NTU Cyber Threat Intelligence Lifecycle Analysis PDF
Document Details
Uploaded by CooperativeJacksonville
Nanyang Technological University
2024
Tags
Summary
This presentation from Nanyang Technological University (NTU) in Singapore discusses the lifecycle of cyber threat intelligence analysis. The analysis covers structured analytic techniques, common models, observable analysis, and attribution. The presentation is part of a FlexiMasters course in cybersecurity and digital trust.
Full Transcript
Cyber Threat Intelligence Lifecycle Analysis ©2024 Mastercard. Proprietary and Confidential FlexiMasters in Cybersecurity and Digital Trust Copyright 2024 Mastercard The information provided herein by Mastercard (the “Presentation”), as well as al...
Cyber Threat Intelligence Lifecycle Analysis ©2024 Mastercard. Proprietary and Confidential FlexiMasters in Cybersecurity and Digital Trust Copyright 2024 Mastercard The information provided herein by Mastercard (the “Presentation”), as well as all materials, concepts, processes and methodologies employed by Mastercard or a Mastercard supplier in connection with the Presentation, are and will remain the sole and exclusive property of Mastercard (or such Mastercard Supplier). Mastercard hereby grants to meeting participants a limited, non-exclusive right to use the Presentation without the right to assign, transfer or sublicense the Presentation in any way. The Presentation is confidential, provided for informational, non-commercial purposes only. The recipient may use the Presentation for its own internal business purposes. Except with the prior written permission of Mastercard, the Presentation shall not be used for any other purpose and shall not be published or disclosed to third parties, in whole or part. Mastercard makes no warranties concerning the Presentation and disclaims all express and implied warranties to the extent permitted by law, including but not limited to ay implied warranty of merchantability, course of dealing, or fitness for a particular purpose. Recipient is responsible for its use of the Presentation, and Mastercard assumes no responsibility or liability with respect thereto. In addition, all meeting participants are reminded that this meeting must adhere to competition law rules and, as such, no confidential or commercially sensitive information ought to be shared directly or indirectly between competitors. If any member feels that a discussion includes prohibited topics, they should raise an objection immediately as to stop discussion on such matter pending advice regarding the application of competition law. Agenda Structured Analytic Techniques - Analysis of Competing Hypotheses (ACH) - Signposts of Change Analysis - Cross Impact Matrix - Bonus: Threatcasting Common Models and Analytic Frameworks - Kill Chain - Diamond Model - MITRE ATT&Ck Analyzing Observables and Indicators 3 Intro to Attribution Analysis Dissemination Requirements & Feedback & Planning Analysis includes all processes, methodologies, and tools used to derive assessments and produce finished intelligence products and services As a reminder, Production will be covered in the next Analysis & module. Collection Production Processing & Ingestion 4 Intro: Contextual Cyber Threat Intelligence ©2024 Mastercard. Proprietary and Confidential 5 APRIL 5, 2024 Intro: Contextual Cyber Threat Intelligence ©2024 Mastercard. Proprietary and Confidential 6 APRIL 5, 2024 Structured Analytic Techniques (SATs) Analysis of Signposts of Competing Change Analysis Hypotheses (ACH) Bonus: Cross Impact ©2024 Mastercard. Proprietary and Confidential Threatcasting Matrix 7 FEBRUARY 28, 2024 SATs: Analysis of Competing Hypotheses (ACH) ©2024 Mastercard. Proprietary and Confidential 8 FEBRUARY 28, 2024 SATs: Signposts of Change Analysis ©2024 Mastercard. Proprietary and Confidential 9 FEBRUARY 28, 2024 10 SATs: Cross-Impact Matrix FEBRUARY 28, 2024 ©2024 Mastercard. Proprietary and Confidential SATs: Reading Assignment Reading Assignment: Structured Analytic Techniques for Improving Intelligence Analysis ©2024 Mastercard. Proprietary and Confidential 11 FEBRUARY 28, 2024 Bonus: Threatcasting Reading Assignments: What the Heck is Threatcasting? Arizona State University Threatcasting Lab Threatcasting at Mastercard ©2024 Mastercard. Proprietary and Confidential 12 FEBRUARY 28, 2024 Common Models and Analytic Frameworks 1 2 3 Kill Chain Diamond MITRE Model ATT&CK ©2024 Mastercard. Proprietary and Confidential 13 FEBRUARY 28, 2024 14 Kill Chain FEBRUARY 28, 2024 ©2024 Mastercard. Proprietary and Confidential Kill Chain Case Study Reading Assignment: The Kill Chain Paper Command & Actions on Reconnaissance Weaponization Delivery Exploitation Installation Control Objectives ©2024 Mastercard. Proprietary and Confidential Attack Detected 15 FEBRUARY 28, 2024 Diamond Model Reading Assignment: The Diamond Model of Intrusion Analysis ©2024 Mastercard. Proprietary and Confidential 16 FEBRUARY 28, 2024 MITRE ATT&CK® Assignments: Get Started | MITRE ATT&CK® Putting MITRE ATT&CK into Action with What You Have, Where You Are presented by Katie Nickels (youtube.com) ©2024 Mastercard. Proprietary and Confidential 17 FEBRUARY 28, 2024 Analyzing Observables and Indicators ©2024 Mastercard. Proprietary and Confidential 18 FEBRUARY 28, 2024 Intro to Attribution Assignments: A Brief History of Attribution Mistakes - SANS CTI Summit 2019 (youtube.com) Threat Intelligence Naming Conventions: Threat Actors, & Other Ways of Tracking Threats (youtube.com) What a Cluster! How Industry Groups and Names Threat Activity Clusters ©2024 Mastercard. Proprietary and Confidential 19 FEBRUARY 28, 2024 Conclusion Structured Analytic Techniques Analysis of Competing Hypotheses (ACH) Signposts of Change Analysis Cross Impact Matrix Bonus: Threatcasting Common Models and Analytic Frameworks Kill Chain Diamond Model MITRE ATT&CK ©2024 Mastercard. Proprietary and Confidential Analyzing Observables and Indicators Intro to Attribution 20 FEBRUARY 28, 2024 Questions? Sharon Flategraff: [email protected] 21 2 1