Cyber Threat Intelligence: Lifecycle

Regular monitoring and reporting of emerging threats and vulnerabilities can alert you to take action and prevent an attack. Understanding the cyber threat intelligence lifecycle is key to successfully implementing a threat intelligence strategy, using information about what adversaries are doing, incorporating protective measures in your defense scheme, and reducing your organization’s attack surface. Incorporating cyber threat intelligence in your business strategy helps you to fight against cybercrime.

If you are looking forward to implementing this model in your organization, this article will explain the steps you can follow.

Note: If you are reading about cyber threat intelligence for the first time, I recommend that you stop for a moment and read this article with some key concepts.

Step 1 – Direction

In this first step of the cyber threat intelligence lifecycle, it is very important to define what will be the strategy to collect the information, the type of information and content, define and classify the availability and reliability of sources and communication flows, and formulate intelligence team roles and responsibilities.

Step 2 – Collection

In this step, we need to focus more on collecting the desired intelligence defined in phase one. The data can be collected in different ways through either technical or human means and directly or secretly based on the confidentiality of the information. Intelligence is collected through sources like human intelligence (HUMINT), imagery intelligence (IMINT), measurement and signature intelligence (MASINT), signal intelligence (SIGNT), open-source intelligence (OSINT), and loCs, and other third parties. Investing time in this step will increase your probability of having a successful cyber threat intelligence lifecycle implementation. 

Step 3 – Processing

Processing is the transformation of collected information into a format usable by the organization. Almost all raw data collected needs to be processed to deliver to the stakeholder’s actionable data.

Step 4 – Analysis

Here, the obtained data is analyzed and the unusable one eliminated. The data is converted into information by applying various data analysis techniques such as qualitative and quantitative analyses, machine-based techniques, and statistical methods.

Step 5 – Feedback

The feedback is an assessment that describes whether the goal of converting threat intelligence information into action is achieved. That way, the organization would have reduced the attack surface and risk exposure. In this stage, the analysis allows the organization to define another router if the goal is not achieved.

Step 6 – Dissemination

This is the last phase of this cycle. Its objective is to supply intelligence to whoever must execute the appropriate actions with sufficient diligence to avoid decision-making delay.

In summary, in this article, we expose you to the six steps that make up the life cycle of cyber threat intelligence. In the following piece of this series, we will talk about Cyber Threat Intelligence Sources – Talk to you soon!

professional development

How to Set Your Professional Development Goals

What is the first thing you do when you are going to jump into a new project? The short answer is that you set out different goals and the path and actions needed to get there. Professional development is not the exception.

In order to advance in your career and reach the level of expertise and role you are expecting to have, you need to set your own goals. These professional goals usually go around improving your skills, your career, your competencies, and capabilities in the workplace.

A key aspect here is that they are exclusively yours. You can’t copy or replicate your coworkers or leader goals. You need to identify those areas you need to work on, those skills, degrees, or certifications you want/need to earn, so you can get more experience in a certain area, move up in your workplace, and advance in your career.

Having your professional development goals with milestones and timeframes is the best way to fully understand how you are progressing towards them. They will also help you identify your long-term aspirations, make a great impression on your employer (they highly value workers who go the extra mile, and are dedicated to their job and career), and they will boost your motivation and productivity.

That said, here are the different steps you need to take to set your professional development goals:

1- Define Your End Goal

To set your professional development goals, the first thing that you need to do is answer a few questions that will help you understand how you envision your future.

  • Where do you want to be in 5, 10, 20 years from now?
  • What title do you want to have?
  • What type of organization do you want to work for? Private or public? Large corporation or small business?
  • In what industry do you want to work in?
  • What accomplishments do you want to achieve?

Once you have answered these questions, you can even add some more, try working things backward. Think of the skills, experience, and knowledge you will need to get there.

2- Take A Look To Your Last Performance Evaluation

Checking your last performance evaluation is a great starting point to identify those areas where you need to start working. If you don’t get regular evaluations in your workplace, then try asking your boss or someone in a higher-level role who you interact with on a regular basis,  what is the one thing you could improve that would help you the most. 

3- Set SMART Goals

Stick to the SMART methodology for setting goals. They should be Specific, Measurable, Achievable, Relevant, and Time-bound. This will help you set goals that not only are clear and realistic, but that also have a deadline to be accomplished by, so they are not left behind in your weekly/monthly to-do list.

