Threat Intelligence

Question 1

Threat Intelligence

Facilitate risk management

Answer 1

Sources

Question 2

Threat Intelligence Sources

Can reduce incident response time

Answer 2

Hardening

Question 3

Threat Intelligence Sources

• adversary tactics, techniques and procedures (TTPP
• Threat maps
  ie: geographical representations of malware outbreaks

Answer 3

Provide cybersecurity insight

Question 4

Threat Intelligence

Closed/proprietary

OSINT (open-source intelligence)
- gov reports
- media
- academic papers

Answer 4

Threat Intelligence Sources

Question 5

Threat Intelligence

• closed/proprietary
• file/code repositories
  ie: GitHub
• Vulnerability databases
  Common Vulnerabilities and Exposures (CVEs)

Answer 5

more threat intel sources

Question 6

Threat Intelligence

Dark Web/dark net
- Tor n/w - Tor web browser
- encrypted anonymous connections
- not indexed by search engines
- Tor encryption and anonymity
- Journalists
- Law enforcement
- Gov informants

Answer 6

sources

Question 7

Threat Intelligence Sharing

Exchange of cybersecurity intelligence (CI) between entities

Answer 7

Automated Indicator Sharing (AIS)

Question 8

Threat Intelligence Sharing

• form of AIS
• Data exchange format for cybersecurity intelligence

Answer 8

Structured Threat Information eXpression (STIX)

Question 9

Threat Intelligence Sharing

• like RSS feeds for threats
• consists of TAXII servers and clients
• real-time cyber intelligence feeds

Answer 9

Trusted Automated eXChange of Intelligence Information (TAXII)

Question 10

Threat Intelligence

open-source intelligence - refers to public cybersecurity intelligence sources

Answer 10

OSINT

Question 11

Threat Intelligence

Example of OSINT

Answer 11

Common Vulnerabilities and Exposures (CVE) dbase

Question 12

Threat Intelligence

Encrypted and anonymized internet access mechanism allowing access to unindexed content

Answer 12

Dark Web