SlideShare a Scribd company logo

Threat intelligence life cycle steps by steps

Download as PPTX, PDF
J
JayeshGadhave1

Engineering

Engineering
1 of 12
Threat Intelligence Lifecycle in 6 Steps • Threat intelligence is built on analytic techniques honed over several decades by government and military agencies. • Traditional intelligence focuses on six distinct phases that make up what is called the “intelligence cycle”: direction, collection, processing, analysis, dissemination, and feedback.
Threat Intelligence Lifecycle in 6 Steps
Threat Intelligence Lifecycle in 6 Steps • 1. Direction • The direction phase of the lifecycle is when you set goals for the threat intelligence program. This involves understanding and articulating: • The information assets and business processes that need to be protected • The potential impacts of losing those assets or interrupting those processes • The types of threat intelligence that the security organization requires to protect assets and respond to emerging threats • Priorities about what to protect • Once high-level intelligence needs are determined, an organization can formulate questions that channel the need for information into discrete requirements. • For example, if a goal is to understand likely adversaries, one logical question would be, “Which threat actors on underground forums are actively soliciting data concerning our organization?”
Threat Intelligence Lifecycle in 6 Steps • 2. Collection • Collection is the process of gathering information to address the most important intelligence requirements. Information gathering can occur organically through a variety of means, including: • Pulling metadata and logs from internal networks and security devices • Subscribing to threat data feeds from industry organizations and cybersecurity vendors • Holding conversations and targeted interviews with knowledgeable sources • Scanning open source news and blogs (a common OSINT practice) • Scraping and harvesting websites and forums • Infiltrating closed sources such as dark web forums • The data collected typically will be a combination of finished intelligence information, such as intelligence reports from cybersecurity experts and vendors, and raw data, like malware signatures or leaked credentials on a paste site.
Threat Intelligence Lifecycle in 6 Steps • 3. Processing • Processing is the transformation of collected information into a format usable by the organization. Almost all raw data collected needs to be processed in some manner, whether by humans or machines. Different collection methods often require different means of processing. Human reports may need to be correlated and ranked, deconflicted, and checked. • An example might be extracting IP addresses from a security vendor’s report and adding them to a CSV file for importing to a security information and event management (SIEM) product. In a more technical area, processing might involve extracting indicators from an email, enriching them with other information, and then communicating with endpoint protection tools for automated blocking.
Threat Intelligence Lifecycle in 6 Steps • 4. Analysis • Analysis is a human process that turns processed information into intelligence that can inform decisions. • Depending on the circumstances, the decisions might involve whether to investigate potential emerging threats, what actions to take immediately to block an attack, how to strengthen security controls, or how much investment in additional security resources is justified. • The form in which the information is presented is especially important. It is useless and wasteful to collect and process information and then deliver it in a form that can’t be understood and used by the decision maker. • For example, if you want to communicate with non-technical leaders, your report must: • Be concise (a one-page memo or a handful of slides) • Avoid confusing and overly technical terms and jargon • Articulate the issues in business terms (such as direct and indirect costs and impact on reputation) • Include a recommended course of action • Some intelligence may need to be delivered in a variety of formats for different audiences, say, by a live video feed or a PowerPoint presentation. • Not all intelligence needs to be digested via a formal report. Successful cyber threat intelligence teams provide continual technical reporting to other security teams with external context around IOCs, malware, threat actors, vulnerabilities, and threat trends.
Threat Intelligence Lifecycle in 6 Steps • 5. Dissemination • Dissemination involves getting the finished intelligence output to the places it needs to go. • Most cybersecurity organizations have at least six teams that can benefit from threat intelligence. • For each of these audiences, you need to ask: • What threat intelligence do they need, and how can external information support their activities? • How should the intelligence be presented to make it easily understandable and actionable for that audience? • How often should we provide updates and other information? • Through what media should the intelligence be disseminated? • How should we follow up if they have questions?
Threat Intelligence Lifecycle in 6 Steps • 6. Feedback • We believe that it is critically important to understand your overall intelligence priorities and the requirements of the security teams that will be consuming the threat intelligence. • Their needs guide all phases of the threat intelligence lifecycle and tell you: • What types of data to collect? • How to process and enrich the data to turn it into useful information? • How to analyze the information and present it as actionable threat intelligence? • To whom each type of intelligence must be disseminated, how quickly it needs to be disseminated, and how fast to respond to questions? • You need regular feedback to make sure you understand the requirements of each group, and to make adjustments as their requirements and priorities change.
Why is the cyber threat intelligence cycle crucial for security teams? • The cyber threat intelligence cycle is pivotal for security teams as it provides a structured methodology to gather, analyze, and utilize threat intelligence. • This cycle aids in understanding the threat landscape better, which in turn helps in preparing for and reacting to security threats efficiently. • Through this cycle, actionable intelligence is generated which is instrumental in making informed decisions to bolster the organization's security posture against cyber attacks.
What are the main benefits of implementing a threat intelligence program? • Implementing a threat intelligence program empowers organizations with the capability to anticipate, prepare for, and mitigate potential security threats. • This program is an integral part of the threat intelligence process, facilitating a deeper understanding of threat actors and their tactics. • It thereby enables the threat intelligence team to deliver finished threat intelligence crucial for proactive defense measures. • Moreover, a threat intelligence program enriches incident response strategies and fosters a culture of continuous learning and adaptation to the evolving threat landscape.
Which organizations benefit the most from the cyber threat intelligence cycle? • Organizations operating in sectors with high-value data such as finance, healthcare, and government are often prime targets for threat actors, hence they greatly benefit from the cyber threat intelligence cycle. • This cycle, with its defined threat intelligence lifecycle stages, aids in intelligence collection and threat intelligence analysis, crucial for understanding and mitigating potential risks. • Additionally, organizations with a significant online presence, businesses that focus heavily on uptime, or those subject to regulatory compliance also find the cyber threat intelligence cycle indispensable in navigating the complex security landscape.
What are the common challenges faced when implementing the cyber threat intelligence cycle? • The common challenges during implementation include the initial setup of a robust threat intelligence platform, ensuring continuous and relevant intelligence collection, and analyzing data accurately to generate actionable insights. • The effectiveness of threat intelligence reports can be hindered by a lack of skilled personnel or inadequate resources. • Furthermore, integrating the insights obtained from the threat intelligence analysis into the existing incident response procedures and ensuring a seamless flow of information can also pose significant challenges.

