Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber threat intelligence programs
- Length: 460 pages
- Edition: 1
- Language: English
- Publisher: Packt Publishing
- Publication Date: 2022-06-17
- ISBN-10: 1801814686
- ISBN-13: 9781801814683
- Sales Rank: #81229 (See Top 100 Books)
Learn cyber threat intelligence fundamentals to implement and operationalize an organizational intelligence program
Key Features
- Develop and implement a threat intelligence program from scratch
- Discover techniques to perform cyber threat intelligence, collection, and analysis using open-source tools
- Leverage a combination of theory and practice that will help you prepare a solid foundation for operationalizing threat intelligence programs
Book Description
We’re living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that’s where this book helps.
In Operationalizing Threat Intelligence, you’ll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You’ll start by finding out what threat intelligence is and where it can be applied. Next, you’ll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you’ll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you’ll examine detailed mechanisms for the production of intelligence.
By the end of this book, you’ll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.
What you will learn
- Discover types of threat actors and their common tactics and techniques
- Understand the core tenets of cyber threat intelligence
- Discover cyber threat intelligence policies, procedures, and frameworks
- Explore the fundamentals relating to collecting cyber threat intelligence
- Understand fundamentals about threat intelligence enrichment and analysis
- Understand what threat hunting and pivoting are, along with examples
- Focus on putting threat intelligence into production
- Explore techniques for performing threat analysis, pivoting, and hunting
Who this book is for
This book is for cybersecurity professionals, security analysts, security enthusiasts, and anyone who is just getting started and looking to explore threat intelligence in more detail. Those working in different security roles will also be able to explore threat intelligence with the help of this security book.
Operationalizing Threat Intelligence Contributors About the authors About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the color images Conventions used Get in touch Share Your Thoughts Section 1: What Is Threat Intelligence? Chapter 1: Why You Need a Threat Intelligence Program What is CTI, and why is it important? Data, information, and intelligence Tactical, strategic, operational, and technical threat intelligence Tactical CTI Strategic CTI Operational CTI Technical CTI Subject matter expertise The uses and benefits of CTI How to get CTI What is good CTI? The five traits of good CTI Admiralty ratings Source ratings Data credibility ratings Putting it together Intelligence cycles The threat intelligence life cycle F3EAD life cycle Threat intelligence maturity, detection, and hunting models TIMM The threat HMM The detection maturity model What to do with threat intelligence Summary Chapter 2: Threat Actors, Campaigns, and Tooling Actor motivations Bragging rights or for fun Financial or for profit Revenge Ideological beliefs Intelligence gathering and intellectual property theft Terrorism Warfare Threat actors Nation state attackers Cybercriminals Hacktivists Terrorist groups Thrill seekers Insider threats Threat campaigns Vulnerabilities and malware Vulnerabilities and exploits Malware Malware, campaigns, and actor naming The act of naming Actor, activity, and group naming Malware naming Campaign naming Aliases Tooling System administrator tools Open source tools Hacking tools Threat actor attribution Summary Chapter 3: Guidelines and Policies The needs and benefits of guidelines, procedures, standards, and policies Guidelines Procedures Standards Policies SIRs PIRs GIRs Defining intelligence requirements Evaluating the intelligence requirement The prioritization of intelligence requirements FCRs Reevaluation IERs DIRs Developing intelligence requirements Attack surface versus threat actor focused A GIR example Summary Chapter 4: Threat Intelligence Frameworks, Standards, Models, and Platforms The importance of adopting frameworks and standards Threat modeling methods and frameworks Threat intelligence pyramid of pain Cyber Kill Chain Diamond model MITRE ATT&CK Threat intelligence and data sharing frameworks Traffic light protocol Structured Threat Information eXpression Trusted Automated eXchange of Indicator Information (TAXII) Storage platforms OpenCTI Malware Information Sharing Platform (MISP) Summary Section 2: How to Collect Threat Intelligence Chapter 5: Operational Security (OPSEC) What is OPSEC? The OPSEC process Types of OPSEC Identity OPSEC Personal protection Online persona creation Technical OPSEC types and concepts Infrastructure and network Hardware Software and operating system Actor engagement Source protection OPSEC monitoring Personnel training and metrics Summary Chapter 6: Technical Threat Intelligence – Collection The collection management process The role of the collection manager Prioritized collection requirements The collection operations life cycle Surveying your collection needs Intelligence collection metrics Prioritized intelligence requirements Requests for information Planning and administration People Process Tools and technology The collection operation Collection types Data types Raw data Analyzed data Production data The artifact and observable repositories Intelligence collection metrics Quantitative metrics Qualitative metrics Summary Chapter 7: Technical Threat Analysis – Enrichment The need and motivation for enrichment and analysis Infrastructure-based IOCs Domain Name System (DNS) WHOIS Passive DNS File-based IOCs File artifacts Static tool analysis Dynamic malware analysis Setting up the environment Dynamic malware analysis tools Defeating system monitoring Cuckoo sandbox Online sandbox solutions Reverse engineering Summary Chapter 8: Technical Threat Analysis – Threat Hunting and Pivoting The motivation for hunting and pivoting Hunting methods Verdict determination Threat expression Translating IOCs to TTPs Hunting and identification signatures Pivot methods Malicious infrastructure pivots Malicious file pivots Pivot and hunting tools and services Maltego AlienVault OTX urlscan.io Hybrid Analysis VirusTotal graphing/hunting RiskIQ PassiveTotal Summary Chapter 9: Technical Threat Analysis – Similarity Analysis The motivations behind similarity analysis What is similarity grouping? Graph theory with similarity groups Direction Graphical structures Similarity analysis tools YARA Graphing with STIX Hashing and fingerprinting tools Import hashing Fuzzy and other hashing methods to enable similarity analysis Useful fingerprinting tools Summary Section 3: What to Do with Threat Intelligence Chapter 10: Preparation and Dissemination Data interpretation and alignment Data versus information versus intelligence Critical thinking and reasoning in cyber threat intelligence Cognitive biases Foundations of analytic judgments Motives and intentions Analytic confidence Metadata tagging in threat intelligence Thoughts before dissemination Summary Chapter 11: Fusion into Other Enterprise Operations SOC IR The IR life cycle F3EAD Red and blue teams The red team The blue team Threat intelligence Information security Other departments to consider Products and services Marketing and public relations Sales Legal and organizational risks Executive leadership Summary Chapter 12: Overview of Datasets and Their Practical Application Planning and direction Collection Analysis Infrastructure discovery Production Cyber Threat Intelligence Report – Ozark International Bank Dissemination and feedback Summary Chapter 13: Conclusion What Is Cyber Threat Intelligence? How to Collect Cyber Threat Intelligence What to Do with Cyber Threat Intelligence Summary Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts
Donate to keep this site alive
How to download source code?
1. Go to: https://github.com/PacktPublishing
2. In the Find a repository… box, search the book title: Operationalizing Threat Intelligence: A guide to developing and operationalizing cyber threat intelligence programs
, sometime you may not get the results, please search the main title.
3. Click the book title in the search results.
3. Click Code to download.
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.