Cyber Threat Intelligence Q&A - Getting started, best practices, mitigating risk, and more!
What Happened This Stream? 🚨
What started as a demo turned into a getting started conversation on Cyber Threat Intelligence Q&A type of podcast. The screen sharing messed up when the time came so it just turned into full on discussion! The questions and answers turned out to be very insightful. Hope you enjoy!
What are FAQing Fridays? 🗓️
Want to learn a little Cyber Defense tradecraft or brush up on some areas? Welcome to FAQing Fridays in the Level Effect Discord! FAQing Friday is live every Friday at 12PM EST typically 30m to 1hr. All are welcome to join in and ask questions as we go. Beginner to advanced friendly!
Website: https://leveleffect.com
Discord: / discord
Twitch: / leveleffect
Newsletter & Blog: https://news.leveleffect.com/
Leave your questions and comments below or in our Discord and we'll be happy to answer or help!
Recorded:
July 26 2024
Timestamps ⏳
00:30 - What is the purpose of CTI?
01:50 - It’s not just for malicious cyber threats
02:40 - Breaking down CTI
03:30 - The limitations of being “secure” in adversarial vs non-adversarial fields
04:15 - Attackers and Defenders meet at the same level of usability
05:10 - The road to hell is paved with good intentions
06:00 - Comparing your home to acceptable risk
07:00 - Natural threats can become cyber threats
07:30 - Threat Hunter positions and security maturity
08:30 - Getting started in CTI means look at finished production Intelligence first
09:10 - Screen share breaks in Discord and we go into Q&A mode entirely
09:30 - Looking at the Verizon DBIR (Data Breach Investigations Report)
10:10 - Tactical and Technical Intelligence
10:38 - Strategic and Operational Intelligence
11:30 - DBIR is accessible CTI - trends, industries, targets, motives, attack vectors, etc.
12:20 - 4% of Social Engineering attacks successful
13:10 - Security controls bypassed by Social Engineering by 4% of your team
14:23 - If you’re a manager or responsible to spend on security - read this report!
16:12 - Turning data into intelligence which becomes the DBIR
17:28 - SOC Triage skillset is a part of the puzzle, reducing risk profile is the other part
18:10 - Where to spend money, how much staff, what types of attacks you’ll receive, how to respond, etc. is CTI
18:30 - Dedicated CTI staff but also part of SOC Analysts and Engineer roles, and more
19:30 - What NOW do you think about CTI?
21:20 - Bias! such as sunk cost and confirmation
21:45 - The difference between CTI and Compliance
22:15 - CTI is specific and relative
22:57 - Could even be a spreadsheet!
23:20 - Three stages to SOC CTI, first one is baselining threats
24:10 - Second stage - industry trends on your attack landscape
25:10 - Third stage - adversary emulation and preventative measures
25:50 - Terrain response analysis
27:00 - Why is CTI training so high-level and vague then?
28:00 - CTI training needs to train you on providing relative intel
28:27 - Teaching CTI too technically at first doesn’t work, focus on principles instead
29:00 - Students would focus on formatting and presentation and forget CTI
30:10 - Students produced CTI reports completely missing intelligence requirements
31:00 - We teach the principles and methodology of intelligence gathering first now
32:00 - We teach the “grammar” of CTI after and it’s worked quite well
33:00 - Teach CTI last even after technical competencies!
34:40 - When in doubt - where is the target or victim likely to be compromised in attack lifecycle?
35:40 - Where you are in the attack lifecycle determines where you to focus first
36:15 - Use the kill chain or flow of attack models left to right like ATT&CK
36:50 - New to CTI reports? look at high level trends, exec summary, and social engineering and you already have things to work with
38:00 - Don’t forget about report style - BLUF, Bishop Fox, etc. but produce Intel first, refine it later
38:48 - Working on a new format for these live streams!
Смотрите видео Cyber Threat Intelligence Q&A - Getting started, best practices, mitigating risk, and more! онлайн, длительностью часов минут секунд в хорошем качестве, которое загружено на канал Level Effect 30 Июль 2024. Делитесь ссылкой на видео в социальных сетях, чтобы ваши подписчики и друзья так же посмотрели это видео. Данный видеоклип посмотрели 820 раз и оно понравилось 36 посетителям.