Recommended

Ctia course outline
Ctia course outlineCtia course outline
Ctia course outlineShivamSharma909
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 

Recommended

Ctia course outline
Ctia course outlineCtia course outline
Ctia course outlineShivamSharma909
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)PECB
 
Risk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection PowerpointRisk Based Security and Self Protection Powerpoint
Risk Based Security and Self Protection Powerpointrandalje86
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceMarlabs
 
How to build a cyber threat intelligence program
How to build a cyber threat intelligence programHow to build a cyber threat intelligence program
How to build a cyber threat intelligence programMark Arena
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Ernest Staats
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.pptAmitPandey388410
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3 Kabul Education University
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNorth Texas Chapter of the ISSA
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterpriseQuick Heal Technologies Ltd.
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical HackingUK Defence Cyber School
 
production-170629054926 (1) production system
production-170629054926 (1) production systemproduction-170629054926 (1) production system
production-170629054926 (1) production systemJayeshGadhave1
 
C_02_BME_34_41_50_57_60 non contact temprature detection
C_02_BME_34_41_50_57_60 non contact temprature detectionC_02_BME_34_41_50_57_60 non contact temprature detection
C_02_BME_34_41_50_57_60 non contact temprature detectionJayeshGadhave1
 

More Related Content

Similar to Threat intelligence life cycle steps by steps

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security elmuhammadmuhammad
 
Security Architecture
Security ArchitectureSecurity Architecture
Security ArchitecturePriyank Hada
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.pptit160320737038
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityKumawat Dharmpal
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA Information Security
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseGeorge Goodall
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniyaseraljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniYaser Alrefai
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceResilient Systems
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesJohn Rapa
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingKimberly Hood
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 

Similar to Threat intelligence life cycle steps by steps (20)

chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security chapter 1. Introduction to Information Security
chapter 1. Introduction to Information Security
 
Security Architecture
Security ArchitectureSecurity Architecture
Security Architecture
 
13734729.ppt
13734729.ppt13734729.ppt
13734729.ppt
 
Cyber Security # Lec 3
Cyber Security # Lec 3 Cyber Security # Lec 3
Cyber Security # Lec 3
 
