Opis
Were living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and thats where this book helps.In Operationalizing Threat Intelligence, youll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. Youll start by finding out what threat intelligence is and where it can be applied. Next, youll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, youll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, youll examine detailed mechanisms for the production of intelligence.By the end of this book, youll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production. Spis treści:Operationalizing Threat IntelligenceContributorsAbout the authorsAbout the reviewersPrefaceWho this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchShare Your ThoughtsSection 1: What Is Threat Intelligence?Chapter 1: Why You Need a Threat Intelligence ProgramWhat is CTI, and why is it important?Data, information, and intelligenceTactical, strategic, operational, and technical threat intelligenceTactical CTIStrategic CTIOperational CTITechnical CTISubject matter expertiseThe uses and benefits of CTIHow to get CTIWhat is good CTI?The five traits of good CTIAdmiralty ratingsSource ratingsData credibility ratingsPutting it togetherIntelligence cyclesThe threat intelligence life cycleF3EAD life cycleThreat intelligence maturity, detection, and hunting modelsTIMMThe threat HMMThe detection maturity modelWhat to do with threat intelligenceSummaryChapter 2: Threat Actors, Campaigns, and ToolingActor motivationsBragging rights or for funFinancial or for profitRevengeIdeological beliefsIntelligence gathering and intellectual property theftTerrorismWarfareThreat actorsNation state attackersCybercriminalsHacktivistsTerrorist groupsThrill seekersInsider threatsThreat campaignsVulnerabilities and malwareVulnerabilities and exploitsMalwareMalware, campaigns, and actor namingThe act of namingActor, activity, and group namingMalware namingCampaign namingAliasesToolingSystem administrator toolsOpen source toolsHacking toolsThreat actor attributionSummaryChapter 3: Guidelines and PoliciesThe needs and benefits of guidelines, procedures, standards, and policiesGuidelinesProceduresStandardsPoliciesSIRsPIRsGIRsDefining intelligence requirementsEvaluating the intelligence requirementThe prioritization of intelligence requirementsFCRsReevaluationIERsDIRsDeveloping intelligence requirementsAttack surface versus threat actor focusedA GIR exampleSummaryChapter 4: Threat Intelligence Frameworks, Standards, Models, and PlatformsThe importance of adopting frameworks and standardsThreat modeling methods and frameworksThreat intelligence pyramid of painCyber Kill ChainDiamond modelMITRE ATT&CKThreat intelligence and data sharing frameworksTraffic light protocolStructured Threat Information eXpressionTrusted Automated eXchange of Indicator Information (TAXII)Storage platformsOpenCTIMalware Information Sharing Platform (MISP)SummarySection 2: How to Collect Threat IntelligenceChapter 5: Operational Security (OPSEC)What is OPSEC?The OPSEC processTypes of OPSECIdentity OPSECPersonal protectionOnline persona creationTechnical OPSEC types and conceptsInfrastructure and networkHardwareSoftware and operating systemActor engagementSource protectionOPSEC monitoringPersonnel training and metricsSummaryChapter 6: Technical Threat Intelligence CollectionThe collection management processThe role of the collection managerPrioritized collection requirementsThe collection operations life cycleSurveying your collection needsIntelligence collection metricsPrioritized intelligence requirementsRequests for informationPlanning and administrationPeopleProcessTools and technologyThe collection operationCollection typesData typesRaw dataAnalyzed dataProduction dataThe artifact and observable repositoriesIntelligence collection metricsQuantitative metricsQualitative metricsSummaryChapter 7: Technical Threat Analysis EnrichmentThe need and motivation for enrichment and analysisInfrastructure-based IOCsDomain Name System (DNS)WHOISPassive DNSFile-based IOCsFile artifactsStatic tool analysisDynamic malware analysisSetting up the environmentDynamic malware analysis toolsDefeating system monitoringCuckoo sandboxOnline sandbox solutionsReverse engineeringSummaryChapter 8: Technical Threat Analysis Threat Hunting and PivotingThe motivation for hunting and pivotingHunting methodsVerdict determinationThreat expressionTranslating IOCs to TTPsHunting and identification signaturesPivot methodsMalicious infrastructure pivotsMalicious file pivotsPivot and hunting tools and servicesMaltegoAlienVault OTXurlscan.ioHybrid AnalysisVirusTotal graphing/huntingRiskIQ PassiveTotalSummaryChapter 9: Technical Threat Analysis Similarity AnalysisThe motivations behind similarity analysisWhat is similarity grouping?Graph theory with similarity groupsDirectionGraphical structuresSimilarity analysis toolsYARAGraphing with STIXHashing and fingerprinting toolsImport hashingFuzzy and other hashing methods to enable similarity analysisUseful fingerprinting toolsSummarySection 3: What to Do with Threat IntelligenceChapter 10: Preparation and DisseminationData interpretation and alignmentData versus information versus intelligenceCritical thinking and reasoning in cyber threat intelligenceCognitive biasesFoundations of analytic judgmentsMotives and intentionsAnalytic confidenceMetadata tagging in threat intelligenceThoughts before disseminationSummaryChapter 11: Fusion into Other Enterprise OperationsSOCIRThe IR life cycleF3EADRed and blue teamsThe red teamThe blue teamThreat intelligenceInformation securityOther departments to considerProducts and servicesMarketing and public relationsSalesLegal and organizational risksExecutive leadershipSummaryChapter 12: Overview of Datasets and Their Practical ApplicationPlanning and directionCollectionAnalysisInfrastructure discoveryProductionCyber Threat Intelligence Report Ozark International BankDissemination and feedbackSummaryChapter 13: ConclusionWhat Is Cyber Threat Intelligence?How to Collect Cyber Threat IntelligenceWhat to Do with Cyber Threat IntelligenceSummaryWhy subscribe?Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts
Pozostałe E-booki
korepetycje z polskiego
, fotograf nowe skalmierzyce
, rozprawka rozszerzony angielski
, miły po niemiecku
, jarosław po angielsku
, co słychać po hiszpańsku
, fortepian a pianino
, matematyka 2 zakres podstawowy i rozszerzony po gimnazjum
, słownictwo na mature z angielskiego
, słowotwórstwo angielski lista
, clickmeeting nagrywanie
, kursy dla księgowych
, bolesław leśmian z lat dziecięcych interpretacja
, język polski ćwiczenia
yyyyy
