Overview

In the context of the current threat environment, participants learn ways to detect and correlate data for better threat analysis; reduce breach exposure time and break the cyber kill chain; and manage current and future threats. As participants progress through the program, their perceptions of threats will evolve, and they will receive instruction on the role of threat intelligence in security systems that are evolving along with the threat environment.

Get to participate in hands-on and table-top exercises to practice strategies for analyzing attacks and mitigating their effects, and for applying intelligence-driven security practices in their own organizations.

Duration:

02 days (16 hours)

Course Objectives

Upon completing the program, participants should be able to:

• Describe the current global threat ecosystem
• Illustrate the logical components of an advanced security program
• List best practices for planning advanced defenses
• Describe the cyber kill chain
• Provide examples of cyber kill chain intervention
• Compare traditional threats and Advanced Persistent Threats
• Find and use sources of threat intelligence
• Perform threat modeling of high-value assets and high-value adversaries
• Gather and analyze threat intelligence
• Manage the threat lifecycle

Who should attend

Security analysts who investigate, analyze, and resolve or escalate incidents and issues; monitor external security information sources; or feed actionable intelligence back into systems • Novice security analysts who meet prerequisites and want to advance their skills • SOC managers who want to implement a Threat Intelligence capability.

Course outline

1.     Threat Overview

• Current Threat Ecosystem
  • Ecosystem Overview
  • Communities of Attackers
  • Targets
  • Vulnerabilities
  • Avenues of Attack
  • Tactics, Techniques, and
  • Procedures
  • Advanced Persistent Threats
  • Threat Intelligence in an Advanced

Security Program

• Shortcomings of Traditional

Security Measures

• Advanced Approaches to

Information Security

• Advanced Security Operations

Center Model

• Planning Advanced Defenses
  • Guiding Principles for

Defending the Enterprise

• Defining a Cyber Footprint

Quantifying Risk

• Applying Security Best

Practices

• Promoting User Education

2.     Types of Threats

• Crimeware
• Advanced Persistent Threats (APTs)

3.     Cyber Kill Chain

• Attack Progression
  • Anatomy of an Attack
  • Cyber Kill Chain Model
  • Kill Chain Interventions
  • Detecting Attacks
    • Indicators of Compromise
    • Network-based Indicators
    •  Host-based Indicators

4.     Intelligence Sources

• Government
• Industry Associations & Networks
• Commercial Sources
• Open Source
• Extended Enterprise
• Internal Organization Sources

5.     Threat Modeling

• Threat Modeling Perspective
• Profiling Targets
  • APT Targets
  • Reconnoitering Targets, Web Presence, Industries, Social Media, High-Value Assets
  • Threat Actor Attribution
    • Actor Identification
    • Target Identification
    • Actor Behaviors
    • Communication Strategy
    • Threat Modeling Resources

6.     Developing Threat Intelligence

• Command and Control Protocol
• Decoding
• Passive DNS Monitoring
• Email Operations
• Threat Infrastructure Enumeration
• Command and Control Domain Correlation
• Intrusion Set Attribution
• Public-Facing Web Infrastructure

7.     Threat Management

• Detecting Threats
• Threat Mitigation Strategy
• Predicting Threats