Overview

Understand the process of setting up a successful cyber threat intelligence (CTI) practice within an established security team. This book shows you how threat information that has been collected, evaluated, and analyzed is a critical component in protecting your organization’s resources. Adopting an intelligence-led approach enables your organization to nimbly react to situations as they develop. Security controls and responses can then be applied as soon as they become available, enabling prevention rather than response. There are a lot of competing approaches and ways of working, but this book cuts through the confusion. Author Aaron Roberts introduces the best practices and methods for using CTI successfully. This book will help not only senior security professionals, but also those looking to break into the industry. You will learn the theories and mindset needed to be successful in CTI. This book covers the cybersecurity wild west, the merits and limitations ofstructured intelligence data, and how using structured intelligence data can, and should, be the standard practice for any intelligence team. You will understand your organizations’ risks, based on the industry and the adversaries you are most likely to face, the importance of open-source intelligence (OSINT) to any CTI practice, and discover the gaps that exist with your existing commercial solutions and where to plug those gaps, and much more. What You Will Learn Know the wide range of cybersecurity products and the risks and pitfalls aligned with blindly working with a vendor Understand critical intelligence concepts such as the intelligence cycle, setting intelligence requirements, the diamond model, and how to apply intelligence to existing security information Understand structured intelligence (STIX) and why it’s important, and aligning STIX to ATT&CK and how structured intelligence helps improve final intelligence reporting Know how to approach CTI, depending on your budget Prioritize areas when it comes to funding and the best approaches to incident response, requests for information, or ad hoc reporting Critically evaluate services received from your existing vendors, including what they do well, what they don’t do well (or at all), how you can improve on this, the things you should consider moving in-house rather than outsourcing, and the benefits of finding and maintaining relationships with excellent vendors Who This Book Is For                                                  Senior security leaders in charge of cybersecurity teams who are considering starting a threat intelligence team, those considering a career change into cyber threat intelligence (CTI) who want a better understanding of the main philosophies and ways of working in the industry, and  security professionals with no prior intelligence experience but have technical proficiency in other areas (e.g., programming, security architecture, or engineering)

Full Product Details

Author:   Aaron Roberts
Publisher:   APress
Imprint:   APress
Edition:   1st ed.
Weight:   0.361kg
ISBN:  

9781484272190

ISBN 10:   1484272196
Pages:   207
Publication Date:   10 August 2021
Audience:   Professional and scholarly ,  Professional & Vocational
Format:   Paperback
Publisher's Status:   Active
Availability:   Manufactured on demand  
We will order this item for you from a manufactured on demand supplier.

Table of Contents

Chapter 1: Introduction This chapter is designed to introduce the reader to me, why I’m knowledgeable on the subject and to set the expectations of what they’ll learn throughout the book. Chapter 2: The Cybersecurity Wild West This chapter discusses the wide-range of cybersecurity products and understanding the risks and pitfalls aligned with blindly working with a vendor. How to understand what you get for your money and how to get the most out of any commercial partnerships you enter into. Chapter 3: Cyber Threat Intelligence – What does it even mean? This chapter discusses critical intelligence concepts such as the intelligence cycle, setting intelligence requirements, the diamond model and how we apply intelligence to existing security information (by way of Mitre ATT&CK). Chapter 4: Structured Intelligence – What’s The Point? This chapter builds on chapter 3, and discusses the benefits of adding structure to intelligence data. We’ll discuss STIX and why it’s important, aligning STIX to ATT&CK and how structured intelligence helps improve final intelligence reporting. Chapter 5: Determining what your business needs This chapter will look at how to approach CTI depending on your budget, the business itself (and its underlying sector/industry), what already exists within the organization and how you could expand and automate some aspects of the collection. Chapter 6: How Can I Implement This? (No matter what budget you have) This chapter will look at the main factors of CTI, accepting what gaps might exist (if you have no budget), and how you could potentially consider trying to fill them. We’ll discuss how to priorities areas when it comes to funding and the best approaches to incident response, requests for information or ad-hoc reporting. Chapter 7: Things to consider when implementing CTI This chapter will look at an organizations footprint and understanding the risks associated with your organization—the gaps left by funding or vendor/IT black holes in your estate and staffing and resourcing. Chapter 8: The importance of OSINT Open-Source Intelligence is a significant part of a successful CTI practice. This chapter will look at what OSINT is (and can be), what an analyst or investigator needs in terms of necessary tooling to succeed, how to create and maintain accounts for research purposes and what to do if you can’t immediately employ Human Intelligence (HUMINT) into your collection. Chapter 9: I already pay for vendor X. Should I bother? This chapter is designed to assist the reader in critically evaluating the service they receive from their existing vendors. This includes what they do well, what they don’t do well (or at all), how you can improve on this, what things you should consider moving in-house rather than outsourcing, and the benefits of finding and maintaining relationships with excellent vendors. Chapter 10: Summary This chapter will summaries the main themes discussed in each chapter. The next steps that should be imperative to any organization, how the reader could follow up with me for any questions or comments, and if they can’t do anything today, what they should take away from the book to try and improve their CTI practice. Chapter 11: Useful Resources This chapter will list several useful resources the reader could investigate to help them on their way to set up a successful CTI team, broken down into sub-headings.

Reviews

Author Information

Aaron Roberts is an intelligence professional specializing in Cyber Threat Intelligence (CTI) and Open-Source Intelligence (OSINT). He is focused on building intelligence-led cyber capabilities in large enterprises and conducting online investigations and research. He has worked within several the public and private sectors as well as the British Military. As such he understands how intelligence can and should be utilized within a range of environments and the fundamental approach that businesses must take to get the maximum value out of their cyber threat intelligence program.

Tab Content 6

Author Website:  

Customer Reviews

Recent Reviews

No review item found!

Add your own review!

Countries Available

All regions