Module 1: Threat Intelligence 

by
Contents hide
1 INTRODUCTION – Threat Intelligence
2 THREAT INTELLIGENCE AND CYBERSECURITY KNOWLEDGE CHECK
3 THREAT INTELLIGENCE FRAMEWORK KNOWLEDGE CHECK
4 THREAT INTELLIGENCE GRADED ASSESSMENT
5 CONCLUSION – Threat Intelligence
Spread the love

INTRODUCTION – Threat Intelligence

Welcome to this module that deals with various resources available on threat intelligence. During this course, the learner will explore several tools and platforms that are meant to empower their understanding of cyber-related issues.

The resources will help learners to gain broad insights into the shifting landscape of digital security, which may inform the way they develop proactive defenses against intended or unintended risk and vulnerability. Prepare yourself for the expansion of knowledge together with digging deep into an area of defense.

Learning Objectives:

  • Explanatory purpose for the people to improve effectiveness in security.
  • Identify three pillars of effective threat detection.
    Define security intelligence.
  • Outline the intelligent detection best practices.
  • Explain using various frameworks for cyber threats.
  • Explain threat intelligence platforms and resources.
  • Identify the key strategic publications for threat intelligence.
  • Explain each step in the threat intelligence strategy map.
  • Recognize external sources of threat intelligence.
  • List costs associated with cybersecurity breaches.
  • Explain evolution, drivers, and threats in the cybersecurity landscape.

THREAT INTELLIGENCE AND CYBERSECURITY KNOWLEDGE CHECK

1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)

  • New security and privacy laws that went into effect in 2019
  • Human error accounting for the majority of security breaches (CORRECT)
  • The number of breached records in 2019 more than 3 times that of 2018 (CORRECT)
  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices (CORRECT)

Partially correct!

2. What was the average cost of a data breach in 2019 in US dollars?

 
  • $262K
  • $3.92M (CORRECT)
  • $42.7M
  • $237M

3. What was the average size of a data breach in 2019?

  • 5,270 records
  • 25,575 records (CORRECT)
  • 362,525 records
  • 1,221,750 records
  • 100,535,220 records

4. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as gathering data from internal, external, technical and human sources?

  • Collect (CORRECT)
  • Process
  • Analyze
  • Share

5. Crowdstrike organizes threat intelligence into which three (3) areas? (Select 3)

  • Tactical (CORRECT)
  • Control
  • Strategic (CORRECT)
  • Operational (CORRECT)

Partially correct!

6. According to the Crowdstrike model, Endpoints, SIEMs and Firewalls belong in which intelligence area?

  • Control
  • Strategic
  • Operational
  • Tactical (CORRECT)

7. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)

  • DarkReading (CORRECT)
  • BleepingComputer (CORRECT)
  • Journal of the American Association of Cybersecurity Professionals
  • Trend Micro (CORRECT)

Partially correct!

8. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)

  • Recorded Future (CORRECT)
  • FireEye (CORRECT)
  • MS RapidDeploy
  • IBM Resilient

Partially correct!

THREAT INTELLIGENCE FRAMEWORK KNOWLEDGE CHECK

1. True or False. The average enterprise has 85 different security tools from 45 vendors.

  • True (CORRECT)
  • False

2. Which threat intelligence framework can be described as a system that is effective if there are only 2 players and the adversary is motivated by socioeconomic or sociopolitical payoffs?

  • Mitre Att&ck Knowledgebase
  • Diamond Model of Intrusion Analysis (CORRECT)
  • Cyber Threat Framework
  • Lockheed Martin Cyber Kill Chain

3. True or False. An organization’s security immune system should not be considered fully integrated until it is integrated with the extended partner ecosystem.

  • True (CORRECT)
  • False

4. Which term can be defined as “The real-time collection, normalization, and analysis of the data generated by users, applications, and infrastructure that impacts the IT security and risk posture of an enterprise”?

  • Security Intelligence (CORRECT)
  • Cybersecurity
  • Security Analytics
  • Threat Intelligence

5. What are the three (3) pillars of effective threat detection? (Select 3)

  • Automate intelligence (CORRECT)
  • Analyze everything
  • See everything (CORRECT)
  • Become proactive

Partially correct!

6. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, organizations have an average of 50-70 security tools in their IT environments.

  • True (CORRECT)
  • False

THREAT INTELLIGENCE GRADED ASSESSMENT

1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)

  • A significant skills gap exists with more new cybersecurity professional needed the total number currently working in this field (CORRECT)
  • New security and privacy laws that went into effect in 2019
  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices (CORRECT)
  • Factors such as cloud migration and IT complexity act as cost multipliers making new breaches increasingly expensive (CORRECT)

Partially correct!

2. What was the average time to identify and contain a breach in 2019?

  • 12 hours
  • 7 days
  • 46 days
  • 279 days (CORRECT)

3. Which industry had the highest average cost per breach in 2019 at $6.45M

  • Manufacturing
  • Finance
  • Government
  • Healthcare (CORRECT)
  • Technology
  • Retail

4. Breaches caused by which source resulted in the highest cost per incident in 2019?

  • Employee or contractor negligence
  • Credentials theft (CORRECT)
  • Criminal insider
  • Politically motivated hactivists

5. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as normalize, correlate, confirm and enrich the data?

  • Collect
  • Process (CORRECT)
  • Analyze
  • Share

6. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as investigate, contain, remediate and prioritize?

  • Collect
  • Process
  • Analyze (CORRECT)
  • Share

7. According to the Crowdstrike model, threat hunters, vulnerability management and incident response belong in which intelligence area?

  • Operational (CORRECT)
  • Control
  • Tactical
  • Strategic

8. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)

  • Krebs on Security (CORRECT)
  • InfoSecurity Magazine (CORRECT)
  • Der CyberSpiegel
  • X-Force Exchange (CORRECT)

Partially correct!

9. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)

  • AVG Ultimate
  • BigFix
  • IBM X-Force Exchange (CORRECT)
  • TruSTAR (CORRECT)

Partially correct!

10. Which threat intelligence framework is divided into 3 levels. Level 1 is getting to know your adversaries. Level 2 involves mapping intelligence yourself and level 3 where you map more information and use that to plan your defense?

  • Lockheed Martin Cyber Kill Chain
  • Diamond Model of Intrusion Analysis
  • Cyber Threat Framework
  • Mitre Att&ck Knowledgebase (CORRECT)

11. True or False. An organization’s security immune system should be isolated from outside organizations, including vendors and other third-parties to keep it from being compromised. 

  • True
  • False (CORRECT)

12. Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are pre-exploit activities? (Select 2)

  • Prioritize vulnerabilities to optimize remediation processes and close critical exposures (CORRECT)
  • Detect deviations from the norm that indicate early warnings of APTs (CORRECT)
  • Gather full situational awareness through advanced security analytics
  • Perform forensic investigation

13. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, more that 50% of successful attacks are able to infiltrate without detection.

  • True (CORRECT)
  • False

CONCLUSION – Threat Intelligence

This module has indeed summarized the information in very detail regarding the various threat intelligence resources, skills and tools needed to navigate complex cyber threats. By accessing some or all of these resources, one would learn about different methods-of identifying analyzing and mitigating risks to digital assets owned by the organization.

Be sure to incorporate what has been learned from this module to prevent rising future online threats while continuing the path of cybersecurity. Obedience and adaptation to how threats keep changing, and emerging to become more dangerous day by day can only work as part of the formula. Proactive engagement, alongside well-versed knowledge in threat intelligence resource wise, will surely prove invaluable in guarding one’s organization against data and asset losses.

Leave a Comment