Threat Intelligence - CompTIA Security+ SY0-701 - 4.3

Threat intelligence

• Research the threats - And the threat actors

• Data is everywhere

- Hacker group profiles, tools used by the attackers,

and much more

• Make decisions based on this intelligence

- Invest in the best prevention

• Used by researchers, security operations teams,

and others

Open-Source Intelligence (OSINT)

• Open-source

- Publicly available sources

- A good place to start

• Internet

- Discussion groups, social media

• Government data

- Mostly public hearings, reports, websites, etc.

• Commercial data

- Maps, financial reports, databases

Proprietary/third-party intelligence

• Someone else has already compiled the threat information

- You can buy it

• Threat intelligence services

- Threat analytics, correlation across different data sources

• Constant threat monitoring

- Identify new threats

- Create automated prevention workflows

Information-sharing organizaitom

Public threat intelligence

- Often classified information

Private threat intelligence

- Private companies have extensive resources

Need to share critical security details

- Real time, high quality cyber threat information sharing

Cyber Threat Alliance (CTA)

- Members upload specifically formatted threat intelligence

- CTA scores each submission and validate across other submissions

- Other members can extract the validated data

Dark web intelligence

Dark web

- Overlay networks that use the internet

- Requires specific software and configurations to access

Hacking groups and services

- Activites

- Tools and techniques

- Credit card sales

- Accounts and passwords

Monitor forums for activity