & Penetration Testing
VAPT - Vulnerability Assessment & Penetration Testing
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Understanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External ThreatsUnderstanding Your Attack Surface and Detecting & Mitigating External Threats
Understanding Your Attack Surface and Detecting & Mitigating External Threats
 
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
Security Strategy and Tactic with Cyber Threat Intelligence (CTI)
 
Threat Hunting Workshop
Threat Hunting WorkshopThreat Hunting Workshop
Threat Hunting Workshop
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
From OSINT to Phishing presentation
From OSINT to Phishing presentationFrom OSINT to Phishing presentation
From OSINT to Phishing presentation
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security Testing
 
Cyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metricsCyber threat intelligence: maturity and metrics
Cyber threat intelligence: maturity and metrics
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status QuoBSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
BSidesLV 2018 - Katie Nickels and John Wunder - ATT&CKing the Status Quo
 
WannaCry ransomware attack
WannaCry ransomware attackWannaCry ransomware attack
WannaCry ransomware attack
 
Artificial Intelligence and Cybersecurity
Artificial Intelligence and CybersecurityArtificial Intelligence and Cybersecurity
Artificial Intelligence and Cybersecurity
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
INCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATIONINCIDENT RESPONSE NIST IMPLEMENTATION
INCIDENT RESPONSE NIST IMPLEMENTATION
 
Threat Hunting
Threat HuntingThreat Hunting
Threat Hunting
 

Similar to Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecurity' by Warren Finch for Cyberdefcon

Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfssuser4237d4
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopDigit Oktavianto
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceVishal Kumar
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightHostway|HOSTING
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecuritySaqib Chaudhry
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxmanas23pgdm157
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hackingijtsrd
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptxInfosectrain3
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Andreas Sfakianakis
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbersAPNIC
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseEMC
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptxChi En (Ashley) Shen
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalJohn Dunne
 
IRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
IRJET - Unauthorized Terror Attack Tracking System using Web Usage MiningIRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
IRJET - Unauthorized Terror Attack Tracking System using Web Usage MiningIRJET Journal
 
Terrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data MiningTerrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data MiningIRJET Journal
 

Similar to Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecurity' by Warren Finch for Cyberdefcon (20)

Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdfCyber Threat Hunting Workshop.pdf
Cyber Threat Hunting Workshop.pdf
 
Cyber Threat Hunting Workshop
Cyber Threat Hunting WorkshopCyber Threat Hunting Workshop
Cyber Threat Hunting Workshop
 
Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
Cisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity ReportCisco 2018, Annual Cybersecurity Report
Cisco 2018, Annual Cybersecurity Report
 
Cyber Threat Hunting with Phirelight
Cyber Threat Hunting with PhirelightCyber Threat Hunting with Phirelight
Cyber Threat Hunting with Phirelight
 
How Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber SecurityHow Data Analytics is Re-defining Modern Era in Cyber Security
How Data Analytics is Re-defining Modern Era in Cyber Security
 
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docxOutsmarting the Attackers A Deep Dive into Threat Intelligence.docx
Outsmarting the Attackers A Deep Dive into Threat Intelligence.docx
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
What is Threat Modeling .pptx
What is Threat Modeling .pptxWhat is Threat Modeling .pptx
What is Threat Modeling .pptx
 
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
Threat Intelligence: State-of-the-art and Trends - Secure South West 2015
 
Cybersecurity by the numbers
Cybersecurity by the numbersCybersecurity by the numbers
Cybersecurity by the numbers
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 
Intelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and ResponseIntelligence Driven Threat Detection and Response
Intelligence Driven Threat Detection and Response
 
cyber security notes
cyber security notescyber security notes
cyber security notes
 
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
[HITCON 2020 CTI Village] Threat Hunting and Campaign Tracking Workshop.pptx
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 Final
 
IRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
IRJET - Unauthorized Terror Attack Tracking System using Web Usage MiningIRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
IRJET - Unauthorized Terror Attack Tracking System using Web Usage Mining
 
Terrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data MiningTerrorism Analysis through Social Media using Data Mining
Terrorism Analysis through Social Media using Data Mining
 

More from APNIC

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119APNIC
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119APNIC
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119APNIC
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonAPNIC
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonAPNIC
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPNIC
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6APNIC
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!APNIC
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023APNIC
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAPNIC
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAPNIC
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAPNIC
 

