Understanding Threat Intelligence for Effective Risk Management
Explore the world of threat intelligence and its critical role in managing risks effectively. From distinguishing information vs. intelligence to analyzing TTPs in digital environments, this comprehensive overview covers key concepts, tools, and techniques essential for businesses to stay ahead of evolving threats.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Threat Intelligence Threat Intelligence A quick glace at Intelligence Led Risk Management
A brief history of me A brief history of me Former Child Former Military Police NCO Former Military Intelligence NCO Former Bus Driver got into InfoSec 5 years ago Worked for DXC on the MoD Contract Worked at Auriga Consulting on the Nuclear Decommissioning Authority contract Worked at Virgin Money in 2ndLine Risk Currently working for Infinium as an IT Security Specialist RNLI volunteer All round good egg
Agenda Agenda What is Threat intelligence Information, Misinformation, Intelligence and Actionable Intelligence What's the difference between information and intelligence What does threat intelligence mean to business? Threat Intelligence & Risk Management Techniques, tactics and procedures (TTPs) Symmetric TTPs in digital business Asymmetric TTPs in digital business Application of Intelligence led risk management in digital business Conclusions Questions
Threat Intelligence Utilisation Threat Intelligence Utilisation
What is Threat Intelligence? What is Threat Intelligence? Threat intelligence is inferred, evidence-based knowledge including context, mechanisms, indicators, implications and actionable advice about an existing or emerging threat or hazard to assets. It can be used to inform decisions regarding the subject's deployment of countermeasures or response to that hazard or threat or target adversarial assets. If its Done Well!
Intelligence Terminology Intelligence Terminology Information Misinformation Intelligence Actionable Intelligence
Information vs Intelligence Information vs Intelligence
Intelligence Tools Intelligence Tools Intelligence Collection Plans PoL Analysis Link Analysis F3EA Money Tracing OSINT Tools Forming a working Hypothesis Murder groups (its not what you think)
Intelligence Products Intelligence Products
Threat Intelligence in the Business World Threat Intelligence in the Business World Threat Intelligence will identify, categorise and draw recommendations in relation to threats from a number of malicious sources A robust business threat intelligence program, done well, will assist with strategic decisions affecting any number of business critical processes
Threat Intelligence in Risk Management Threat Intelligence in Risk Management Ad Hoc Threat Based Formal Risk Management Frameworks Intelligence Led .?
Intelligence Led Risk Management Intelligence Led Risk Management
Tactics, Techniques & Procedures Tactics, Techniques & Procedures What we dislike How we carry out actions How we think What we like Routes we take Language we use Places we go to TTPs Our Ideology Places we avoid Things we admire People we avoid People we interact with Things we eat Things we wear Our Ideals Our Loyalties
Symmetric TTPs Symmetric TTPs Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Malicious Actor Environment Supported Live Environment Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector
Asymmetric TTPs Asymmetric TTPs Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Malicious Actor Environment Supported Live Environment Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Ineffective Control or Countermeasure Attack Vector Compromise of Environment Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector Offensive Capability or Toolset Defensive Control or Countermeasure Attack Vector
Deploy countermeasures Apply Intelligence Process Understand your defensive capabilities Understand your Vulnerabilities Know your Foe Understand your infrastructure Protect
Conclusions Conclusions Threat intelligence should be at the forefront of everything we do Threat Intelligence is the processing of information into actionable intelligence Intelligence Led Risk Management can save significant sums of money by applying budget only where it is required The key to effective threat intelligence is understanding our estate, vulnerabilities, adversaries and countermeasures Understanding adversarial asymmetric TTPs is vital to understanding which exploits pose most the significant risk Intelligence Led Risk management could be the single most effective means of managing risk to any organisation .. If its done well!
Questions? Questions? The Fewer you ask, the quicker we re in the pub The Fewer you ask, the quicker we re in the pub .. # .. #justsayin justsayin