01Introduction to Information Security.ppt
01Introduction to Information Security.ppt01Introduction to Information Security.ppt
01Introduction to Information Security.ppt
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
SLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshopSLVA - Security monitoring and reporting itweb workshop
SLVA - Security monitoring and reporting itweb workshop
 
Improve Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small EnterpriseImprove Information Security Practices in the Small Enterprise
Improve Information Security Practices in the Small Enterprise
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
Step by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohaniStep by-step for risk analysis and management-yaser aljohani
Step by-step for risk analysis and management-yaser aljohani
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon MurphyNTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy
 
Security metrics
Security metrics Security metrics
Security metrics
 
Cybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial ServicesCybersecurity Best Practices in Financial Services
Cybersecurity Best Practices in Financial Services
 
Managing security threats in today’s enterprise
Managing security threats in today’s enterpriseManaging security threats in today’s enterprise
Managing security threats in today’s enterprise
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital Presence
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Best Practices for Security Awareness and Training
Best Practices for Security Awareness and TrainingBest Practices for Security Awareness and Training
Best Practices for Security Awareness and Training
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptx
 
Introduction to Ethical Hacking
Introduction to Ethical HackingIntroduction to Ethical Hacking
Introduction to Ethical Hacking
 

More from JayeshGadhave1

production-170629054926 (1) production system
production-170629054926 (1) production systemproduction-170629054926 (1) production system
production-170629054926 (1) production systemJayeshGadhave1
 
C_02_BME_34_41_50_57_60 non contact temprature detection
C_02_BME_34_41_50_57_60 non contact temprature detectionC_02_BME_34_41_50_57_60 non contact temprature detection
C_02_BME_34_41_50_57_60 non contact temprature detectionJayeshGadhave1
 
autocollometer Mechanical engineering project
autocollometer Mechanical engineering projectautocollometer Mechanical engineering project
autocollometer Mechanical engineering projectJayeshGadhave1
 
74351a41-b6ff-4739-99d9-ff5ad260914c.pptx
74351a41-b6ff-4739-99d9-ff5ad260914c.pptx74351a41-b6ff-4739-99d9-ff5ad260914c.pptx
74351a41-b6ff-4739-99d9-ff5ad260914c.pptxJayeshGadhave1
 
Data modelling it's process and examples
Data modelling it's process and examplesData modelling it's process and examples
Data modelling it's process and examplesJayeshGadhave1
 
Templet for digital poster-Sec-D.pptx
Templet for digital poster-Sec-D.pptxTemplet for digital poster-Sec-D.pptx
Templet for digital poster-Sec-D.pptxJayeshGadhave1
 
Process cooperation and synchronisation
Process cooperation and synchronisation Process cooperation and synchronisation
Process cooperation and synchronisation JayeshGadhave1
 
Unit 2_OS process management
Unit 2_OS process management Unit 2_OS process management
Unit 2_OS process management JayeshGadhave1
 
Unit 1_Operating system
Unit 1_Operating system Unit 1_Operating system
Unit 1_Operating system JayeshGadhave1
 
Peizo electric effect
Peizo electric effect Peizo electric effect
Peizo electric effect JayeshGadhave1
 

More from JayeshGadhave1 (16)

production-170629054926 (1) production system
production-170629054926 (1) production systemproduction-170629054926 (1) production system
production-170629054926 (1) production system
 
C_02_BME_34_41_50_57_60 non contact temprature detection
C_02_BME_34_41_50_57_60 non contact temprature detectionC_02_BME_34_41_50_57_60 non contact temprature detection
C_02_BME_34_41_50_57_60 non contact temprature detection
 
autocollometer Mechanical engineering project
autocollometer Mechanical engineering projectautocollometer Mechanical engineering project
autocollometer Mechanical engineering project
 
74351a41-b6ff-4739-99d9-ff5ad260914c.pptx
74351a41-b6ff-4739-99d9-ff5ad260914c.pptx74351a41-b6ff-4739-99d9-ff5ad260914c.pptx
74351a41-b6ff-4739-99d9-ff5ad260914c.pptx
 
Data modelling it's process and examples
Data modelling it's process and examplesData modelling it's process and examples
Data modelling it's process and examples
 
Templet for digital poster-Sec-D.pptx
Templet for digital poster-Sec-D.pptxTemplet for digital poster-Sec-D.pptx
Templet for digital poster-Sec-D.pptx
 
