1、Whoami?Pedro Barros Security Analyst ProfessorPrevious roles:Jr.SOC Analyst Desktop Solutions Spc.Socials:0 xPEMB Pedro BarrosWhy CTI?Purpose:Decision Making Prevent DamageNeed:Advanced Warnings Actionable FactsDistils into:Tactical Threat Intelligence Operational Threat Intelligence Strategic Threa
2、t IntelligenceNOT CTI?Data:Discrete Facts IPs,Domains,Hashes Statistics Quantitative Value Information:Data Points Answers a QuestionContext is KingIntelligence:Actionable for an audienceOutcome:Specific decisions/actions Tailored for useMust Be:Readable Interpreted Actionable“You exist in the conte
3、xt of all in which you live and what came before you”IOCs Everywhere Intel as a process:PlanningCollectionProcessingAnalysis/FeedbackThe Pitfall:SilosSecurity OperationsFraud PreventionsThird-party RiskData feedsFree Pre-packagedWho Benefits?Security Operation:Accelerates triage Reduces False Positi
4、ves Provides ContextVulnerability Management:Relevant vs CriticalThird-party Risk:Vendors SuppliersWho Benefits?Threat Analysts:Motivation TTPs TrendsIAM:Employees Credentials Business PartnersBrand Protection:Unsanctioned Typosquating ImpersonationTypes of IntelligenceStrategic Intelligence:Broad Overview Human Interaction Forecast Trends Adversary TTPs Operational Intelligence:Ongoing Events Campaigns Technical Intelligence Attack Vectors Threat Data Feeds#1-InstanceWhat in an SOP Alert EscalatedActive AccountsSource?#2-InstanceSource:QUESTIONS?