Learn cyber threat intelligence fundamentals to implement and operationalize an organizational intelligence program
Key Features
- Develop and implement a threat intelligence program from scratch
- Discover techniques to perform cyber threat intelligence, collection, and analysis using open-source tools
- Leverage a combination of theory and practice that will help you prepare a solid foundation for operationalizing threat intelligence programs
Book Description
We're living in an era where cyber threat intelligence is becoming more important. Cyber threat intelligence routinely informs tactical and strategic decision-making throughout organizational operations. However, finding the right resources on the fundamentals of operationalizing a threat intelligence function can be challenging, and that's where this book helps.
In Operationalizing Threat Intelligence, you'll explore cyber threat intelligence in five fundamental areas: defining threat intelligence, developing threat intelligence, collecting threat intelligence, enrichment and analysis, and finally production of threat intelligence. You'll start by finding out what threat intelligence is and where it can be applied. Next, you'll discover techniques for performing cyber threat intelligence collection and analysis using open source tools. The book also examines commonly used frameworks and policies as well as fundamental operational security concepts. Later, you'll focus on enriching and analyzing threat intelligence through pivoting and threat hunting. Finally, you'll examine detailed mechanisms for the production of intelligence.
By the end of this book, you'll be equipped with the right tools and understand what it takes to operationalize your own threat intelligence function, from collection to production.
What you will learn
- Discover types of threat actors and their common tactics and techniques
- Understand the core tenets of cyber threat intelligence
- Discover cyber threat intelligence policies, procedures, and frameworks
- Explore the fundamentals relating to collecting cyber threat intelligence
- Understand fundamentals about threat intelligence enrichment and analysis
- Understand what threat hunting and pivoting are, along with examples
- Focus on putting threat intelligence into production
- Explore techniques for performing threat analysis, pivoting, and hunting
Who this book is for
This book is for cybersecurity professionals, security analysts, security enthusiasts, and anyone who is just getting started and looking to explore threat intelligence in more detail. Those working in different security roles will also be able to explore threat intelligence with the help of this security book.
Table of Contents
- Why You Need a Threat Intelligence Program
- Threat Actors, Campaigns, and Tooling
- Guidelines and Policies
- Threat Intelligence Frameworks, Standards, Models, and Platforms
- Operational Security (OPSEC)
- Technical Threat Intelligence – Collection
- Technical Threat Analysis – Enrichment
- Technical Threat Analysis – Threat Hunting and Pivoting
- Technical Threat Analysis – Similarity Analysis
- Preparation and Dissemination
- Fusion into Other Enterprise Operations
- Overview of Datasets and Their Practical Application
- Conclusion
Kyle Wilhoit is cybersecurity and cyber threat intelligence professional with wide experience ranging from security architecture to threat analysis, Kyle is specialized in threat intelligence collection and analysis, with a specific focus on nation-state actor groups.
Kyle earned his graduate and undergraduate degrees from Lindenwood University, in St. Charles, Missouri. His work history includes being a threat researcher and leader throughout Silicon Valley, including companies like Domaintools, Trend Micro, Fireeye, and more. Kyle has been an active member on the Blackhat US board since 2016 and has spoken at over 40 conferences across the globe on original research he performed.
Kyle currently resides in St. Louis, Missouri with his wife and kids.
Joseph Opacki is a United States Marine Corps (USMC) veteran and career cyber security professional with a specialization in malware reverse engineering, computer intrusion investigation, security research, and threat intelligence. He received his undergraduate degree from George Mason University and his graduate degree from the Virginia Polytechnic Institute and State University. He has been active in academia working as an Adjunct Professor for over a decade in the Master of Digital Forensics program at George Mason University. Before his retirement from public service, Joseph was a malware reverse engineering Subject Matter Expert (SME) at the Federal Bureau of Investigation.