More from APNIC (20)

DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119draft-harrison-sidrops-manifest-number-01, presented at IETF 119
draft-harrison-sidrops-manifest-number-01, presented at IETF 119
 
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
Making an RFC in Today's IETF, presented by Geoff Huston at IETF 119
 
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
IPv6 Operational Issues (with DNS), presented by Geoff Huston at IETF 119
 
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
Is DNS ready for IPv6, presented by Geoff Huston at IETF 119
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85
 
NANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff HustonNANOG 90: 'BGP in 2023' presented by Geoff Huston
NANOG 90: 'BGP in 2023' presented by Geoff Huston
 
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff HustonDNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
DNS-OARC 42: Is the DNS ready for IPv6? presentation by Geoff Huston
 
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, ThailandAPAN 57: APNIC Report at APAN 57, Bangkok, Thailand
APAN 57: APNIC Report at APAN 57, Bangkok, Thailand
 
Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6Lao Digital Week 2024: It's time to deploy IPv6
Lao Digital Week 2024: It's time to deploy IPv6
 
AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!AINTEC 2023: Networking in the Penumbra!
AINTEC 2023: Networking in the Penumbra!
 
CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023CNIRC 2023: Global and Regional IPv6 Deployment 2023
CNIRC 2023: Global and Regional IPv6 Deployment 2023
 
AFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet developmentAFSIG 2023: APNIC Foundation and support for Internet development
AFSIG 2023: APNIC Foundation and support for Internet development
 
AFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment StatusAFNOG 1: Afghanistan IP Deployment Status
AFNOG 1: Afghanistan IP Deployment Status
 
AFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressingAFSIG 2023: Internet routing and addressing
AFSIG 2023: Internet routing and addressing
 

Recently uploaded

Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 

Recently uploaded (20)

Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 

Presentation on 'Understanding and Utilising Threat Intelligence in Cybersecurity' by Warren Finch for Cyberdefcon

