Threat Intelligence
Facilitate risk management
Sources
Threat Intelligence Sources
Can reduce incident response time
Hardening
Threat Intelligence Sources
- adversary tactics, techniques and procedures (TTPP
- Threat maps
ie: geographical representations of malware outbreaks
Provide cybersecurity insight
Threat Intelligence
Closed/proprietary
OSINT (open-source intelligence)
- gov reports
- media
- academic papers
Threat Intelligence Sources
Threat Intelligence
- closed/proprietary
- file/code repositories
ie: GitHub - Vulnerability databases
Common Vulnerabilities and Exposures (CVEs)
more threat intel sources
Threat Intelligence
Dark Web/dark net
- Tor n/w - Tor web browser
- encrypted anonymous connections
- not indexed by search engines
- Tor encryption and anonymity
- Journalists
- Law enforcement
- Gov informants
sources
Threat Intelligence Sharing
Exchange of cybersecurity intelligence (CI) between entities
Automated Indicator Sharing (AIS)
Threat Intelligence Sharing
- form of AIS
- Data exchange format for cybersecurity intelligence
Structured Threat Information eXpression (STIX)
Threat Intelligence Sharing
- like RSS feeds for threats
- consists of TAXII servers and clients
- real-time cyber intelligence feeds
Trusted Automated eXChange of Intelligence Information (TAXII)
Threat Intelligence
open-source intelligence - refers to public cybersecurity intelligence sources
OSINT
Threat Intelligence
Example of OSINT
Common Vulnerabilities and Exposures (CVE) dbase
Threat Intelligence
Encrypted and anonymized internet access mechanism allowing access to unindexed content
Dark Web
