从威胁情报到检测工程:识别检测差距并提升CTI对组织价值的案例研究.pdf

编号:991914 PDF 24页 4.87MB 下载积分:VIP专享
下载报告请您先登录!

1、Whoami?Pedro Barros Security Analyst ProfessorPrevious roles:Jr.SOC Analyst Desktop Solutions Spc.Socials:0 xPEMB Pedro BarrosWhy CTI?Purpose:Decision Making Prevent DamageNeed:Advanced Warnings Actionable FactsDistils into:Tactical Threat Intelligence Operational Threat Intelligence Strategic Threa

2、t IntelligenceNOT CTI?Data:Discrete Facts IPs,Domains,Hashes Statistics Quantitative Value Information:Data Points Answers a QuestionContext is KingIntelligence:Actionable for an audienceOutcome:Specific decisions/actions Tailored for useMust Be:Readable Interpreted Actionable“You exist in the conte

3、xt of all in which you live and what came before you”IOCs Everywhere Intel as a process:PlanningCollectionProcessingAnalysis/FeedbackThe Pitfall:SilosSecurity OperationsFraud PreventionsThird-party RiskData feedsFree Pre-packagedWho Benefits?Security Operation:Accelerates triage Reduces False Positi

4、ves Provides ContextVulnerability Management:Relevant vs CriticalThird-party Risk:Vendors SuppliersWho Benefits?Threat Analysts:Motivation TTPs TrendsIAM:Employees Credentials Business PartnersBrand Protection:Unsanctioned Typosquating ImpersonationTypes of IntelligenceStrategic Intelligence:Broad Overview Human Interaction Forecast Trends Adversary TTPs Operational Intelligence:Ongoing Events Campaigns Technical Intelligence Attack Vectors Threat Data Feeds#1-InstanceWhat in an SOP Alert EscalatedActive AccountsSource?#2-InstanceSource:QUESTIONS?

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(从威胁情报到检测工程:识别检测差距并提升CTI对组织价值的案例研究.pdf)为本站 (可不可以) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