  • 2. 2 v1.3 Understanding and Utilising Threat Intelligence in Cybersecurity Threat intelligence is about understanding the who, what, when, where, why, and how of the threats facing your organization. - Lance Spitzner, Director of SANS Institute's Security Awareness
  • 3. 3 v1.3 • Definition of Threat Intelligence • Importance of Threat Intelligence • Types of Threat Intelligence • Sources of Threat Intelligence • Gathering and Analysing Threat Intelligence • Using Threat Intelligence • Challenges in Implementing Agenda
  • 4. 4 v1.3 Definition of Threat Intelligence (TI) • Threat intelligence is data that is collected, processed, and analyzed to understand a threat actor’s motives, targets, and attack behaviors. CrowdStrike (2022) Retrieved from https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/ • Threat intelligence looks at the bigger picture – by interrogating the data and the broader context to construct a narrative that can inform decision-making. Kaspersky. (n.d.). Threat Intelligence. Retrieved from https://www.kaspersky.com/resource- center/definitions/threat-intelligence • Threat information that has been aggregated, transformed, analyzed, interpreted, or enriched to provide the necessary context for decision- making processes. NIST (n.d) Retrieved from https://csrc.nist.gov/glossary/term/threat_intelligence
  • 5. 5 v1.3 Importance of Threat Intelligence (TI) https://medium.com/@scardot/the-evolution-of-cyber-security-be9fedc8f4c5
  • 6. 6 v1.3 Importance of Threat Intelligence (TI) https://www.cyber.gov.au/sites/default/files/2019-03/Mitigation_Strategies_2017.pdf
  • 7. 7 v1.3 What is this animal? • Likes to swim? What do you think it is? – Fish – Seal – Otter • Has a bill? – Duck – Goose – Swan • Has fur?
  • 8. 8 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  • 9. 9 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  • 10. 10 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  • 11. 11 v1.3 Importance of Threat Intelligence (TI) https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  • 12. 12 v1.3 Importance of Threat Intelligence (TI) • Gathers, analyse & share information on cyber threats to an organisation. • Helps to anticipate and prepare for potential threats before they occur. • Allows for efficient and effective use of security resources. • Improves incident response capabilities. • Helps to maintain a good reputation and trust of clients and stakeholders.
  • 13. 13 v1.3 Types of Threat Intelligence (TI) • Strategic: Bigger picture of threat landscape • Operational: Current specific threats • Technical: Vulnerabilities, attack methods, malware • Tactical: Actionable information for detection and response to specific threats. https://doi.org/10.1007/978-3-030- 60425-7_3
  • 14. 14 v1.3 Types of Threat Intelligence (TI) • Reputation: Tracking malicious actors • Risk-based: Prioritizing threats • Industry-specific: Industry- specific threats & vulnerabilities https://doi.org/10.1007/978-3-030- 60425-7_3
  • 15. 15 v1.3 Sources of Threat Intelligence (TI) https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf#page=57 https://www.mindmeister.com/1202902455/threat-intelligence
  • 16. 16 v1.3 Sources of Threat Intelligence (TI) https://www.threatblockr.com/wp-content/uploads/ThreatIntelIntegrationsInfographicMay2021.pdf
  • 17. 17 v1.3 Open Source projects • MISP (Malware Information Sharing Platform): https://www.misp-project.org/ • TheHive: https://thehive-project.org/ • OpenCTI: https://opencti.io/ • OSINT-SPY: https://github.com/SharadKumar97/OSINT-SPY • OTX AlienVault: https://otx.alienvault.com/ • STIX/TAXII: – https://stixproject.github.io/ – https://taxiiproject.github.io/ • CIF (Collective Intelligence Framework): https://github.com/csirtgadgets/massive-octo- spice • Mitre ATT&CK - https://attack.mitre.org • Awesome Threat Intelligence - https://github.com/hslatman/awesome-threat-intelligence
  • 18. 18 v1.3 Sources of Threat Intelligence (TI) • Structured Threat Intelligence eXpression (STIX) – Schema for threat intelligence – Cyber Observables • Schema for lower level observations • Trusted Automated eXchange of Indicator Information (TAXII) – HTTPS Application layer transport protocol – Exchange STIX content between systems Interoperability STIX Domain Objects & relationships Cyber Observables Patterning Language TAXII https://www.oasis-open.org/committees/tc_home.php
  • 19. 19 v1.3 Gathering and Analysing Threat Intelligence https://doi.org/10.3390/app12031205
  • 20. 20 v1.3 Gathering and Analysing Threat Intelligence https://doi.org/10.3390/app12031205
  • 21. Gathering and Analysing Threat Intelligence Unknown- Unknowns: • Threats that an organisation is not aware of and has no information about. Unknown- Knowns: • Threats that an organisation is not aware of but should be aware of. Known- Unknowns: • Threats that an organisation is aware of but does not have detailed information about. Known- Knowns: • Threats that an organisation is aware of and has detailed information about.
  • 22. 22 v1.3 Using Threat Intelligence • Improving security posture • Detecting and defending against threats • Responding to incidents https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/
  • 23. 23 v1.3 Using Threat Intelligence https://mitre-attack.github.io/attack-navigator//#layerURL=https%3A%2F%2Fattack.mitre.org%2Fmitigations%2FM1019%2FM1019- enterprise-layer.json
  • 24. 24 v1.3 Using Threat Intelligence https://attack.mitre.org/mitigations/M1019/
  • 25. 25 v1.3 Using Threat Intelligence https://assets.sentinelone.com/wt-reports/watchtower_2022_eoy#page=6