Regression
Regression Regression
Regression
 
productlifecycle
productlifecycleproductlifecycle
productlifecycle
 
Process cooperation and synchronisation
Process cooperation and synchronisation Process cooperation and synchronisation
Process cooperation and synchronisation
 
Lisa_Chang.ppt
Lisa_Chang.pptLisa_Chang.ppt
Lisa_Chang.ppt
 
Unit 2_OS process management
Unit 2_OS process management Unit 2_OS process management
Unit 2_OS process management
 
Unit 1_Operating system
Unit 1_Operating system Unit 1_Operating system
Unit 1_Operating system
 
Peizo electric effect
Peizo electric effect Peizo electric effect
Peizo electric effect
 
pptonboilers.pdf
pptonboilers.pdfpptonboilers.pdf
pptonboilers.pdf
 
Sorting techniques
Sorting techniques Sorting techniques
Sorting techniques
 
cryptography.pdf
cryptography.pdfcryptography.pdf
cryptography.pdf
 

Recently uploaded

complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...asadnawaz62
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024Mark Billinghurst
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...VICTOR MAESTRE RAMIREZ
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionDr.Costas Sachpazis
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...Chandu841456
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)Dr SOUNDIRARAJ N
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxPurva Nikam
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncssuser2ae721
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 

Recently uploaded (20)

complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...complete construction, environmental and economics information of biomass com...
complete construction, environmental and economics information of biomass com...
 
IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024IVE Industry Focused Event - Defence Sector 2024
IVE Industry Focused Event - Defence Sector 2024
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...Software and Systems Engineering Standards: Verification and Validation of Sy...
Software and Systems Engineering Standards: Verification and Validation of Sy...
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Design and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdfDesign and analysis of solar grass cutter.pdf
Design and analysis of solar grass cutter.pdf
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective IntroductionSachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
Sachpazis Costas: Geotechnical Engineering: A student's Perspective Introduction
 
An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...An experimental study in using natural admixture as an alternative for chemic...
An experimental study in using natural admixture as an alternative for chemic...
 
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
UNIT III ANALOG ELECTRONICS (BASIC ELECTRONICS)
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptx
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 

