Why Take Advanced Threat Intelligence?
Most Advanced Persistent Threat (APT) groups are organized and well-funded. Their main goal is to steal your data. There is much focus on data loss prevention, but how can you truly defend your data unless you know what attackers are specifically after? Hackers are human; they fall victim to doing the minimum they have to do to obtain their goal. They typically follow the same game plan until they are forced to change it. The key to defending against these things is knowing what you have that attackers want and then knowing how they go about getting it.
Threat Intelligence is the art of understanding your enemy to better protect your network by firmly knowing their tools, techniques, and procedures (TTPs).
Implementing blocks of IP addresses, Domain Names and MD5 hash values has very little value. Adversaries can easily change these indicators of compromise, often in an automated manner. The focus then needs to be on identifying groups by the information they are after as well as the tools and procedures they use to find that data.
This class aims to provide the students with the knowledge they need to begin a threat intelligence program in their environment. Every environment is different; our goal is to point you in the right direction so that you may hit the ground running.
- Experience and/or education within the cybersecurity field.
- Familiar with Linux, Metasploit and/or other basic computer / security concepts
- Certified Ethical Hacker certification
- Cybersecurity Analyst
- IT Compliance Analyst
- Malware Prevention Analyst
- Incident Response Analyst
Skills and Concepts:
- What is threat intelligence?
- How attackers generally think and act
- Threat landscape
- Intelligence data
- Five of the most successful and widely used analysis techniques
- Understanding how to disseminate collected information
- Cover reporting