book

Operationalizing Threat Intelligence

Name: Operationalizing Threat Intelligence
ISBN: 9781801814683

by Kyle Wilhoit, Joseph Opacki

June 2022

Beginner

460 pages

11h 5m

English

Packt Publishing

Read now

Unlock full access

Operationalizing Threat Intelligence
ContributorsAbout the authorsAbout the reviewers
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the color imagesConventions usedGet in touchShare Your Thoughts
Section 1: What Is Threat Intelligence?
Chapter 1: Why You Need a Threat Intelligence Program
What is CTI, and why is it important?Data, information, and intelligenceTactical, strategic, operational, and technical threat intelligenceTactical CTIStrategic CTIOperational CTITechnical CTISubject matter expertiseThe uses and benefits of CTIHow to get CTIWhat is good CTI?The five traits of good CTIAdmiralty ratingsSource ratingsData credibility ratingsPutting it togetherIntelligence cyclesThe threat intelligence life cycle F3EAD life cycleThreat intelligence maturity, detection, and hunting modelsTIMMThe threat HMMThe detection maturity modelWhat to do with threat intelligenceSummary
Chapter 2: Threat Actors, Campaigns, and Tooling
Actor motivationsBragging rights or for funFinancial or for profitRevengeIdeological beliefsIntelligence gathering and intellectual property theftTerrorismWarfareThreat actorsNation state attackersCybercriminalsHacktivistsTerrorist groupsThrill seekersInsider threatsThreat campaignsVulnerabilities and malwareVulnerabilities and exploitsMalwareMalware, campaigns, and actor namingThe act of namingActor, activity, and group namingMalware namingCampaign namingAliasesToolingSystem administrator toolsOpen source toolsHacking toolsThreat actor attributionSummary
Chapter 3: Guidelines and Policies
The needs and benefits of guidelines, procedures, standards, and policiesGuidelinesProceduresStandardsPoliciesSIRsPIRs GIRsDefining intelligence requirementsEvaluating the intelligence requirementThe prioritization of intelligence requirementsFCRsReevaluation IERsDIRsDeveloping intelligence requirementsAttack surface versus threat actor focusedA GIR exampleSummary
Chapter 4: Threat Intelligence Frameworks, Standards, Models, and Platforms
The importance of adopting frameworks and standardsThreat modeling methods and frameworksThreat intelligence pyramid of painCyber Kill ChainDiamond modelMITRE ATT&CKThreat intelligence and data sharing frameworksTraffic light protocolStructured Threat Information eXpressionTrusted Automated eXchange of Indicator Information (TAXII)Storage platformsOpenCTIMalware Information Sharing Platform (MISP)Summary
Section 2: How to Collect Threat Intelligence
Chapter 5: Operational Security (OPSEC)
What is OPSEC?The OPSEC processTypes of OPSECIdentity OPSECPersonal protectionOnline persona creationTechnical OPSEC types and conceptsInfrastructure and networkHardwareSoftware and operating systemActor engagementSource protectionOPSEC monitoringPersonnel training and metricsSummary
Chapter 6: Technical Threat Intelligence – Collection
The collection management processThe role of the collection manager Prioritized collection requirementsThe collection operations life cycleSurveying your collection needsIntelligence collection metrics Prioritized intelligence requirementsRequests for informationPlanning and administrationPeopleProcessTools and technologyThe collection operationCollection typesData typesRaw dataAnalyzed dataProduction dataThe artifact and observable repositoriesIntelligence collection metricsQuantitative metricsQualitative metricsSummary

Chapter 7: Technical Threat Analysis – Enrichment
The need and motivation for enrichment and analysisInfrastructure-based IOCsDomain Name System (DNS)WHOISPassive DNSFile-based IOCsFile artifactsStatic tool analysisDynamic malware analysisSetting up the environmentDynamic malware analysis toolsDefeating system monitoringCuckoo sandboxOnline sandbox solutionsReverse engineeringSummary
Chapter 8: Technical Threat Analysis – Threat Hunting and Pivoting
The motivation for hunting and pivotingHunting methodsVerdict determinationThreat expressionTranslating IOCs to TTPsHunting and identification signaturesPivot methodsMalicious infrastructure pivotsMalicious file pivotsPivot and hunting tools and servicesMaltegoAlienVault OTXurlscan.ioHybrid AnalysisVirusTotal graphing/huntingRiskIQ PassiveTotalSummary
Chapter 9: Technical Threat Analysis – Similarity Analysis
The motivations behind similarity analysisWhat is similarity grouping?Graph theory with similarity groupsDirectionGraphical structuresSimilarity analysis toolsYARAGraphing with STIXHashing and fingerprinting toolsImport hashingFuzzy and other hashing methods to enable similarity analysisUseful fingerprinting toolsSummary
Section 3: What to Do with Threat Intelligence
Chapter 10: Preparation and Dissemination
Data interpretation and alignmentData versus information versus intelligenceCritical thinking and reasoning in cyber threat intelligenceCognitive biasesFoundations of analytic judgments Motives and intentionsAnalytic confidenceMetadata tagging in threat intelligenceThoughts before disseminationSummary
Chapter 11: Fusion into Other Enterprise Operations
SOCIRThe IR life cycleF3EADRed and blue teamsThe red teamThe blue teamThreat intelligenceInformation securityOther departments to considerProducts and servicesMarketing and public relationsSalesLegal and organizational risksExecutive leadershipSummary
Chapter 12: Overview of Datasets and Their Practical Application
Planning and directionCollectionAnalysisInfrastructure discoveryProductionCyber Threat Intelligence Report – Ozark International BankDissemination and feedbackSummary
Chapter 13: Conclusion
What Is Cyber Threat Intelligence?How to Collect Cyber Threat IntelligenceWhat to Do with Cyber Threat IntelligenceSummary
Why subscribe?
Other Books You May EnjoyPackt is searching for authors like youShare Your Thoughts

Content preview from Operationalizing Threat Intelligence

Chapter 9: Technical Threat Analysis – Similarity Analysis

Every day, a growing number of new and variant malware families emerge across the globe. To reduce the amount of overhead it takes to analyze individual malware families and organize and identify clusters of malicious activity, security researchers often apply techniques for finding malware and infrastructure similarities by utilizing techniques that group similarities together. In this chapter, we will be focusing on malware relationship analysis, specifically to help identify malware intrusion sets that are used in threat campaigns and are being pitted against organizations every day.

Fundamentally, analyzing the similarity between malware and its malicious infrastructure turns seemingly ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781801814683

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Operationalizing Threat Intelligence

by Kyle Wilhoit, Joseph Opacki

Chapter 9: Technical Threat Analysis – Similarity Analysis

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.