Mastering cyber intelligence : gain comprehensive knowledge and skills to conduct threat intelligence for effective system defense / Jean Nestor M. Dahj.

Format:

Book

Author/Creator:

Dahj, Jean Nestor M., author.

Language:

English

Subjects (All):

Business enterprises--Security measures.

Business enterprises.

Data protection.

Cyber intelligence (Computer security).

Risk management.

Physical Description:

1 online resource (528 pages)

Place of Publication:

Birmingham : Packt Publishing, [2022]

Biography/History:

Dahj Jean Nestor M. : Jean Nestor Dahj M. is a data scientist, cybersecurity researcher & analyst, and telecom professional with wide technical and scientific abilities. His skills have led him to data science, network probing, penetration testing & hacking, threat intelligence, and network analytics. He has built a wide range of skillsets through training and consultancy, including skills in cryptography, computer forensics, malware coding, and data products. Jean Nestor holds a master's degree (M-Tech) in Electrical Engineering from the University of South Africa. He is currently pursuing a PhD in the same field at the University of Johannesburg. His work history includes the likes of Huawei, Commprove technologies, Siftcon Forensic Services, Metro Teleworks, and Nanofritech Consulting. He is currently a full-stack data scientist at Rain Networks, part of a dynamic team developing data solutions. He currently lives in Pretoria and is originally from Kikwit, a small city in DR Congo

Summary:

Develop the analytical skills to effectively safeguard your organization by enhancing defense mechanisms, and become a proficient threat intelligence analyst to help strategic teams in making informed decisions Key Features Build the analytics skills and practices you need for analyzing, detecting, and preventing cyber threats Learn how to perform intrusion analysis using the cyber threat intelligence (CTI) process Integrate threat intelligence into your current security infrastructure for enhanced protection Book Description The sophistication of cyber threats, such as ransomware, advanced phishing campaigns, zero-day vulnerability attacks, and advanced persistent threats (APTs), is pushing organizations and individuals to change strategies for reliable system protection. Cyber Threat Intelligence converts threat information into evidence-based intelligence that uncovers adversaries' intents, motives, and capabilities for effective defense against all kinds of threats. This book thoroughly covers the concepts and practices required to develop and drive threat intelligence programs, detailing the tasks involved in each step of the CTI lifecycle. You'll be able to plan a threat intelligence program by understanding and collecting the requirements, setting up the team, and exploring the intelligence frameworks. You'll also learn how and from where to collect intelligence data for your program, considering your organization level. With the help of practical examples, this book will help you get to grips with threat data processing and analysis. And finally, you'll be well-versed with writing tactical, technical, and strategic intelligence reports and sharing them with the community. By the end of this book, you'll have acquired the knowledge and skills required to drive threat intelligence operations from planning to dissemination phases, protect your organization, and help in critical defense decisions. What you will learn Understand the CTI lifecycle which makes the foundation of the study Form a CTI team and position it in the security stack Explore CTI frameworks, platforms, and their use in the program Integrate CTI in small, medium, and large enterprises Discover intelligence data sources and feeds Perform threat modelling and adversary and threat analysis Find out what Indicators of Compromise (IoCs) are and apply the pyramid of pain in threat detection Get to grips with writing intelligence reports and sharing intelligence Who this book is for This book is for security professionals, researchers, and individuals who want to gain profound knowledge of cyber threat intelligence and discover techniques to prevent varying types of cyber threats. Basic knowledge of cybersecurity and network fundamentals is required to get the most out of this book.

Contents:

Cover

Title Page

Copyright

Dedication

Contributors

Table of Contents

Preface

Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft

Chapter 1: Cyber Threat Intelligence Life Cycle

Technical requirements

Cyber threat intelligence - a global overview

Characteristics of a threat

Threat intelligence and data security challenges

Importance and benefits of threat intelligence

Planning, objectives, and direction

Intelligence data collection

Intelligence data processing

Analysis and production

Threat intelligence dissemination

Threat intelligence feedback

Summary

Chapter 2: Requirements and Intelligence Team Implementation

Threat intelligence requirements and prioritization

Prioritizing intelligence requirements

Requirements development

Operational environment definition

Network defense impact description

Current cyber threats - evaluation

Developing a course of action

Intelligence preparation for intelligence requirements

Intelligence team layout and prerequisites

Intelligence team implementation

Intelligence team structuring

Intelligence team application areas

Chapter 3: Cyber Threat Intelligence Frameworks

Intelligence frameworks - overview

Why cyber threat frameworks?

Cyber threat framework architecture and operating model

Lockheed Martin's Cyber Kill Chain framework

Use case - Lockheed Martin's Cyber Kill Chain model mapping

Integrating the Cyber Kill Chain model into an intelligence project

Benefits of the Cyber Kill Chain framework

MITRE's ATT&amp

CK knowledge-based framework

How it works

Use case - ATT&amp

CK model mapping

Integrating the MITRE ATT&amp

CK framework

Benefits of the ATT&amp

CK framework.