  • 26. 26 v1.3 Using Threat Intelligence • Do your systems detect these malicious activities: – CLI or PowerShell attacks – C2 server communications – Ransomware – Trojans – Malicious scripts or executables – Man in the Middle attacks – Disabling Security Tools (T1089) – … and many more • Can you prove it? https://detect-respond.blogspot.com/2013/03/the-pyramid-of-pain.html
  • 27. 27 v1.3 Challenges in implementing Threat Intelligence • Difficulty in obtaining high-quality intelligence • Limited resources for analysis and dissemination • Ensuring the accuracy and reliability of the intelligence • Financial Implications • Use of Artificial Intelligence (AI) https://www.pinterest.com.au/pin/552605816791388928/
  • 29. 29 v1.3 Using Artificial Intelligence (AI) • Automate the process of collecting, analyzing, and disseminating • Identify patterns and anomalies in large amounts of data that might be difficult for humans to detect. • Produce biased results if the data used to train them is biased or if the algorithm used is not fair. Can lead to inaccurate results. • Require high computational power and big data storage, which may be costly and difficult to implement. • AI systems are only as good as the data they are fed, and if the data is not accurate or incomplete, the system might produce inaccurate results. • Can also be used by malicious actors to improve their capabilities.
  • 30. 30 v1.3 Using Artificial Intelligence (AI) • Artificial intelligence (AI) tools like ChatGPT3 can be useful for helping to plan and implement threat intelligence projects. • How to use: – Create an account – Think of a topic – Create a list of questions to ask – Refine or re-phrase the questions – Do more research if required
  • 31. 31 v1.3 Request for Comments (RFC) • RFC 7452 Intelligence-Based Security: A Request for Comments – This RFC discusses the concept of intelligence-based security and how intelligence can be used to inform security decisions and actions. • RFC 7708 Threat Intelligence on the Internet – This RFC discusses the use of threat intelligence on the Internet and how it can be used to improve security. • RFC 7970 A Framework for Threat Intelligence – This RFC provides a framework for understanding threat intelligence and how it can be used to improve security. • RFC 7979 Threat Intelligence Feeds and Sharing – This RFC discusses the use of threat intelligence feeds and the importance of sharing threat intelligence among organizations. • RFC 8049 Threat Intelligence Sharing for Internet Service Providers – This RFC discusses the use of threat intelligence by Internet Service Providers (ISPs) and how it can be used to improve security.
  • 32. 32 v1.3 International Telecommunication Union (ITU) • ITU-T Recommendation X.1055: Use of threat intelligence for cybersecurity – This recommendation provides guidance on the use of threat intelligence for cybersecurity, including how to collect, analyse, and use threat intelligence to improve security. • ITU-T Recommendation X.1530: Framework for threat intelligence sharing – This recommendation provides a framework for sharing threat intelligence among organisations, including guidelines for the format, structure, and content of threat intelligence reports. • ITU-T Recommendation X.1540: Guidelines for the use of threat intelligence in incident response – – This recommendation provides guidelines for the use of threat intelligence in incident response, including how to collect, analyse, and use threat intelligence to improve the effectiveness of incident response efforts. • ITU-T Recommendation X.1550: Best practices for the use of threat intelligence in cybersecurity – This recommendation provides best practices for the use of threat intelligence in cybersecurity, including how to collect, analyze, and use threat intelligence to improve security.
  • 33. 33 v1.3 Future of Threat Intelligence (TI) • Increased use of Artificial Intelligence (AI) and Machine Learning (ML). • Greater focus on proactive defenses. • More emphasis on sharing and collaboration. • Greater focus on privacy and security. • More emphasis on multi-vector and multi-stage attack vectors.
  • 34. 34 v1.3 Summary • Definition of threat intelligence and its importance in cybersecurity • Different types of threat intelligence. • Different sources of threat intelligence and how to gather and analyse it • How threat intelligence can be used in cybersecurity • The challenges in implementing threat intelligence, such as: – difficulty in obtaining high-quality intelligence, – limited resources for analysis and dissemination and – ensuring the accuracy and reliability of the intelligence
  • 35. 35 v1.3 Summary • Importance of threat intelligence to inform security decisions and actions, and the goal of moving as much information as possible from the unknown-unknown and unknown-known categories to the known-unknown and known-known categories.
  • 36. 36 v1.3 References • https://chat.openai.com • https://www.th3protocol.com/2022/ChatGPT-LeakSite-Analysis • https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf • https://github.com/topics/cyber-threat-intelligence • https://www.enisa.europa.eu/publications/cyberthreat-intelligence- overview/at_download/fullReport • https://gbhackers.com/cyber-threat-intelligence-tools/amp/ • https://attack.mitre.org • https://www.mindmeister.com/1202902455/threat-intelligence
  • 38. 38 v1.3 International Telecommunication Union (ITU) • ITU-T Recommendation X.1217: Guidelines for applying threat intelligence in telecommunication network operation – This recommendation provides guidance for using threat intelligence to secure telecommunication networks.

