Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Mastering Cyber Intelligence

You're reading from   Mastering Cyber Intelligence Gain comprehensive knowledge and skills to conduct threat intelligence for effective system defense

Arrow left icon
Product type Paperback
Published in Apr 2022
Publisher Packt
ISBN-13 9781800209404
Length 528 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Jean Nestor M. Dahj Jean Nestor M. Dahj
Author Profile Icon Jean Nestor M. Dahj
Jean Nestor M. Dahj
Arrow right icon
View More author details
Toc

Table of Contents (20) Chapters Close

Preface 1. Section 1: Cyber Threat Intelligence Life Cycle, Requirements, and Tradecraft
2. Chapter 1: Cyber Threat Intelligence Life Cycle FREE CHAPTER 3. Chapter 2: Requirements and Intelligence Team Implementation 4. Chapter 3: Cyber Threat Intelligence Frameworks 5. Chapter 4: Cyber Threat Intelligence Tradecraft and Standards 6. Chapter 5: Goal Setting, Procedures for CTI Strategy, and Practical Use Cases 7. Section 2: Cyber Threat Analytical Modeling and Defensive Mechanisms
8. Chapter 6: Cyber Threat Modeling and Adversary Analysis 9. Chapter 7: Threat Intelligence Data Sources 10. Chapter 8: Effective Defense Tactics and Data Protection 11. Chapter 9: AI Applications in Cyber Threat Analytics 12. Chapter 10: Threat Modeling and Analysis – Practical Use Cases 13. Section 3: Integrating Cyber Threat Intelligence Strategy to Business processes
14. Chapter 11: Usable Security: Threat Intelligence as Part of the Process 15. Chapter 12: SIEM Solutions and Intelligence-Driven SOCs 16. Chapter 13: Threat Intelligence Metrics, Indicators of Compromise, and the Pyramid of Pain 17. Chapter 14: Threat Intelligence Reporting and Dissemination 18. Chapter 15: Threat Intelligence Sharing and Cyber Activity Attribution – Practical Use Cases 19. Other Books You May Enjoy

Threat intelligence dissemination

A successful intelligence project should not be kept to yourself – it should be shared with others. Threat intelligence is performed to secure others. Hence, the CTI team or the analyst needs to distribute the intelligence product to the consumers. An organization only initiates actions if the result has reached the relevant personnel.

The dissemination step must be tracked to ensure continuity between intelligence cycles in a project. This sharing must be done in a transparent way using ticketing systems, for example. Let's assume that an intelligence request has been logged in the system. A ticket should be created, reviewed, updated, answered, and shared with the relevant parties. However, the CTI team must know how to share the output with different audiences by considering their backgrounds. Therefore, understanding the consumers of the product is capital. The consumers are the ones that define the dissemination process. What differentiates the consumers is parameters such as the intelligence background, the intelligence needs, the team in question, and how the results will be presented.

At the operational level, the intelligence output can be presented technically (we will detail why in the next chapter). The target audience in this group includes cybersecurity analysts, malware analysts, SOC analysts, and others. At the strategic level, the intelligence output should be less technical and focus on business-level indicators. At the tactical level, the outcome must clearly show the tactics and techniques of adversaries. The format's technicality must be profound at this level as it includes professionals such as incident response engineers, network defense engineers, and others. It is essential to know the consumer or the target audience and tailor the output accordingly. Intelligence dissemination must match the requirements and objectives that were set in the planning and direction phase.

The dissemination phase overlooks the reporting phase because the intelligence result is distributed and shared in the form of reports, blogs, news, and so on. The CTI team or analyst must write valuable reports that convey an honest message with the appropriate metrics and indicators to support the output (or the conclusion that was made). Reporting and intelligence documentation will be covered in Chapter 14, Threat Intelligence Reporting and Dissemination. However, it is essential to outline the findings clearly and concisely. Interesting topics must always be covered first to give the audience the desire to continue reading. Should there be actions to take, they should be highlighted at the beginning of the report. The CTI analyst must also be able to assess the entire process and the presented result. They must always be confident enough to defend everything included in the intelligence report using evidence and by quoting the different sources that were used. We will provide a template for documentation and reporting in Chapter 14, Threat Intelligence Reporting and Dissemination.

You have been reading a chapter from
Mastering Cyber Intelligence
Published in: Apr 2022
Publisher: Packt
ISBN-13: 9781800209404
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image