Diamond model of intrusion analysis framework

Use case - Diamond model of intrusion analysis

Integrating the Diamond model into intelligence projects

Benefits of the Diamond model

Chapter 4: Cyber Threat Intelligence Tradecraft and Standards

The baseline of intelligence analytic tradecraft

Note 1 - Addressing CTI consumers' interests

Note 2 - Access and credibility

Note 3 - Articulation of assumptions

Note 4 - Outlook

Note 5 - Facts and sourcing

Note 6 - Analytic expertise

Note 7 - Effective summary

Note 8 - Implementation analysis

Note 9 - Conclusions

Note 10 - Tradecraft and counterintelligence

Understanding and adapting ICD 203 to CTI

Understanding the STIX standard

Using STIX for cyber threat analysis

Specifying threat indicator patterns using STIX

Using the STIX standard for threat response management

Threat intelligence information sharing

Understanding the STIX v2 standard

Understanding the TAXII standard

How TAXII standard works

AFI14-133 tradecraft standard for CTI

Analytic skills and tradecraft

Additional topics covered in AFI14-133

Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases

The threat intelligence strategy map and goal setting

Objective 1 - Facilitate and support real-time security operations

Objective 2 - Facilitate an effective response to cyber threats

Objective 3 - Facilitate and support the proactive tracking of cyber threats

Objective 4 - Facilitate and support the updating and implementation of security governance

TIPs - an overview

Commercial TIPs

Open-source TIPs

Case study 1 - CTI for Level 1 organizations

Objective

Strategy

Example

Case study 2 - CTI for Level 2 organizations.

Objective

Case study 3 - CTI for Level 3 organizations

Installing the MISP platform (optional)

Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms

Chapter 6: Cyber Threat Modeling and Adversary Analysis

The strategic threat modeling process

Identifying and decomposing assets

Adversaries and threat analysis

Attack surfaces and threat vectors

Adversary analysis use case - Twisted Spider

Identifying countermeasures

System re-evaluation

Threat modeling methodologies

Threat modeling with STRIDE

Threat modeling with NIST

Threat modeling use case

Equifax data breach summary

Threat modeling for ABCompany

Advanced threat modeling with SIEM

User behavior logic

Benefits of UBA

UBA selection guide - how it works

Adversary analysis techniques

Adversary attack preparation

Attack preparation countermeasures

Adversary attack execution

Attack execution mitigation procedures

Chapter 7: Threat Intelligence Data Sources

Defining the right sources for threat intelligence

Internal threat intelligence sources

External threat intelligence sources

Organization intelligence profile

Threat feed evaluation

Threat data quality assessment

Open Source Intelligence Feeds (OSINT)

Benefits of open source intelligence

Open source intelligence portals

OSINT platform data insights (OSINT framework)

OSINT limitations and drawbacks

Malware data for threat intelligence

Benefits of malware data collection

Malware components

Malware data core parameters

Other non-open source intelligence sources

Benefits of paid intelligence

Paid threat intelligence challenges

Some paid intelligence portals.

Intelligence data structuring and storing

CTI data structuring

CTI data storing requirements

Intelligence data storing strategies

Chapter 8: Effective Defense Tactics and Data Protection

Enforcing the CIA triad - overview

Enforcing and maintaining confidentiality

Enforcing and maintaining integrity

Enforcing and maintaining availability

Challenges and pitfalls of threat defense mechanisms

Data security top challenges

Threat defense mechanisms' pitfalls

Data monitoring and active analytics

Benefits of system monitoring

High-level architecture

Characteristics of a reliable monitoring system

Vulnerability assessment and data risk analysis

Vulnerability assessment methodology

Vulnerability assessment process

Vulnerability assessment tools

Vulnerability and data risk assessment

Encryption, tokenization, masking and quarantining

Encryption as a defense mechanism

Tokenization as a defense mechanism

Masking and quarantining

Endpoint management

Reliable endpoint management requirements

Mobile endpoint management

Endpoint data breach use case - point of sale

Chapter 9: AI Applications in Cyber Threat Analytics

AI and CTI

Cyber threat hunting

How adversaries can leverage AI

AI's position in the CTI program and security stack

AI integration - the IBM QRadar Advisor approach

QRadar simplified architecture

Deploying QRadar

What's in it for you or your organization?

Chapter 10: Threat Modeling and Analysis - Practical Use Cases

Understanding the analysis process

Intrusion analysis case - how to proceed

Indicator gathering and contextualization

Pivoting through available sources.

Classifying the intelligence according to CTI frameworks

Memory and disk analysis

Malware data gathering

Malware analysis and reverse engineering

Analyzing the exfiltrated data and building adversary persona

Analyzing the malicious files

Gathering early indicators - Reconnaissance

The Cyber Kill Chain and Diamond model

MISP for automated threat analysis and storing

MISP feed management

MISP event analysis

Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes

Chapter 11: Usable Security: Threat Intelligence as Part of the Process

Threat modeling guidelines for secured operations

Usable security guidelines

Software application security guidelines

Data privacy in modern business

Importance of usable privacy in modern society

Threat intelligence and data privacy

Social engineering and mental models

Social engineering and threat intelligence

Mental models for usability

Intelligence-based DevSecOps high-level architecture

Chapter 12: SIEM Solutions and Intelligence-Driven SOCs

Integrating threat intelligence into SIEM tools - Reactive and proactive defense through SIEM tools

System architecture and components of a SIEM tool

SIEM for security - OTX and OSSIM use case

Making SOCs intelligent - Intelligence-driven SOCs

Security operations key challenges

Intelligence into security operations

Threat intelligence and IR

IR key challenges

Integrating intelligence in IR

Integrating threat intelligence into SIEM systems

Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain

Understanding threat intelligence metrics

Threat intelligence metrics requirements.

Threat intelligence metrics baseline.

Notes:

Includes index.

Description based on print version record.

ISBN:

9781800208285

1800208286

OCLC:

1312159495