Editor's Notes

  1. Welcome to this course on Linux Basics by APNIC.
  2. So, what is Linux?
  3. Imagine that a city is under constant threat of attacks from criminals and bandits. The city's leaders have invested heavily in a strong police force, surveillance cameras and other security tools to protect the city's citizens and their properties. However, despite these efforts, the city is still experiencing regular attacks. One day, the city's leaders decide to establish a specialized intelligence unit, tasked with gathering information about the criminals, their methods and their plans. This unit starts to gather information from various sources, such as police reports, eyewitness accounts and even undercover agents. They also started to track the activities of known criminal groups and individuals. With this new intelligence, the city's leaders were able to take proactive measures to protect the city and its citizens. They were able to identify and block specific attacks, increase patrols in high-risk areas and develop new security measures to protect against emerging threats. As a result, the number of attacks in the city dropped dramatically and the citizens felt much safer. The city's reputation as a safe place to live also improved, and more people decided to move there. This analogy illustrates how threat intelligence can be used to stay ahead of attackers and protect an organization or a city from security breaches. It highlights the importance of gathering and analyzing threat intelligence, and how this information can be used to improve an organization's security posture.
  4. The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help technical cyber security professionals in all organisations mitigate cyber security incidents https://www.cyber.gov.au/publications/strategies-to-mitigate-cyber-security-incidents
  5. You have a packet capture of network activity; how would you know if there is any suspicious activity? https://academy.apnic.net/virtual-labs?labId=126072 https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  6. You have a packet capture of network activity; how would you know if there is any suspicious activity? https://academy.apnic.net/virtual-labs?labId=126072 https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  7. You have a packet capture of network activity; how would you know if there is any suspicious activity? https://academy.apnic.net/virtual-labs?labId=126072 https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  8. You have a packet capture of network activity; how would you know if there is any suspicious activity? https://academy.apnic.net/virtual-labs?labId=126072 https://blog.apnic.net/2019/07/09/how-to-analysing-packet-captures-with-security-onion/
  9. Imagine that a city is under constant threat of attacks from criminals and bandits. The city's leaders have invested heavily in a strong police force, surveillance cameras and other security tools to protect the city's citizens and their properties. However, despite these efforts, the city is still experiencing regular attacks. One day, the city's leaders decide to establish a specialized intelligence unit, tasked with gathering information about the criminals, their methods and their plans. This unit starts to gather information from various sources, such as police reports, eyewitness accounts and even undercover agents. They also started to track the activities of known criminal groups and individuals. With this new intelligence, the city's leaders were able to take proactive measures to protect the city and its citizens. They were able to identify and block specific attacks, increase patrols in high-risk areas and develop new security measures to protect against emerging threats. As a result, the number of attacks in the city dropped dramatically and the citizens felt much safer. The city's reputation as a safe place to live also improved, and more people decided to move there. This analogy illustrates how threat intelligence can be used to stay ahead of attackers and protect an organization or a city from security breaches. It highlights the importance of gathering and analyzing threat intelligence, and how this information can be used to improve an organization's security posture.
  10. Image from: Montasari, R., Carroll, F., Macdonald, S., Jahankhani, H., Hosseinian-Far, A., & Daneshkhah, A. (2020). Application of Artificial Intelligence and Machine Learning in Producing Actionable Cyber Threat Intelligence. In Digital Forensic Investigation of Internet of Things (IoT) Devices (pp. 47–64). Springer International Publishing. https://doi.org/10.1007/978-3-030-60425-7_3
  11. Image from: Montasari, R., Carroll, F., Macdonald, S., Jahankhani, H., Hosseinian-Far, A., & Daneshkhah, A. (2020). Application of Artificial Intelligence and Machine Learning in Producing Actionable Cyber Threat Intelligence. In Digital Forensic Investigation of Internet of Things (IoT) Devices (pp. 47–64). Springer International Publishing. https://doi.org/10.1007/978-3-030-60425-7_3
  12. https://www.mindmeister.com/1202902455/threat-intelligence https://ltu.diva-portal.org/smash/get/diva2:1629834/FULLTEXT01.pdf#page=57 Erik Lopez (2021) Master’s Thesis for Luleå University of Technology called “A Framework to Establish a Threat Intelligence Program”
  13. https://youtu.be/qAb7hL0HQ2M?t=127 https://www.oasis-open.org/committees/tc_home.php
  14. Image is from page 3 of this research paper Amaro, L. J. B., Azevedo, B. W. P., de Mendonca, F. L. L., Giozza, W. F., Albuquerque, R. de O., & Villalba, L. J. G. (2022). Methodological Framework to Collect, Process, Analyze and Visualize Cyber Threat Intelligence Data. Applied Sciences, 12(3), 1205–. https://doi.org/10.3390/app12031205 Also available at https://www.mdpi.com/2076-3417/12/3/1205 Data can be from things like: Alerts, logs, feeds, configuration, dark web or forensics
