Threat Intelligence Essentials (T|IE) Training

De cursus Threat Intelligence Essentials biedt cursisten een sterke technische basiskennis van concepten en tools voor bedreigingsinformatie. De cursus biedt essentiële kennis over onderwerpen als het landschap van cyberbedreigingen, soorten bedreigingen en meer, waarmee u wordt voorbereid op een carrière als threat intelligence-analist. Test uw kennis met CTF-gebaseerde Capstone-projecten en valideer u nieuw verworven vaardigheden in gesurveilleerde examens. Verder biedt de cursus meer dan 18 uur aan eersteklas zelfstudievideotraining in 10 modules met 5 labs om studenten voor te bereiden op problemen in de echte wereld.

Cursusinhoud

Module 01: Introduction to Threat Intelligence

Threat Intelligence and Essential Terminology
         o What is Threat Intelligence?
         o Core Threat Intelligence Terminology

Key Differences Between Intelligence, Information, and Data
         o Threat Intelligence vs. Threat Data

The Importance of Threat Intelligence

Integrating Threat Intelligence in Cyber Operations
         o Modern Threat Intelligence vs. Traditional Cybersecurity

Threat Intelligence Lifecycles and Maturity Models
         o Threat Intelligence Lifecycle and Processes
         o Threat Intelligence Maturity Model

Threat Intelligence Roles, Responsibilities, and Use Cases
         o Threat Intelligence Team Roles & Responsibilities
         o Threat Intelligence Use Cases
         o Ethical and Legal Considerations

Using Threat Intelligence Standards or Frameworks to Measure Effectiveness
         o Frameworks and Standards
         o KPI’s for Measuring Effectiveness

Establishing SPLUNK Attack Range for Hands-on Experience
         o Module 1 Lab: SPLUNK Attack Range 3.0 Overview
         o Attack Range Setup

Module 02: Types of Threat Intelligence

Understanding the Different Types of Threat Intelligence
         o General Sources of Threat Intelligence
         o The Threat Intelligence Array

Preview Use Cases for Different Types of Threat Intelligence
         o Navigating Different Uses of Intelligence
         o Specific Uses of Threat Intelligence by Type

Overview of the Threat Intelligence Generation Process
         o The Threat Intelligence Generation Process
         o Sources of Generated Threat Intelligence

Learn How Threat Intelligence Informs Regulatory Compliance
         o How Regulation Influences Threat Intelligence Processes
         o Other Regulatory Factors to Consider

Augmenting Vulnerability Management with Threat Intelligence
         o Threat Intelligence and Vulnerability Management
         o Additional Best Practices to Consider

Explore Geopolitical or Industry Related Threat Intelligence
         o Geopolitical and Industry Focused Threat Intelligence
         o How Cybersecurity Can Leverage These Sources

Integrating Threat Intelligence with Risk Management
         o Threat Intelligence in Risk Management

Module 03: Cyber Threat Landscape

Overview of Cyber Threats Including Trends and Challenges
         o Defining the Cyber Threat Challenge

Emerging Threats, Threat Actors, and Attack Vectors
         o Threat Actor Types and Their Motivations
         o Trends and Challenges Impacting Threat Intelligence

Deep Dive on Advanced Persistent Threats
         o Getting to Know Your Advanced Persistent Threat
         o High Profile Threat Actors in Modern Times

The Cyber Kill Chain Methodology
         o What’s the Cyber Kill Chain Methodology?
         o Exploring Other Cyber Kill Chains

Vulnerabilities, Threat Actors, and Indicators of Compromise (IoC)
         o Indicators of Compromise (IoCs) Explained
         o Key Vulnerability Management Control Considerations

Geopolitical and Economic Impacts Related to Cyber Threats
         o Impact of Geopolitics and Economics on Cyber Threats

How Emerging Technology is Impacting the Threat Landscape
MITRE ATT&CK & SPLUNK Attack Range IOC Labs
         o Module 3 Lab Part 1: MITRE ATT&CK Navigator
         o Module 3 Lab Part 2: Reviewing Indicators of Compromise (IoC) in Attack Range

Module 04: Data Collection and Sources of Threat Intelligence

Making Use of Threat Intelligence Feeds, Sources, & Evaluation Criteria
         o Maximizing Use of Threat Data Feeds
         o Popular Sources of Threat Data
         o Evaluating Threat Data Credibility & Effectiveness

Overview of Threat Intelligence Data Collection Methods & Techniques
         o Overview of Threat Data Collection Methods
         o Dissemination Channels for Threat Data

Compare & Contrast Popular Data Collection Methods
         o Active vs Passive Threat Data Collection
         o Effective Uses for Active & Passive Data Collection
         o Other Intelligence Gathering Techniques

Bulk Data Collection Methods & Considerations
         o Bulk Data Collection Types
         o Bulk Data Collection Considerations

Normalizing, Enriching, & Extracting Useful Intelligence from Threat Data
         o Normalizing Threat Data Before Enrichment
         o The Data Enrichment Process
         o Additional Tips for Extracting Actionable Intelligence from Threat Data

Legal & Ethical Considerations for Threat Data Collection Processes
         o Ethical and Legal Risks Data Collection Must Account For

Threat Data Feed Subscription and OSINT Labs
         o Module 4 Lab Part 1: Subscribing to and Ingesting FREE Threat Data from APIs

Module 05: Threat Intelligence Platforms

Introduction Threat Intelligence Platforms (TIPs), Roles, & Features
         o Primary Features of a Threat Intelligence Platform
         o Notable TIP Providers & Solutions

Aggregation, Analysis, & Dissemination within TIPs
         o From Threat Data Aggregation to TIP Dissemination
         o Risks of TIP Mismanagement
         o Driving TIP Effectiveness & Accuracy

Automation & Orchestration of Threat Intelligence in TIPs
         o The Importance of Automation & Orchestration within TIPs
         o Desired Automation Outcomes
         o Orchestration Benefits Within a TIP

Evaluating & Integrating TIPs into Existing Cybersecurity Infrastructure
         o TIP Evaluation Criteria: The Tangible vs Intangible
         o Elements to Consider During Trials
         o Integration Consideration for TIPs

Collaboration, Sharing, and Threat Hunting Features of TIPs
         o Macro Vs Micro Collaboration Goals of TIPs
         o Ways That Threat Intelligence Platforms Share Data
         o Threat Hunting on TIPs

Customizing TIPs for Organizational Needs
         o The Customization Solution
         o Ideal TIP Customization Features and Criteria

Using TIPs for Visualization, Reporting, & Decision Making
         o How TIP Reporting and Visualizations Drive Key Business Decisions
         o Driving Effective Practices in TIP Reporting and Visualization

AlienVault OTX and MISP TIP Platform Labs
         o Module 5 Lab 1 Overview: AlienVault OTX and Pulses
         o Module 5 Lab 2: Exploring MISP

Module 06: Threat Intelligence Analysis

Introduction to Data Analysis and Techniques
         o Data Analysis Defined
         o Using Data Analysis for Threat Intelligence
         o Other Uses & Analysis Considerations

Applying Statistical Data Analysis, Including Analysis of Competing Hypothesis
         o A Deeper Look into Statistical Analysis for Threat Intelligence: Malware Inspection
         o Analysis of Competing Hypothesis

Identifying and Analyzing Threat Actor Artifacts
         o Applying Analysis Techniques to IoC Data
         o Applying Analytical Techniques to TTP Data
         o Driving Excellence in Data Analysis Practices

Threat Prioritization, Threat Actor Profiling & Attribution Concepts
         o How Data Analysis Assists Threat Prioritization
         o Intro to Threat Actor Profiling
         o Understanding and Improving Threat Attribution

Leveraging Predictive and Proactive Threat Intelligence
         o Predictive vs Proactive Threat Intelligence
         o Maximizing the Use of Predictive Threat Intelligence
         o Rewinding on Proactive Threat Intelligence

Reporting, Communicating, and Visualizing Intelligence Findings
         o Tips for Highly Effective Threat Reporting
         o Using MISP for Threat Intelligence Reporting & Visualization
         o Using Jupyter Notebooks to Visualize Data

Threat Actor Profile Labs & MISP Report Generation Labs
         o Module 6 Lab 1 – Cyber Threat Actor Profile Exercise
         o Module 6 – Lab 2: Generating MISP Threat Reports and Connecting MISP To Jupyter
Notebooks

Module 07: Threat Hunting and Detection

Operational Overview of Threat Hunting & Its Importance
         o What Is Threat Hunting?
         o General Threat Hunting Approach
         o Characteristics of Successful Threat Hunters

Dissecting the Threat Hunting Process
         o Considerations Before Conducting Threat Hunts
         o Deep Diving the Threat Hunting Process
         o Key Metrics to Guide Effective Threat Hunting

Threat Hunting Methodologies & Frameworks
         o What are Threat Hunting Frameworks and Why Use Them?
         o Hunting Framework Concepts: The Pyramid of Pain
         o Using the PEAK Methodology for Threat Hunting

Explore Proactive Threat Hunting
         o The Need for Proactive Threat Hunting
         o Key Differences Between Proactive & Unstructured Threat Hunting
         o When Proactive Threat Hunts Shine

Using Threat Hunting for Detection & Response
         o The Role of Threat Hunting in Incident Detect & Response
         o Common Ground Between Incident Response & Threat Hunting

Threat Hunting Tool Selection & Useful Techniques
         o Types of Threat Hunting Tools
         o Popular Threat Hunting Tools & Techniques
         o Best Practices for Tool Selection

