Most Advanced Persistent Threat (APT) groups are organized and well-funded. Their main goal is to steal your data. There is much focus on data loss prevention, but how can you truly defend your data unless you know what attackers are specifically after? Hackers are human, they fall victim to doing the minimum they have to do in order to obtain their goal. They typically follow the same game plan until they are forced to change it. The key to defending against these things, is knowing what you have that attackers want and then knowing how they go about getting it.
Threat Intelligence is the art of understanding your enemy to better protect your own network by firmly knowing their tools, techniques and procedures (TTPs).
Implementing blocks of IP addresses, Domain Names and MD5 hash values has very little value. Adversaries can easily change these indicators of compromise, often in an automated manner. The focus then needs to be on identifying groups by the information they are after as well as the tools and procedures they use to find that data.
Threat Intelligence Training in Maryland, Washington D.C. or Northern Virginia
3 Days - 24 Hours
Mon-Wed 8:30am - 5:00pm
Training Course Cost: $ 1,995 Per Enrollment
Coming from out of town? Ask about our hotel accommodation packages!
Custom Training For Your Organization
If your organization needs something other than what we have listed here, no problem! Just fill out the request information form to the right and tell us more about your training needs, your ideal start-date, your location preference, your unique set of challenges and the expected outcome, and we will develop a customized training course proposal targeted to the specific needs of your staff within your scheduling constraints! We will gladly do this quickly and free of any obligation.
Topics and Concept Covered in Advanced Threat Intelligence Training
This class aims to provide the students with the knowledge they need to begin a threat intelligence program in their own environment. Every environment is different; our goal is to point you in the right direction so that you may hit the ground running. In this Advanced Threat intelligence training class we will cover what threat intelligence is, how attackers generally think and act and the threat landscape as it is today
We then introduce the students into the vast amount of intelligence data that is available to them either both free and as a service. We outline key processes and setups to ensure you can start collecting intelligence data in your own network right away.
Next we go into five of the most successful and widely used analysis techniques including key items such as predictive analysis and principles of forecasting. We then dive in to understanding how to disseminate the collected information in a fashion that is clear and understandable to necessary parties based on their skills and job functions. Finally, we cover reporting. It is key to have clear reports to provide to management, your Incident Response team or your Security Operations Center (SOC) so that you / they may take action on this intelligence.
Recommended Training Audience and Prerequisites
Cyber Threat Analysts
Cyber Ops (SOC/CERT)
Cyber Decision Makers
As a note we would like to mention that there are two follow up classes to this course in the works. The first will be the very technical components from choosing or building the database and framework to interface with the large amount of data and the tools, both open source and commercial, that are available to you. We will also include a refresher in network forensics so that you are prepared to put the correct data into its proper place in your database. For more information on the follow up courses, see below.
Follow Up Courses:
1) Advanced Threat Intelligence – Development (3 days)
The first follow up Advanced Threat Intel course will be on optimizing your threat intelligence collection and analysis. If you love hands on classes this one is for you. 2 full days of labs implementing everything that was discussed in the previous two courses. The first of two days will be installing and configuring tools to allow you to implement indicators and observables from your threat intelligence collection for detection and prevention. This includes SIEM, IDS/IPS and DLP solutions based on free and open source technologies.
The final two days will be about collecting artifacts to support your intelligence data from host systems, logs and malware analysis. To complete the technical course we will take you on a deep dive into using Maltego for the analysis of your threat intelligence data. This will include using APIs for quick analysis of indicators and even creating your own custom transforms to pull in any supplementary data you would want into this single interface!
2) Advanced Threat Intelligence – Optimization (2 days)
For the final day do we have a fun lab in store for you! The author of this class will be spending time building mock Advanced Persistent Threat groups on the Internet. Everything from proxies to domains, to different IP address blocks in different countries. Your job? To implement the threat intelligence process you learned previously to be the first team to report fully on the groups tools, techniques and procedures as well as indicators that can be put in place on the devices you installed the previous day to detect their behavior.
But that’s not all! Once you have fully identified the group, it will be time to actually take down the botnet with you own hands! Using techniques such as honeypots, darknets and DNS sink-holing you will be walking through the motions to deactivate the botnet fully!
News related to Threat Intel
- Hunting Cyber Threats with Big Data: Our Latest Webinar (2/21/2014)
- University of Maryland…Hacked and Exposed (2/20/2014)
- Security+ Practice Test (2/19/2014)