4- Break Your Goals Into Smaller Tasks

Each goal should be accompanied by a strategy to achieve it and a set of milestones that will help you understand how you are progressing. For example, if your goal is to become a Cybersecurity Analyst, then your milestones would be to study the different certifications needed to get hired in the field, work on getting hands-on experience, and study everything needed beyond the certifications’ content.

5- Set Time In Your Agenda For Your Goals

We know that your schedule might be coped with tasks and meetings from your current job, but if you want to make progress and improve your profile, you need to set time on a weekly, or even daily basis, to complete all the tasks and goals you have set out for yourself.

Don’t kid yourself about getting everything done in just a few weeks, give yourself enough time so you can avoid feeling burnout, but not that long so it’s something that you will forget.

6- Check Your Progress

The last step in this process is setting the time on a monthly basis to track your progress. What have you been able to complete? What have you left behind? When will you complete it? How do you feel?     

Now it’s time for you to start working on your goals and begin the road to improving your skills, both in a personal and professional way. Make sure to write everything down, make them visible, make them nice. You want to feel inspired, not scared away.

Cyber Threat Intelligence

Cyber Threat Intelligence: 6 Key Concepts to Understand it

Over the past decade, we have seen a significant increase in cyberattacks. Criminals use an ever-growing set of techniques, tactics, and tools to compromise their victims’ systems. To address this problem, every defender must know about Cyber Threat Intelligence (CTI).

In this series of articles, our goal is to share the foundations of Cyber Threat Intelligence effective management and then guide you to convert threat information into threat intelligence – actionable information to improve your organization’s security posture significantly.

Understanding the adversaries’ motivation, tactics, and techniques have become a fundamental strategy of many organizations, especially for the teams entrusted with their defense, better known as blue teams. So, in this first article, we will talk about fundamental concepts. We will define a threat, threat actors, threat information, deep dive into intelligence, and clarify the difference between threat intelligence and cyber threat intelligence.

Threats

In terms of information security, a threat is a possible adverse action or event facilitated due to a vulnerability that can rise to an unwanted impact on a computer system or application.

A threat can be an “intentional” adverse event (for example, hacking: an individual cracker or a criminal organization) or an “accidental” adverse event (for example, the possibility of a computer malfunction.

Threat actor

An individual or group can take the action of the threat, such as exploiting a vulnerability to make a negative impact. Examples of actors are cyberterrorists, government/state-sponsored actors, organized crime/cybercrime, hacktivists, script kiddies, or “insiders.” In one of our following articles, we will define each actor, their motivations.

Information threats

Threat information from external sources, AKA “Threat Feeds,” often consist of curated lists of URLs, IP addresses, and domains known to be suspicious. These lists typically have known compromised hosts/applications or used by the actors of the threat. They have almost no derived context. To go deeper into this topic, we recommend reading about the pyramid of pain by David Bianco. In one of our following articles, we will detail the sources to learn more about this topic.

Intelligence

When we speak of intelligence, we generally refer to information enriched with data from other sources which is actionable and a cybersecurity professional can analyze. Our future articles will detail the following types of intelligence: HUMINT, SIGINT, FININT, GEOINT, CYBINT, and OSINT.

Threat intelligence vs Cyber Threat Intelligence

Threat intelligence analyzes adversaries, their motivations, tactics, and techniques, and how they carry out crimes that could be replicated in your organization. This intelligence becomes valuable when it can inform and assist defenders in taking actions to defend against these threats.

Cyber Threat intelligence is the analysis of how adversaries or cybercriminals use their strategies to perpetrate their attacks on vulnerable information assets. Like threat intelligence, whose value is to convert information about threats into actions to strengthen the security posture, CTI includes a set of atomic compromise indicators and learns from external and internal information sources and strategies to on implementing effective controls.

Organizations increasingly recognize the value of threat intelligence. However, there is a difference between acknowledging the value and receiving the value. Today, most organizations focus their efforts on the most basic use cases, such as integrating threat data with the existing network at the firewall level without taking full advantage of the insights that intelligence can provide.

This first article covered the fundamentals to start our journey on this exciting and fascinating topic. In the next installment, we will talk about the benefits that a company obtains when it adopts a threat intelligence process, suggestions about where the function of threat intelligence should sit within organizations, and the type of companies that are rapidly moving to this model, which is gaining greater relevance as cyber-attacks grow in sophistication.