当前位置:首页 > 报告详情

从威胁情报到检测工程:识别检测差距并提升CTI对组织价值的案例研究.pdf

上传人: 可*** 编号:991914 2025-12-07 24页 4.87MB

1、Whoami?Pedro Barros Security Analyst ProfessorPrevious roles:Jr.SOC Analyst Desktop Solutions Spc.Socials:0 xPEMB Pedro BarrosWhy CTI?Purpose:Decision Making Prevent DamageNeed:Advanced Warnings Actionable FactsDistils into:Tactical Threat Intelligence Operational Threat Intelligence Strategic Threa

2、t IntelligenceNOT CTI?Data:Discrete Facts IPs,Domains,Hashes Statistics Quantitative Value Information:Data Points Answers a QuestionContext is KingIntelligence:Actionable for an audienceOutcome:Specific decisions/actions Tailored for useMust Be:Readable Interpreted Actionable“You exist in the conte

3、xt of all in which you live and what came before you”IOCs Everywhere Intel as a process:PlanningCollectionProcessingAnalysis/FeedbackThe Pitfall:SilosSecurity OperationsFraud PreventionsThird-party RiskData feedsFree Pre-packagedWho Benefits?Security Operation:Accelerates triage Reduces False Positi

4、ves Provides ContextVulnerability Management:Relevant vs CriticalThird-party Risk:Vendors SuppliersWho Benefits?Threat Analysts:Motivation TTPs TrendsIAM:Employees Credentials Business PartnersBrand Protection:Unsanctioned Typosquating ImpersonationTypes of IntelligenceStrategic Intelligence:Broad Overview Human Interaction Forecast Trends Adversary TTPs Operational Intelligence:Ongoing Events Campaigns Technical Intelligence Attack Vectors Threat Data Feeds#1-InstanceWhat in an SOP Alert EscalatedActive AccountsSource?#2-InstanceSource:QUESTIONS?

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
客服
商务合作
小程序
服务号
折叠