Threat intelligence life cycle steps by steps

  • 1. Threat Intelligence Lifecycle in 6 Steps • Threat intelligence is built on analytic techniques honed over several decades by government and military agencies. • Traditional intelligence focuses on six distinct phases that make up what is called the “intelligence cycle”: direction, collection, processing, analysis, dissemination, and feedback.
  • 3. Threat Intelligence Lifecycle in 6 Steps • 1. Direction • The direction phase of the lifecycle is when you set goals for the threat intelligence program. This involves understanding and articulating: • The information assets and business processes that need to be protected • The potential impacts of losing those assets or interrupting those processes • The types of threat intelligence that the security organization requires to protect assets and respond to emerging threats • Priorities about what to protect • Once high-level intelligence needs are determined, an organization can formulate questions that channel the need for information into discrete requirements. • For example, if a goal is to understand likely adversaries, one logical question would be, “Which threat actors on underground forums are actively soliciting data concerning our organization?”
  • 4. Threat Intelligence Lifecycle in 6 Steps • 2. Collection • Collection is the process of gathering information to address the most important intelligence requirements. Information gathering can occur organically through a variety of means, including: • Pulling metadata and logs from internal networks and security devices • Subscribing to threat data feeds from industry organizations and cybersecurity vendors • Holding conversations and targeted interviews with knowledgeable sources • Scanning open source news and blogs (a common OSINT practice) • Scraping and harvesting websites and forums • Infiltrating closed sources such as dark web forums • The data collected typically will be a combination of finished intelligence information, such as intelligence reports from cybersecurity experts and vendors, and raw data, like malware signatures or leaked credentials on a paste site.
  • 5. Threat Intelligence Lifecycle in 6 Steps • 3. Processing • Processing is the transformation of collected information into a format usable by the organization. Almost all raw data collected needs to be processed in some manner, whether by humans or machines. Different collection methods often require different means of processing. Human reports may need to be correlated and ranked, deconflicted, and checked. • An example might be extracting IP addresses from a security vendor’s report and adding them to a CSV file for importing to a security information and event management (SIEM) product. In a more technical area, processing might involve extracting indicators from an email, enriching them with other information, and then communicating with endpoint protection tools for automated blocking.
  • 6. Threat Intelligence Lifecycle in 6 Steps • 4. Analysis • Analysis is a human process that turns processed information into intelligence that can inform decisions. • Depending on the circumstances, the decisions might involve whether to investigate potential emerging threats, what actions to take immediately to block an attack, how to strengthen security controls, or how much investment in additional security resources is justified. • The form in which the information is presented is especially important. It is useless and wasteful to collect and process information and then deliver it in a form that can’t be understood and used by the decision maker. • For example, if you want to communicate with non-technical leaders, your report must: • Be concise (a one-page memo or a handful of slides) • Avoid confusing and overly technical terms and jargon • Articulate the issues in business terms (such as direct and indirect costs and impact on reputation) • Include a recommended course of action • Some intelligence may need to be delivered in a variety of formats for different audiences, say, by a live video feed or a PowerPoint presentation. • Not all intelligence needs to be digested via a formal report. Successful cyber threat intelligence teams provide continual technical reporting to other security teams with external context around IOCs, malware, threat actors, vulnerabilities, and threat trends.
  • 7. Threat Intelligence Lifecycle in 6 Steps • 5. Dissemination • Dissemination involves getting the finished intelligence output to the places it needs to go. • Most cybersecurity organizations have at least six teams that can benefit from threat intelligence. • For each of these audiences, you need to ask: • What threat intelligence do they need, and how can external information support their activities? • How should the intelligence be presented to make it easily understandable and actionable for that audience? • How often should we provide updates and other information? • Through what media should the intelligence be disseminated? • How should we follow up if they have questions?
  • 8. Threat Intelligence Lifecycle in 6 Steps • 6. Feedback • We believe that it is critically important to understand your overall intelligence priorities and the requirements of the security teams that will be consuming the threat intelligence. • Their needs guide all phases of the threat intelligence lifecycle and tell you: • What types of data to collect? • How to process and enrich the data to turn it into useful information? • How to analyze the information and present it as actionable threat intelligence? • To whom each type of intelligence must be disseminated, how quickly it needs to be disseminated, and how fast to respond to questions? • You need regular feedback to make sure you understand the requirements of each group, and to make adjustments as their requirements and priorities change.
  • 9. Why is the cyber threat intelligence cycle crucial for security teams? • The cyber threat intelligence cycle is pivotal for security teams as it provides a structured methodology to gather, analyze, and utilize threat intelligence. • This cycle aids in understanding the threat landscape better, which in turn helps in preparing for and reacting to security threats efficiently. • Through this cycle, actionable intelligence is generated which is instrumental in making informed decisions to bolster the organization's security posture against cyber attacks.
  • 10. What are the main benefits of implementing a threat intelligence program? • Implementing a threat intelligence program empowers organizations with the capability to anticipate, prepare for, and mitigate potential security threats. • This program is an integral part of the threat intelligence process, facilitating a deeper understanding of threat actors and their tactics. • It thereby enables the threat intelligence team to deliver finished threat intelligence crucial for proactive defense measures. • Moreover, a threat intelligence program enriches incident response strategies and fosters a culture of continuous learning and adaptation to the evolving threat landscape.
  • 11. Which organizations benefit the most from the cyber threat intelligence cycle? • Organizations operating in sectors with high-value data such as finance, healthcare, and government are often prime targets for threat actors, hence they greatly benefit from the cyber threat intelligence cycle. • This cycle, with its defined threat intelligence lifecycle stages, aids in intelligence collection and threat intelligence analysis, crucial for understanding and mitigating potential risks. • Additionally, organizations with a significant online presence, businesses that focus heavily on uptime, or those subject to regulatory compliance also find the cyber threat intelligence cycle indispensable in navigating the complex security landscape.
  • 12. What are the common challenges faced when implementing the cyber threat intelligence cycle? • The common challenges during implementation include the initial setup of a robust threat intelligence platform, ensuring continuous and relevant intelligence collection, and analyzing data accurately to generate actionable insights. • The effectiveness of threat intelligence reports can be hindered by a lack of skilled personnel or inadequate resources. • Furthermore, integrating the insights obtained from the threat intelligence analysis into the existing incident response procedures and ensuring a seamless flow of information can also pose significant challenges.