  15. Image is from page 7 and 8 of this research paper Amaro, L. J. B., Azevedo, B. W. P., de Mendonca, F. L. L., Giozza, W. F., Albuquerque, R. de O., & Villalba, L. J. G. (2022). Methodological Framework to Collect, Process, Analyze and Visualize Cyber Threat Intelligence Data. Applied Sciences, 12(3), 1205–. https://doi.org/10.3390/app12031205 Also available at https://www.mdpi.com/2076-3417/12/3/1205 • Gathering and analysing threat intelligence o Identifying key information sources o Developing a process for collecting and organising information o Analysing and interpreting the data o Disseminating the intelligence to relevant parties
  16. One way of classifying threat intelligence is based on the degree of certainty and familiarity that an organization has with the threat. One popular framework for this classification is the "known-unknown-unknown-known" framework, which separates threats into four categories: Known-Knowns: These are threats that an organization is aware of and has detailed information about. This type of threat intelligence is typically the easiest to deal with, as the organization has a clear understanding of the threat and can take appropriate actions to mitigate it. Known-Unknowns: These are threats that an organization is aware of, but does not have detailed information about. For example, an organization may know that a certain type of malware exists, but may not have specific information about how it works or how to detect it. This type of threat intelligence can be more challenging to deal with, as the organization will need to conduct further research and analysis to better understand the threat. Unknown-Knowns: These are threats that an organization is not aware of, but should be aware of. For example, an organization may not be aware of a new vulnerability in a piece of software that it uses, even though a patch for the vulnerability has been released. This type of threat intelligence can be particularly challenging to deal with, as the organization may not even realize that it is at risk. Unknown-Unknowns: These are threats that an organization is not aware of and has no information about. This type of threat intelligence is the most difficult to deal with, as the organization has no information to work with and must rely on other means, such as threat hunting, to discover and assess it.
  17. Threat report for 2022, accessed on 20 Jan 2023
  18. Threat report for 2022, accessed on 20 Jan 2023
  19. Difficulty in obtaining high-quality intelligence: One of the main challenges in implementing threat intelligence is obtaining high-quality intelligence that is relevant and actionable. This can be difficult because there is a lot of low-quality or irrelevant information available, and it can be time-consuming and resource-intensive to collect and filter through all of this information to find the valuable intelligence. Limited resources for analysis and dissemination: Another challenge is having the resources to analyze and disseminate the intelligence once it has been collected. This includes having the personnel and technology to process large amounts of data, as well as the ability to communicate the intelligence to the right people within an organization in a timely and effective manner. Ensuring the accuracy and reliability of the intelligence: Ensuring that the intelligence that is collected is accurate and reliable is crucial, as bad intelligence can lead to poor decision-making and wasted resources. This can be a challenge because it can be difficult to verify the accuracy of the information, and there is a risk that false or misleading information may be included in the intelligence. Financial Implications: Implementing threat intelligence can be costly, both in terms of the initial investment and ongoing expenses. This includes the cost of buying or developing the technology and tools to collect and analyze the intelligence, as well as the cost of hiring and training personnel. Using Artificial Intelligence (AI): AI can be used to improve the efficiency and effectiveness of threat intelligence,
  20. https://www.innovationaus.com/cyber-threat-platform-costing-govt-59k-a-day/ https://aws.amazon.com/marketplace/pp/prodview-vffbkdmopipia
  21. In this example I asked the ChatGPT3 AI tool about resources for Threat intelligence and it responded with the following results for standards
  22. In this example I asked the ChatGPT3 AI tool about resources for Threat intelligence and it responded with the following results for standards What is ChatGPT? ChatGPT is a natural language processing (NLP) model developed by OpenAI that is designed to generate human-like text in real-time. It is based on the GPT-3 (Generative Pre-training Transformer v3) language model, which is a transformer-based neural network trained on a large dataset of text. ChatGPT is trained specifically on a dataset of human conversation, which enables it to generate text that is more natural and human-like than models trained on other types of text.   GPT-3 is a large-scale language model that was trained on a dataset of billions of words, including books, articles, and websites. It is able to generate a wide range of text, from short phrases to full-length articles, and is capable of completing tasks such as translation, summarization, and question answering. GPT-3 has received a lot of attention in the media and the tech industry due to its impressive language generation capabilities and its potential to be used in a variety of applications.   One of the key features of ChatGPT is its ability to continue a conversation based on a prompt or previous conversation history. For example, you can provide ChatGPT with a prompt such as "Hello, how are you?" and it will generate a response such as "I'm doing well, thanks for asking. How are you?" You can then provide a follow-up prompt, and ChatGPT will continue the conversation based on its understanding of the previous exchanges.   