Forming Threat Hunting Hypotheses & Conducting Hunts
         o The Value of Threat Hunting Hypotheses
         o Hunting Tactics, Techniques & Procedures (TTP)
         o Overview of MITRE’s TTP Hunting Methodology

Threat Hunting Lab in SPLUNK ATT&CK Range
         o Overview of Threat Hunting Lab

Module 08: Threat Intelligence Sharing and Collaboration

Importance of Information Sharing Initiatives in Threat Intelligence
         o The Importance of Information Sharing Initiatives
         o Types of Information Sharing Arrangements
         o Threat Information Sharing Frameworks

Overview of Additional Threat Intelligence Sharing Platforms
         o Threat Information Sharing Platforms
         o Desirable Features of Sharing Platforms
         o Potential Platform Pitfalls

Building Trust Within Intelligence Communities
         o Primary Trust Builders
         o How Trust in Small Private Circles or Larger Public Communities is Achieved

Sharing Information Across Industries and Sectors
         o Benefitting from Cross-Industry Threat Sharing
         o Sector Specific Threat Sharing
         o Cross-Sector Collaboration Communities

Building Private and Public Threat Intelligence Sharing Channels
         o Approaches for Establishing Private Threat Intel Channels
         o Approaches for Establishing Public Threat Intel Channels

Challenges and Best Practices for Threat Intelligence Sharing
         o Best Practices for Sharing Threat Intel
         o Threat Intelligence Sharing Challenges
         o Modern Examples of Overcoming Sharing Challenges

Legal and Privacy Implications of Sharing Threat Intelligence
         o Legal and Compliance Impacts
         o Privacy Implications of Careless Intel Sharing

Sharing Threat Intelligence Using MISP and Installing Anomali STAXX
         o Module 8 Lab: MISP to MISP Intel Sharing and Setting Up & Navigating Anomali STAXX

Module 09: Threat Intelligence in Incident Response

Integrating Threat Intelligence into Incident Response Processes
         o Overview of the Security Incident Response Lifecycle
         o Threat Intelligence Integration Examples
         o Potential Threat Intelligence Integration Drawbacks

Role of Threat Intelligence in Incident Prevention Using Workflows & Playbooks
         o Threat Intelligence’s Role in Incident Prevention
         o Malicious Process Real-Time Response (RTR) Workflow Example
         o Ransomware Playbook Example

Using Threat Intelligence for Incident Triage and Forensic Analysis
         o How Threat Intelligence Aids Incident Triage
         o The Role of Threat Intelligence During Forensic Analysis

Adapting Incident Response Plans Using New Intelligence
         o Threat Intel as an Incident Response Adaptation Pathway
         o Best Practice Considerations
         o Adaptation Pitfalls to Avoid

Coordinating Response With External Partners
         o Applying Threat Intelligence to Different Incidents
         o How Threat Intelligence Assists External Partner Collaboration

Threat Intelligent Incident Handling and Recovery Approaches
         o Applying Threat Intelligence to Different Incident Types
         o Using Threat Intelligence During Incident Recovery

Post Incident Analysis and Lessons Learned Considerations
         o Post-Incident Analysis and Areas of Emphasis
         o Merging Threat Intelligence Into Lessons Learned Activities

Measurement and Continuous Improvement for Intelligence Driven Incident Response
         o Approaches for Achieving Continuous Improvement
         o KPIs to Measure Threat Intelligence’s Influence on Incident Response

Module 10: Future Trends and Continuous Learning

Emerging Threat Intelligence Approaches & Optimizing Their Use
         o Complimentary Approaches to Threat Intelligence
         o Applying Threat Intelligence to Emerging Technologies
         o Optimizing Use of Emergent Technology for Threat Intelligence Operations

Convergence of Threat Intelligence & Risk Management
         o Getting Started with Converging Threat Intelligent Risk Management
         o A More Methodological Approach

Continuous Learning Approaches for Threat Intelligence
         o Contemporary vs Evolving Learning Models
         o Striking an Effective Balance

Adapting Professional Skillsets for Future in Threat Intelligence
         o Adapting Existing Career Paths to Threat Intelligence
         o Skills to Future Proof A Threat Intelligence Career

Anticipating Future Challenges & Opportunities in Threat Intelligence
         o Potential Challenges Down the Road
         o The Upside Opportunities of Threat Intelligence

Engaging in the Threat Intelligence Community & Keeping a Pulse on the Threat Landscape
         o Engaging in Threat Intelligence Communities
         o Keeping a Pulse on the Cyber Threat Landscape

The Role of Threat Intelligence in National Security & Defense
         o Threat Intelligence For National Defense Use Cases
         o Providers of National Defense Quality Threat Intelligence

Potential Influence of Threat Intelligence on Future Cybersecurity Regulations
         o Historical Examples & Benefits of Threat Intelligence’s Influence on Regulation
         o The Potential Downsides of Shaping Policy With Threat Intelligence