cyber threat intelligence - heanet · cyber threat intelligence (cti) is the analysis of an...
TRANSCRIPT
![Page 1: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/1.jpg)
C Y B E R T H R E AT I N T E L L I G E N C EJ U L I E M U R P H Y
![Page 2: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/2.jpg)
W H AT I S C Y B E R T H R E AT I N T E L L I G E N C E ?
![Page 3: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/3.jpg)
Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently,
“intelligence is not a data feed or something that comes from a tool” but actionable information that answers a knowledge gap
SANS, 2018
![Page 4: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/4.jpg)
I N F O R M AT I O N V I N T E L L I G E N C E
Raw Processed
Unevaluated Evaluated And Interpreted
All Sources Reliable Sources
Unknown Data IntegrityComplete, Accurate, Relevant,
Timely
Not Actionable Actionable
Enisa, 2016
![Page 5: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/5.jpg)
C AT E G O R I S I N G C Y B E R T H R E AT I N T E L L I G E N C E
• IP’s, signatures, logs, URL’s
• Tactics, techniques and procedures
• Financial implications / Business impact
![Page 6: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/6.jpg)
T H R E AT S
![Page 7: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/7.jpg)
What We Know
What We Know We Don’t Know
What We Don’t Know We Don’t Know
Bromiley, 2016
K N O W L E D G E
![Page 8: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/8.jpg)
![Page 9: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/9.jpg)
‘Intelligence’ is described as information and knowledge acquired about an adversary through means of observation, followed by investigation, analysis and understanding.
Waltz, 1998
![Page 10: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/10.jpg)
E M E R G I N G T H R E AT S
![Page 11: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/11.jpg)
: https://www.accessnow.org/doubleswitch-attack/
![Page 12: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/12.jpg)
B R E X I T
https://www.independent.co.uk/news/uk/home-news/brexit-nhs-350m-a-week-eu-change-britain-gisela-stuart-referendum-bus-a7236706.html
https://news.sky.com/story/ministers-forced-to-publish-leaked-brexit-impact-study-11230715
https://www.independent.co.uk/news/uk/politics/brexit-latest-live-updates-finances-money-worse-off-
article-50-a7468411.html
![Page 13: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/13.jpg)
T R U M P
http://uk.businessinsider.com/donald-trump-trademarked-make-america-great-again-2015-5?r=US&IR=T
![Page 14: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/14.jpg)
![Page 15: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/15.jpg)
Y O U C A N ’ T ‘ U N S E E ’ S O M E T H I N G
![Page 16: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/16.jpg)
• Hashtag poisoning
• Positive, negative and neutral posts
• Targeting individuals
• Trolling and harassment
• Multiple channels
• False reports of malicious accounts
S A M P L E TA C T I C S
![Page 17: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/17.jpg)
I T TA K E S A V I L L A G E T O R A I S E A C H I L D
![Page 18: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/18.jpg)
![Page 19: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/19.jpg)
Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence is not a data feed or something that comes from a tool” but actionable information that answers a knowledge gap
‘Intelligence’ is described as information and knowledge acquired about an adversary through means of observation, followed by investigation, analysis and understanding.
![Page 20: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/20.jpg)
Communication Multi-disciplinary
From the top Intelligence led
Security Maturity = Key Selling Point
![Page 21: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/21.jpg)
Intelligence requires context and anticipation of future situations to inform decisions by identifying an available course of action
http://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp2_0.pdf
![Page 22: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/22.jpg)
T H E R E S P O N S E D E T E R M I N E S T H E I M PA C T
![Page 23: CYBER THREAT INTELLIGENCE - HEAnet · Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence](https://reader034.vdocuments.mx/reader034/viewer/2022042802/5f3f562286f41c4e97119095/html5/thumbnails/23.jpg)
?