Threat Intelligence sharing Flashcards
The process through which data generated in the ongoing use of information systems is collected, processed, analyzed, and disseminated to provide insights into the security status of those systems
Security Intelligence
The process of investigating, collecting, analyzing, and disseminating information about emerging threats and threat sources to provide data about the external threat landscape
▪ Narrative reports
▪ Data Feeds
Cyber Threat Intelligence
Intelligence Cycle
Requirements (Planning & Direction)
Collection (& Processing)
Analysis
Dissemination
Feedback
Requirements (Planning & Direction)
The requirements phase sets out the goals for the intelligence gathering effort
Collection (& Processing)
The collection process is implemented by software tools, such as SIEMs, and then processed for later analysis
Analysis
The analysis is performed against the given use cases from the planning phase and may utilize automated analysis, artificial intelligence, and machine learnin
Dissemination
The dissemination phase refers to publishing information produced by analysis to
consumers who need to act on the insights developed
▪ Strategic
▪ Operational
▪ Tactical
Feedback
The phase that aims to clarify requirements and improve the collection, analysis,
and dissemination of information by reviewing current inputs and outputs
▪ Lessons learned
▪ Measurable success
▪ Evolving threat issues
Property of an intelligence source that ensures it is up-to-date
Timeliness
Relevancy
Property of an intelligence source that ensures it matches the use cases intended
for it
Accuracy
Property of an intelligence source that ensures it produces effective results
Open-Source
Data that available to use without subscription, may include threat feeds similar
to the commercial providers, and may contain reputation lists and malware
signature databases
▪ US-CERT
▪ UK’s NCSC
▪ AT&T Security (OTX)
▪ MISP
▪ VirusTotal
▪ Spamhaus
▪ SANS ISC Suspicious Domains
Open-Source Intelligence (OSINT)
Methods of obtaining information about a person or organization through public records, websites, and social media
Information Sharing and Analysis Center (ISAC)
A not-for-profit group set up to share sector-specific threat intelligence and security best practices amongst its members
CISP, a Cyber Security Information Sharing Partnership, is like an ISAC within the UK
Critical Infrastructure
Any physical or virtual infrastructure that is considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on
security, national economic security, national public health or safety,
or any combination of these
ICS, SCADA, and embedded system threats are a main focus within critical infrastructure