Module 1: Threat Intelligence 

by
Contents hide
1 INTRODUCTION – Threat Intelligence
2 THREAT INTELLIGENCE AND CYBERSECURITY KNOWLEDGE CHECK
3 THREAT INTELLIGENCE FRAMEWORK KNOWLEDGE CHECK
4 THREAT INTELLIGENCE GRADED ASSESSMENT
5 CONCLUSION – Threat Intelligence
Spread the love

INTRODUCTION – Threat Intelligence

This module will concentrate on various resources and aspects available for threat intelligence. In this course, students will explore different tools and platforms that help learners better understand cybersecurity threats.

Studying these resources will give us insight into the constantly evolving patterns of digital security dynamics, hence enabling the creation of a proactive approach against impending risks and possible vulnerabilities. Ready to enlarge your knowledge and fortify your defense, let’s get started on a journey through the world of threat intelligence.

Learning Objectives:

  • Explain why it is important to improve effectiveness in security.
  • Identify the three pillars upon which effective threat detection rests.
  • Define security intelligence.
    Explain best practices for the intelligent detection of threats.
  • Explain how to use various cyberthreat frameworks.
    Describe the various threat intelligence platforms and resources.
  • Name the key publications to be reviewed for insights on strategic threat intelligence plans.
  • Describe each step in the threat intelligence strategy map.
  • Identify threat intelligence external sources.
  • List the different costs of cybersecurity breach.
  • Describe trends, drivers, and threats in cybersecurity.

THREAT INTELLIGENCE AND CYBERSECURITY KNOWLEDGE CHECK

1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)

  • New security and privacy laws that went into effect in 2019
  • Human error accounting for the majority of security breaches (CORRECT)
  • The number of breached records in 2019 more than 3 times that of 2018 (CORRECT)
  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices (CORRECT)

Partially correct!

2. What was the average cost of a data breach in 2019 in US dollars?

  • $262K
  • $3.92M (CORRECT)
  • $42.7M
  • $237M

3. What was the average size of a data breach in 2019?

  • 5,270 records
  • 25,575 records (CORRECT)
  • 362,525 records
  • 1,221,750 records
  • 100,535,220 records

4. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as gathering data from internal, external, technical and human sources?

  • Collect (CORRECT)
  • Process
  • Analyze
  • Share

5. Crowdstrike organizes threat intelligence into which three (3) areas? (Select 3)

  • Tactical (CORRECT)
  • Control
  • Strategic (CORRECT)
  • Operational (CORRECT)

Partially correct!

6. According to the Crowdstrike model, Endpoints, SIEMs and Firewalls belong in which intelligence area?

  • Control
  • Strategic
  • Operational
  • Tactical (CORRECT)

7. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)

  • DarkReading (CORRECT)
  • BleepingComputer (CORRECT)
  • Journal of the American Association of Cybersecurity Professionals
  • Trend Micro (CORRECT)

Partially correct!

8. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)

  • Recorded Future (CORRECT)
  • FireEye (CORRECT)
  • MS RapidDeploy
  • IBM Resilient

Partially correct!

THREAT INTELLIGENCE FRAMEWORK KNOWLEDGE CHECK

1. True or False. The average enterprise has 85 different security tools from 45 vendors.

  • True (CORRECT)
  • False

2. Which threat intelligence framework can be described as a system that is effective if there are only 2 players and the adversary is motivated by socioeconomic or sociopolitical payoffs?

  • Mitre Att&ck Knowledgebase
  • Diamond Model of Intrusion Analysis (CORRECT)
  • Cyber Threat Framework
  • Lockheed Martin Cyber Kill Chain

3. True or False. An organization’s security immune system should not be considered fully integrated until it is integrated with the extended partner ecosystem.

  • True (CORRECT)
  • False

4. Which term can be defined as “The real-time collection, normalization, and analysis of the data generated by users, applications, and infrastructure that impacts the IT security and risk posture of an enterprise”?

  • Security Intelligence (CORRECT)
  • Cybersecurity
  • Security Analytics
  • Threat Intelligence

5. What are the three (3) pillars of effective threat detection? (Select 3)

  • Automate intelligence (CORRECT)
  • Analyze everything
  • See everything (CORRECT)
  • Become proactive

Partially correct!

6. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, organizations have an average of 50-70 security tools in their IT environments.

  • True (CORRECT)
  • False

THREAT INTELLIGENCE GRADED ASSESSMENT

1. Which three (3) of these were among the top 5 security drivers in 2019? (Select 3)

  • A significant skills gap exists with more new cybersecurity professional needed the total number currently working in this field (CORRECT)
  • New security and privacy laws that went into effect in 2019
  • IOT device attacks moving from targeting consumer electronics to targeting enterprise devices (CORRECT)
  • Factors such as cloud migration and IT complexity act as cost multipliers making new breaches increasingly expensive (CORRECT)

Partially correct!

2. What was the average time to identify and contain a breach in 2019?

  • 12 hours
  • 7 days
  • 46 days
  • 279 days (CORRECT)

3. Which industry had the highest average cost per breach in 2019 at $6.45M

  • Manufacturing
  • Finance
  • Government
  • Healthcare (CORRECT)
  • Technology
  • Retail

4. Breaches caused by which source resulted in the highest cost per incident in 2019?

  • Employee or contractor negligence
  • Credentials theft (CORRECT)
  • Criminal insider
  • Politically motivated hactivists

5. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as normalize, correlate, confirm and enrich the data?

  • Collect
  • Process (CORRECT)
  • Analyze
  • Share

6. According to the Threat Intelligence Strategy Map, The threat intelligence process can be broken down into 4 steps: Collect, Process, Analyze, and Share. Which step would contain activities such as investigate, contain, remediate and prioritize?

  • Collect
  • Process
  • Analyze (CORRECT)
  • Share

7. According to the Crowdstrike model, threat hunters, vulnerability management and incident response belong in which intelligence area?

  • Operational (CORRECT)
  • Control
  • Tactical
  • Strategic

8. Which three (3) sources are recommended reading for any cybersecurity professional? (Select 3)

  • Krebs on Security (CORRECT)
  • InfoSecurity Magazine (CORRECT)
  • Der CyberSpiegel
  • X-Force Exchange (CORRECT)

Partially correct!

9. Which two (2) of these were among the 4 threat intelligence platforms covered in the Threat Intelligence Platforms video? (Select 2)

  • AVG Ultimate
  • BigFix
  • IBM X-Force Exchange (CORRECT)
  • TruSTAR (CORRECT)

Partially correct!

10. Which threat intelligence framework is divided into 3 levels. Level 1 is getting to know your adversaries. Level 2 involves mapping intelligence yourself and level 3 where you map more information and use that to plan your defense?

  • Lockheed Martin Cyber Kill Chain
  • Diamond Model of Intrusion Analysis
  • Cyber Threat Framework
  • Mitre Att&ck Knowledgebase (CORRECT)

11. True or False. An organization’s security immune system should be isolated from outside organizations, including vendors and other third-parties to keep it from being compromised. 

  • True
  • False (CORRECT)

12. Activities performed as a part of security intelligence can be divided into pre-exploit and post-exploit activities. Which two (2) of these are pre-exploit activities? (Select 2)

  • Prioritize vulnerabilities to optimize remediation processes and close critical exposures (CORRECT)
  • Detect deviations from the norm that indicate early warnings of APTs (CORRECT)
  • Gather full situational awareness through advanced security analytics
  • Perform forensic investigation

13. True or False. According to the FireEye Mandiant’s Security Effectiveness Report 2020, more that 50% of successful attacks are able to infiltrate without detection.

  • True (CORRECT)
  • False

CONCLUSION – Threat Intelligence

This module has really opened up an entire panorama for you as an individual or organization. It has, in fact, listed and consulted different type of threat intelligence resources, thereby equipping an individual or organization with necessary knowledge or tools for navigation through a complex landscape like that of cyber threats. In the resources explored here, one will have much insight regarding how one can learn to identify, analyze, or even mitigate possible risks for the organization’s digital assets.

Still on the journey of cybersecurity, you have to stay vigilant and adapt to emerging threats and, above all, use the insights gained from this module to beef up your defenses against evolving cyber threats. Threat intelligence resources with a proactive approach and a good understanding are the things that one needs to protect organizational data and asset in an increasingly interconnected world.

Leave a Comment