Threat Intelligence Flashcards
(35 cards)
What is a Security Intelligence ?
The process where data is generated and is then collected, processed, analyzed, and disseminated to provide insights into the security status of
information systems
What is Cyber Threat Intelligence ?
Investigation, collection, analysis, and dissemination of information about emerging threats and threat sources to provide data about the external threat landscape.
2 forms of cyber threat intelligence:
● Narrative Reports
● Data Feeds
In cyber security u use both!
What are Narrative Reports ?
Are detailed and analytical documents that describe cybersecurity incidents, findings, or investigations in a structured and comprehensible manner.
Used in Cyber Threat Intelligence
What is Data Feeds?
continuous, structured data that provide real-time or periodically updated information.
Used in Cyber Threat Intelligence
Tell me about Intelligence Cycle
5 steps, like a wheel:
1. Requirements (Planning & Direction)
2. Collection (& Processing)
3. Analysis
4. Dissemination
5. Feedback
Tell me about stage 1 of Intelligence Cycle
- Requirements (Planning & Direction)
* Sets out the goals for the intelligence gathering effort
*What do we want to measure and collect?
Tell me about stage 2 of Intelligence Cycle
- Collection (& Processing)
- Implemented by software tools to gather data which is
then processed for later analysis - The processing part is where we will convert all the
data into a standard format - Factors Used to Evaluate Sources: Timeliness,
Relevancy, Accuracy and Confidence Level.
- Implemented by software tools to gather data which is
Tell me about stage 3 of Intelligence Cycle
- Analysis
- Performed against the given use cases from the
planning phase and may utilize automated analysis,
AI, and machine learning - Sort into three categories: Known good, known bad
and not sure- it is the not sure we should investigate
further
- Performed against the given use cases from the
Tell me about stage 4 of Intelligence Cycle
- Dissemination
- Publishes information produced by analysts to
consumers who need to act on the insights developed
Strategic, Operational and Tactical
- Publishes information produced by analysts to
Tell me about stage 5 of Intelligence Cycle
- Feedback
- Aims to clarify requirements and improve the
collection, analysis, and dissemination of information
by reviewing current inputs and outputs: Lessons
learned, Measurable success and Evolving threat
issues
- Aims to clarify requirements and improve the
To what part of the Intelligence cycle dose Timeliness,
Relevancy, Accuracy and Confidence Level belongs?
- Collection (& Processing)
What dose Timeliness means and where dose it belong?
Ensures an intelligence source is up-to-date
Belongs to the Intelligence cycle - step 2, Collection (& Processing)
What dose Relevancy means and where dose it belong?
Ensures an intelligence source matches its intended use case.
Belongs to the Intelligence cycle - step 2, Collection (& Processing)
What dose Accuracy means and where dose it belong?
Ensures an intelligence source produces effective results.
Belongs to the Intelligence cycle - step 2, Collection (& Processing)
What dose Confidence Level means and where dose it belong?
Ensures an intelligence source produces qualified statements about reliability.
Belongs to the Intelligence cycle - step 2, Collection (& Processing)
Tell me about Evaluation of Source Reliability
A table to evaluate the Reliability of the source.
A - F
(A - the source is reliable, F - the source is not confirmed and is NOT reliable)
Tell me about Evaluation of Information Content
A table to evaluate the Information Content
1 - 6
(1- The most reliable information , 6 - is not reliable at all )
What are the general sources of information?
- Proprietary
- Closed-Source
- Open-Source
Tell me about Proprietary information
Threat intelligence is very widely provided as a commercial service offering, where access to updates and research is subject to a subscription fee
Tell me about Closed-Source information
Data derived from the provider’s own research and analysis efforts, such as data from honeynets that they operate, plus information mined from its customers’ systems, suitably anonymized.
Tell me about Open-Source information
Data that’s available without subscription, which may include threat feeds, reputation lists, and malware signature databases.
Different sources of open-source intelligence:
US-CERT, UK’s NCSC, AT&T Security (OTX), MISP, VirusTotal, Spamhaus and SANS ISC Suspicious Domains.
Open-Source Intelligence (OSINT)- A method of obtaining information about a person or organization through public records, websites, and social media
What kind of information is OSINT ?
Open-Source Intelligence
What is the Information Sharing and Analysis Center (ISAC)?
A not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members. like Cyber Security Information Sharing Partnership (CISP) in the UK.
exist in many areas including: Critical Infrastructure, Government, Healthcare , Financial and Aviation (like terror events ).
What is a Critical Infrastructure?
Any physical or virtual infrastructure that is considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination of these.
there are 16 of those.