The Cycle of Cyber Threat Intelligence

Рет қаралды 111,309

SANS Digital Forensics and Incident Response

Күн бұрын

Overview
Too often, our community thinks of cyber threat intelligence (CTI) as just a finished product (or even just an indicator feed). But behind the scenes of that finished intelligence, there's an entire process that analysts should know to ensure their CTI is effective in helping drive better decision-making. Bringing together material from the FOR578: Cyber Threat Intelligence (sans.org/FOR578) course, this webcast covers the traditional Intelligence Cycle and describes key considerations for CTI analysts across each phase. Join FOR578 instructor Katie Nickels to learn the fundamentals every analyst needs to know about how to plan for, collect, process, analyze, and disseminate CTI to help your organization!
Speaker Bio
Katie Nickels
Katie is a SANS instructor for FOR578: Cyber Threat Intelligence (sans.org/FOR578) as well as the ATT&CK Threat Intelligence Lead at The MITRE Corporation. Katie has worked in network defense, incident response, and cyber threat intelligence for over a decade. She hails from a liberal arts background with degrees from Smith College and Georgetown University, embracing the power of applying liberal arts prowess to cybersecurity. With more than a dozen publications to her name, Katie has shared her expertise with presentations at BSidesLV, the FIRST CTI Symposium, multiple SANS Summits, Sp4rkcon, and many other events. Katie is also a member of the SANS CTI Summit and Threat Hunting Summit Advisory Boards. She was the 2018 recipient of the President's Award from the Women's Society of Cyberjutsu and serves as the Program Manager for the Cyberjutsu Girls Academy, which seeks to inspire young women to learn more about STEM. You can find Katie on Twitter @LiketheCoins
Kick-off the new year with the industry’s top CTI experts at the SANS Cyber Threat Intelligence Summit
This January, cyber threat intelligence (CTI) practitioners from around the world will gather in Arlington, Va., for the SANS DFIR Cyber Threat Intelligence Summit & Training. One of only a handful of events devoted to cyber threat intelligence and analysis, the SANS CTI Summit brings together leading experts and analysts for in-depth threat intelligence talks, world-class SANS training, a DFIR NetWars competition, and exclusive networking events - all directed at seasoned practitioners and CTI newcomers.
www.sans.org/event/cyber-thre...

Пікірлер: 29

@neddolphin 2 жыл бұрын

3:14 The Intelligence Cycle 5:38 Customers 7:24 Planning Fundamentals 9:22 Intel Types 12:45 Sample Collection Management Framework 15:07 Key Collection Sources 17:13 Malware Zoos 19:35 Data Pivoting Example 22:19 Measuring Threat Feeds 24:20 TLS Certs 29:31 Storing Platforms 38:22 Diamond Model

@krshn4n Жыл бұрын

Thanks bud, you made my life easier🍻

@TheBenJiles Жыл бұрын

Great info. Thanks for making this publicly available to us plebs.

@thecybersecurityclub 3 жыл бұрын

This is a great overview! Thank you!

@prakashtkrishnan 4 жыл бұрын

Simply Brilliant so well explained

@cristophersoto1244 2 жыл бұрын

Great talk. Thank you Katie.

@danusminimus9557 3 жыл бұрын

What a great talk!

@angelinebutton7936 3 жыл бұрын

Thanks, Katie! It was the perfect refresher I needed!

@pavankashetty4781 4 жыл бұрын

Excellent information.

@kimurayasaki6588 11 ай бұрын

it is a great video, thank for your sharing.

@i.m.i.7310 2 жыл бұрын

Thank you for your support and training again. ! Low intensity conflict computing community services.

@tomaszn2795 4 жыл бұрын

very interesting

@mdj431 3 жыл бұрын

Thank You, Katie. It gave a good kick-start into Cyber Threat Intelligence. And you have put up all the aspects of CTI as a career path. Wonderful!!

@jrmezw3560 2 жыл бұрын

I the family thank you ...😌

@s.bradley2040 2 жыл бұрын

This is a fantastic overview, but there is one nit: the presenter confused assessment confidence with probability. They are distinctly different. Probability is the likelihood your assessment is accurate (for past events) or will happen (for future events), while confidence is the credibility (no negativity intended) of the assessment.

@blackamericanlesbianprofes4357 7 ай бұрын

Thank you for sharing. 21nov23

@oldman1111 Жыл бұрын

As an outsider that occasionally visits the DC area, I firmly believe that Maryland drivers are worse than Virginia drivers.

@jonathanjones4993 3 ай бұрын

CTI is like current events when we were in school.....

@alanjones9818 3 жыл бұрын

Hi. Do you have links to Mark Parson's presentation, mentioned at time stamp 24:29, on the collection of TLS certificates? Thank you

@emirhamdoun4379 3 жыл бұрын

kzfaq.info/get/bejne/ic-VhtWnnbirmZc.html

@alanjones9818 3 жыл бұрын

@@emirhamdoun4379 Thank you!!!

@guy_is_2_shy_to_talk_to_girl 2 жыл бұрын

20:00

@dilnawaza 3 жыл бұрын

Can I get ppt/pdf if this.

@hectormontoya7444 Жыл бұрын

0szg ver Ñ gxa ad f nkgrtj rrr d

@YutoHirata Жыл бұрын

I receive image direct to my brain while I sleep, scan me around

@Stopinvadingmyhardware 2 жыл бұрын

That’s funny

@takedownccp 4 жыл бұрын

Wwww T F

@MoSec9 4 жыл бұрын

Yeah wtf is your problem? Did you land here by mistake?