UnlabelledCyber threat intelligence

Sabtu, 25 November 2017

- -
Sponsored Links

Test Cyber Threat Intelligence Video 1 - YouTube
src: i.ytimg.com

According to CERT-UK cyber threat intelligence (CTI) is an "elusive" concept. While cyber security comprises the recruitment of IT security experts, and the deployment of technical means, to protect an organization's critical infrastructure, or intellectual property, CTI is based on the collection of intelligence using open source intelligence (OSINT), social media intelligence (SOCMINT), human Intelligence (HUMINT), technical intelligence or intelligence from the deep and dark web. CTI's key mission is to research and analyze trends and technical developments in three areas:

  • Cybercrime
  • Hactivism
  • Cyber espionage (advanced persistent threat or APT)

Those accumulated data based on research and analysis enable states to come up with preventive measures in advance. Considering the serious impacts of cyber threats, CTI has been raised as an efficient solution to maintain international security.


Video Cyber threat intelligence



Types

The UK's Centre for the Protection of National Infrastructure (CPNI) distinguishes four types of threat intelligence:

  • Tactical: attacker methodologies, tools, and tactics - relies on enough resources and involves certain actions to go against potentially dangerous actors trying to do infiltration
  • Technical: indicators of specific malware
  • Operational: details of specific incoming attack, assess an organisation's ability in determining future cyber-threats
  • Strategic: high-level information on changing risk (strategic shifts) - senior leadership is required for thorough determination to critically assess threats

McAfee products and documentation reference/brand:

  • Global Threat Intelligence (GTI)
  • Joint Threat Intelligence (JTI)

In the financial sector, the CBEST framework of the Bank of England assumes that penetration testing is no longer adequate to protect sensitive business sectors, such as the banking sector. In response, the UK Financial Authorities (Bank of England, Her Majesty's Treasury, and the Financial Conduct Authority) recommend several steps to guard financial institutions from cyber threats, including receiving "advice from the cyber threat intelligence providers operating within the UK Government".

Benefits of tactical cyber intelligence

  • provides context and relevance to a tremendous amount of data
  • empowers organisations to develop a proactive cybersecurity posture and to bolster overall risk management policies
  • informs better decision-making during and following the detection of a cyber intrusion
  • drives momentum toward a cybersecurity posture that is predictive, not just reactive

Maps Cyber threat intelligence



Attribution

Behind any cyber threat there are people using computers, software and networks. During or after a cyber attack technical information about the network and computers between the attacker and the victim can be collected. However, identifying the person(s) behind an attack, their motivations, or the ultimate sponsor of the attack, is difficult. Recent efforts in threat intelligence emphasize understanding adversary TTPs.

APT attribution studies

  • APT1
  • APT28
  • APT 29
  • Blackvine Cyber Espionage group
  • Dragonfly
  • Joint FBI and DHS report on the DNC hack
  • Waterbug Group

Cyber Threat Intelligence Maturity Model & Best Practices on Vimeo
src: i.vimeocdn.com


CTI and political risk

Influential geopolitical countries, such as the US, Russia, China and Iran, use cyberspace as an extension of their foreign and intelligence collection policies. To achieve these objectives, they have formed APT units that primarily specialise in the following fields:

  • Collection of sensitive data from business or government computer systems
  • Electronic penetration or sabotage of critical infrastructure computer systems (for example, read about Stuxnet)

A combination of CTI with political risk analysis, which includes a deep understanding of current geopolitical disputes and leadership ulterior political motives, can help analysts understand future cyberwarfare patterns.


Cyber Threat Intelligence | FireEye
src: play.vidyard.com


See also

  • Cyber Intelligence Sharing and Protection Act
  • Cyber space
  • Denial-of-service attack
  • Malware
  • Zero-day (computing)
  • Ransomware

What is Cyber Threat Intelligence and Why Do You Need It? - YouTube
src: i.ytimg.com


References


What is cyber threat analysis? | IBM Big Data & Analytics Hub
src: www.ibmbigdatahub.com


Further reading

  • Anca Dinicu, "Nicolae B?lcescu" Land Forces Academy, Sibiu, Romania, Cyber Threats to National Security. Specific Features and Actors Involved, Buletin ?tiin?ific No 2(38)/2014
  • Cyber Threats to National Security. Countering Challenges to the Global Supply Chain (a summary of the personal remarks made by participants at the March 2, 2010, symposium, "Cyber Threats to National Security, Symposium One: Countering Challenges to the Global Supply Chain," co-sponsored by CACI International Inc (CACI) and the U.S. Naval Institute (USNI))
  • Zero Day: Nuclear Cyber Sabotage, BBC Four, Documentary thriller about warfare in a world without rules - the world of cyberwar. It tells the story of Stuxnet, self-replicating computer malware, known as a 'worm' for its ability to burrow from computer

Source of the article : Wikipedia

Comments
0 Comments
Langganan: Posting Komentar (Atom)