Podcast
Questions and Answers
What is an Indicator of Compromise (IoC)?
What is an Indicator of Compromise (IoC)?
- An expert system for threat analysis
- Specific evidence of intrusion (correct)
- A campaign strategy and approach to attack
- A file/code repository
What is Artificial Neural Networks (ANN)?
What is Artificial Neural Networks (ANN)?
- A type of machine learning that uses inputs, outputs, and feedback (correct)
- A threat data feed
- A type of expert system
- A type of vulnerability database
What is an objective of Predictive Analysis?
What is an objective of Predictive Analysis?
- To forecast threats (correct)
- To create expert systems
- To monitor 'chatter'
- To create threat data feeds
What is STIX?
What is STIX?
What is a Tactic in Tactics, Techniques, and Procedures (TTPs)?
What is a Tactic in Tactics, Techniques, and Procedures (TTPs)?
What is Automated Indicator Sharing (AIS)?
What is Automated Indicator Sharing (AIS)?
What is a Technique in Tactics, Techniques, and Procedures (TTPs)?
What is a Technique in Tactics, Techniques, and Procedures (TTPs)?
What is the purpose of correlation between security intelligence/event monitoring and threat data?
What is the purpose of correlation between security intelligence/event monitoring and threat data?
What is a Procedure in Tactics, Techniques, and Procedures (TTPs)?
What is a Procedure in Tactics, Techniques, and Procedures (TTPs)?
What is a Threat Map?
What is a Threat Map?
Flashcards
Threat Actor
Threat Actor
An individual or group who attempts to exploit vulnerabilities in a system for malicious purposes.
Attack Vector
Attack Vector
The methods used by a threat actor to gain access to a system.
Attack Surface
Attack Surface
The points in a network or application vulnerable to an attack.
Threat Intelligence
Threat Intelligence
Signup and view all the flashcards
Threat Intelligence Source
Threat Intelligence Source
Signup and view all the flashcards
Hacker (White Hat)
Hacker (White Hat)
Signup and view all the flashcards
Script Kiddie
Script Kiddie
Signup and view all the flashcards
Insider Threat
Insider Threat
Signup and view all the flashcards
TTPs (Tactics, Techniques, Procedures)
TTPs (Tactics, Techniques, Procedures)
Signup and view all the flashcards
IOC (Indicator of Compromise)
IOC (Indicator of Compromise)
Signup and view all the flashcards
Study Notes
Threat Actors and Attack Vectors
- Threat actors can be classified based on their attributes, including known threats versus adversary behaviors, internal/external, intent/motivation, maliciously targeted versus opportunistic, accidental/unintentional, and level of sophistication, resources, and funding.
Types of Threat Actors
- Hackers can be classified as white hats, black hats, or gray hats, and may be authorized or unauthorized.
- Script kiddies are novice hackers who use existing tools and scripts to launch attacks.
- Hacktivists are motivated by a desire for social or political change.
- State actors are highly sophisticated and attached to military or secret services.
- Advanced Persistent Threats (APTs) are highly targeted and motivated by espionage and strategic advantage.
- Criminal syndicates operate across legal jurisdictions and are motivated by criminal profit.
- Competitors may engage in cyber espionage and combine with insider threats.
- Insider threats can be malicious or unintentional, and may be motivated by sabotage, financial gain, or business advantage.
Attack Surface and Vectors
- Attack surface refers to the points where an attacker can discover or exploit vulnerabilities in a network or application.
- Attack vectors include direct access, removable media, email, remote and wireless, supply chain, web, and social media.
Threat Intelligence Sources
- Threat research sources include counterintelligence, tactics, techniques, and procedures (TTPs), threat research, academic research, analysis of attacks on customer systems, honeypots/honeynets, and dark nets and the dark web.
Threat Intelligence Providers
- Threat intelligence providers offer narrative analysis and commentary, reputation/threat data feeds, and platforms and feeds, including closed/proprietary, vendor websites, public/private information sharing centers, and open source intelligence (OSINT) threat data sources.
Other Threat Intelligence Research Sources
- Other sources include academic journals, conferences, Request for Comments (RFC), and social media.
Tactics, Techniques, and Procedures and Indicators of Compromise
- Tactics, Techniques, and Procedures (TTPs) include campaign strategy and approach, generalized attack vectors, and specific intrusion tools and methods.
- Indicators of Compromise (IoCs) include specific evidence of intrusion, individual data points, and correlation of system and threat data.
Threat Data Feeds
- Threat data feeds include Structured Threat Information expression (STIX), Trusted Automated Exchange of Indicator Information (TAXII), Automated Indicator Sharing (AIS), threat maps, file/code repositories, and vulnerability databases and feeds.
Artificial Intelligence and Predictive Analysis
- Artificial intelligence (AI) and machine learning (ML) can be used for correlation between security intelligence/event monitoring and threat data, and predictive analysis, including threat forecasting and monitoring "chatter".
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Discover the different types of threat actors and attack vectors, as well as the importance of threat intelligence in cybersecurity. Learn about the various threat actors, vectors, and intelligence sources.