To generate text, ChatGPT uses a process called "transformer-based language modeling." This involves using machine learning algorithms to analyze the patterns and relationships in the training data (in this case, human conversation), and using this analysis to predict what words or phrases are likely to come next in a conversation. ChatGPT is able to generate text that is difficult to distinguish from human-written text because it has learned to mimic the patterns and structures of human conversation. Here's an example of how this might work in practice:   Imagine you are playing a game of chess, and you have a computer program that is trying to predict which move you will make next. The computer might start by analyzing the positions of all the pieces on the board, and then creating a list of all the possible moves that you could make. It could then use that list to build a model of what kind of moves you are likely to make based on the current state of the game.   So, in this case, the computer is "looking at" the positions of the pieces on the board (similar to how GPT-3 looks at the previous words in a sequence), and using that information to try to predict what move you will make next (similar to how GPT-3 tries to predict the next word in a sequence).
  23. All of these are incorrect and provided by chatGPT3
  24. All of these are incorrect and provided by chatGPT3
  25. Increased use of Artificial Intelligence (AI) and Machine Learning (ML): As the volume of data and the complexity of threats continue to increase, organizations will likely turn to AI and ML to help them analyze and make sense of this information. This could include using AI and ML to automatically identify patterns and anomalies in large amounts of data, as well as to automate the collection, analysis, and dissemination of threat intelligence. Greater focus on proactive defense: In the past, organizations have primarily focused on reactive defense, meaning they only acted after a threat had been identified. However, the future of threat intelligence is likely to involve a greater focus on proactive defense, where organizations use threat intelligence to identify potential threats before they can cause harm. This could include using threat intelligence to identify vulnerabilities in systems and networks, as well as to identify the tactics, techniques, and procedures (TTPs) used by attackers. More emphasis on sharing and collaboration: As the threat landscape continues to evolve, organizations will need to share information and collaborate more effectively to stay ahead of threats. This could include the development of industry-wide threat intelligence sharing platforms, as well as the formation of information-sharing and analysis centers (ISACs) and government-industry partnerships. Greater focus on privacy and security: The use of threat intelligence will increasingly raise concerns about privacy and security, particularly as organizations begin to collect and analyze more sensitive information. As a result, organizations will need to ensure that they are complying with data protection laws and regulations, as well as implementing robust security controls to protect the information they collect and share. More emphasis on multi-vector and multi-stage attack vectors: The future of threat intelligence will also include more focus on understanding and defending against multi-vector and multi-stage attack vectors. This could include understanding how different types of threat actors work together, and how different types of attacks are orchestrated, in order to develop more effective defense strategies.
  26. But in reality this is a valid ITU-T recommendation
  27. Haven't tested but would assume like previous slides all of these are incorrect and provided by chatGPT3
  28. In this example I asked the ChatGPT3 AI tool about resources for Threat intelligence and it responded with the following results for standards
  29. One way of classifying threat intelligence is based on the degree of certainty and familiarity that an organization has with the threat. One popular framework for this classification is the "known-unknown-unknown-known" framework, which separates threats into four categories: Known-Knowns: These are threats that an organization is aware of and has detailed information about. This type of threat intelligence is typically the easiest to deal with, as the organization has a clear understanding of the threat and can take appropriate actions to mitigate it. Known-Unknowns: These are threats that an organization is aware of, but does not have detailed information about. For example, an organization may know that a certain type of malware exists, but may not have specific information about how it works or how to detect it. This type of threat intelligence can be more challenging to deal with, as the organization will need to conduct further research and analysis to better understand the threat. Unknown-Knowns: These are threats that an organization is not aware of, but should be aware of. For example, an organization may not be aware of a new vulnerability in a piece of software that it uses, even though a patch for the vulnerability has been released. This type of threat intelligence can be particularly challenging to deal with, as the organization may not even realize that it is at risk. Unknown-Unknowns: These are threats that an organization is not aware of and has no information about. This type of threat intelligence is the most difficult to deal with, as the organization has no information to work with and must rely on other means, such as threat hunting, to discover and assess it.