M7D1.docx - In this activity, you will discuss the concept...

This preview shows page 1 - 2 out of 6 pages.

In this activity, you will discuss the concept of threat intelligence. Due to the growth andsophistication of cyber-attacks against organizations, traditional techniques of preventing attackshave become obsolete. To tackle these ever advancing cyberattacks, organizations are movingtowards the concept of threat intelligence.Respond to the following:Can threat intelligence be considered a proactive approach or a reactive approach?What are the indicators of a compromise? Provide relevant examples.INITIAL RESPONSE:Threat intelligence, or cyber threat intelligence, is information that has been collected,processed, and analyzed concerning cyber threat actors that enables an organization to makeinformed decisions (Brook, 2020).This is not the same as raw data, it is refined and fulfills therequirements of being accurate, actionable, relevant, and timely (Brook, 2020).Cyber threatintelligence is a proactive measure that organizations can employ to gain the data that they needto identify and protect themselves against cyber threats (Brook, 2020).Through threatintelligence organizations can learn the patterns of hackers or cyber attackers which will enablethe company to emplace effective defenses as well as, mitigate any risks that could have anegative impact on the business (Brook, 2020).There are three specific types of threat intelligence: strategic threat intelligence, tacticalthreat intelligence, and operational threat intelligence (Brook, 2020).Strategic threat intelligenceprovides the large picture that encompasses the intent and capabilities of cyber threats in a broad-spectrum format that delivers broad trends and long-term effects to a largely nontechnicalaudience (Brook, 2020).Tactical threat intelligence is focuses on supporting the day to dayoperations and events that arise from working on indicators of compromise (IOC) (Brook, 2020).Tactical threat intelligence is geared at a more technical audience and provides tactics,techniques, and procedures (Brook, 2020).Operational threat intelligence is highly specializedand technical and is geared towards specific attacks, campaigns, malware, or tools (Brook,2020).IOCs are segments of forensic data such as data found within system logs that identifymalicious activity on a system or network (Lord, 2018).IOCs are integral in assisting securityand IT professionals in detecting data breaches, malware infections, or other threat activity andcan be likened to the breadcrumb trail used by Hansel and Gretel to mark their path (Lord, 2018).There are a significant number of IOCs however, there are a few that an organization shouldconsistently monitor: unusual outbound network traffic, anomalies in privileged user accountactivity, geographical irregularities, log-in red flags, increases in database read volume, HTMLresponse sizes, large numbers of requests for the same file, mismatched port-application traffic,suspicious registry or system file changes, unusual DNS requests, unexpected patching ofsystems, mobile device profile changes, bundles of data in the wrong place, web traffic withunhuman behavior, and signs of DDoS activity (Lord, 2018).

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 6 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Summer
Professor
N/A
Tags
Proactive, Reactive, concept of threat intelligence

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture