CERTIFIED THREAT INTELLIGENCE (TI) ANALYST

CERTIFIED THREAT INTELLIGENCE (TI) ANALYST

Summary

Location

Location

Malaysia

Duration

Duration

5 Days
Format

Format

Public Class

Public Class

Explore the World of Threat Intelligence

In the dynamic landscape of cybersecurity, staying ahead of threats is paramount. Our Certified Threat Intelligence (TI) Analyst course equips you with the knowledge and skills to not just keep pace but to proactively defend against evolving cyber risks.

Unveiling the Power of Threat Intelligence

Threat intelligence is the heartbeat of modern security. In this 5-day, 35-hour instructor-led program, you’ll delve into the world of security threats, attack methodologies, and the intricate dance between cybercriminals and defenders. But we don’t just stop at theory. You’ll gain hands-on experience, uncovering the latest attacks, understanding attacker techniques, and learning how to respond effectively. This knowledge isn’t just about career enhancement; it’s your ticket to being the guardian of your organization’s digital realm.

Your Career Catalyst

Whether you’re a cybersecurity analyst, SOC expert, or a newcomer to the world of network security, this course is your game-changer. With a deep understanding of threat intelligence, the MITRE ATT&CK Framework, and practical setup of a Threat Intel Framework, you’ll be the go-to professional for identifying, countering, and mitigating cyber threats. Don’t just navigate the cybersecurity landscape; lead the way with our Certified Threat Intelligence (TI) Analyst course.

Take your career to the next level. Enroll now and become the guardian your organization needs in an increasingly digital world.

Course Details

Duration: 5 days; / 35 hours; Instructor-led/ remote online training

Audience

  • Cybersecurity Analysts
  • SOC Analysts
  • Threat Intel Analysts
  • Network and Security Administrators, Network and Security Engineers, Network Defense Analyst, Network Defense Technicians, Network Security Specialist, Network Security Operator, and any security professional handling network security operations
  • Entry-level cybersecurity professionals
  • Professionals newly recruited into a SOC / TI team without prior experience

Prerequisites

The growth and sophistication of cyber-attacks against enterprises and individuals have rendered traditional cybersecurity measures virtually obsolete. The headlines are seemingly endless; companies continue to get compromised, while those responsible for securing corporate networks fall on their swords. Cybercriminals – smart, highly organized, and driven by financial motivations and/or strongly-held personal beliefs – only need to find a single vulnerability to exploit. On the other side, those endeavouring to protect assets need to set up flawless defenses. It’s impossible to defend against every possible exploit and threat vector.

Methodology

This program will be conducted with interactive lectures, PowerPoint presentation, discussion and practical exercise.

Course Objectives

  • Gain in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber kill chain.
  • Understand the MITRE ATT&CK Framework and Able to identify attacker techniques, tactics, and procedures (TTP) to investigate on indicators of compromise (IOCs) and provide automated / manual responses to eliminate the attack/incident.
  • Able to understand the concepts of Threat Intelligence and gain in-depth knowledge on how to integrate Threat Intelligence with the SIEM, SOAR, EDR and other SOC technologies to reduce the Mean time to Detect (MTTD) and Mean time to Respond (MTTR)
  • Able to Understand and learn how to setup a Threat Intelligence Framework and platform for your organization and consume community and commercial feeds to understand attacks and defend your organization from future attacks.
  • Gain in-depth knowledge on Malware Information Sharing Platform (MISP) and learn to setup a working instance with configurations and integrations that can be used immediately in your organisation.
  • Gain knowledge of Incident Response Methodology, processes and in-depth knowledge on how to integrate Threat Intelligence processes with Incident Response processes using HIVE and learn how to automate them as a single workflow.

Outlines

  • Objective: Gain in-depth knowledge of Threat Intelligence, types, life cycle, different sources of intelligence feeds, and threat intelligence frameworks
  • Outcome: Attendees will learn in-detail about Threat Intelligence and its ecosystem.
    • Understanding Threats, Threat Modeling and Risk
    • What is Threat Intelligence
    • Need for Threat Intelligence
    • Benefits of Threat Intelligence
    • Types of Threat Intelligence
    • Threat Intelligence Life Cycle
    • Sources of Threat Intelligence
    • Technologies contributing to Threat Intelligence ( SIEM, EDR, Log Sources )
    • Threat Intelligence & SOC
    • Incident Response & Threat Intelligence
    • Applications of Threat Intelligence
    • Threat Intelligence Frameworks ( CIF, MISP, TAXII)
    • Role of Threat Intelligence Analyst & Threat Hunters
  • Objective: Understand all the latest attacks with its IOCs. Understand the MITRE ATT&CK Framework and able to identify attacker techniques, tactics, and procedures (TTP) to investigate on indicators of compromise (IOCs) and provide automated / manual responses to eliminate the attack/incident.
  • Outcome: Attendees will learn in-detail about latest attacks and its IOCs with 9 Hands-on labs. Attendees will learn MITRE ATT&CK Framework, will be able to identify attacker techniques, tactics, and procedures (TTP), and investigate on IOCs and provide automated / manual responses to eliminate the attack/incident
    • What is Security, Vulnerabilities & O-Days, Attack life Cycle, Different Attack Vectors
    • Threats Vs. Risks, Why Perimeter defenses are failing? Why Anti-Virus is not enough?
    • Introduction to Cyber Kill Chain
    • Indicators of Compromise (IOC) & IOC Sources (OTX, MISP)
    • Business Email Compromise (BEC) (Lab) with Indicators of Compromise
    • Ransomware (Lab) with Indicators of Compromise
    • Advanced Persistent Threat (Lab) with Indicators of Compromise
    • File-less Malwares (Lab) with Indicators of Compromise
    • Mobile Malwares (Lab) with Indicators of Compromise
    • Web Data Breach (Lab) with Indicators of Compromise
    • Malvertising (Lab) with Indicators of Compromise
    • Social Media based attacks (Lab) with Indicators of Compromise
    • Password based attacks (Password Stuffing, Account Takeover, Phishing, etc) (Lab)
    • What is MITRE ATT&CK Framework ?
    • Tactics, Techniques and Procedures (TTP)
    • Threat Actors
    • ATT&CK Navigator
    • The ThreatHunter-Playbook
    • Atomic Red Team Library
    • Threat-Based Adversary Emulation with ATT&CK
    • Behavioral-based analytic detection using ATT&CK
    • Mapping to ATT&CK from Raw Data – Lab.
    • Storing and analyzing ATT&CK-mapped intel
  • Objective: Understand Threat Intel Framework, Threat Intel Open source Feeds, Dark web feeds, Public Feed, Yara & EDR Feeds, and Commercial Feeds
  • Outcome: Attendees will learn Threat Intel Framework and all technical details of Open source, Dark web, public, yara, edr, and commercial threat intelligence feeds
    • Enterprise Threat Landscape Mapping
    • Scope & Plan Threat Intel Program
    • Setup Threat Intel Team
    • Threat Intelligence Feeds, Sources & Data Collections
    • Open source Threat Intel Collections (OSINT and more)
    • Dark Web Threat Intel Collections
    • SIEM / Log Sources Threat Intel Collections
    • Pubic Web data Threat Intel Collections ( Maltego, OSTrICa, and more)
    • Threat Intel collections with YARA
    • EDR Threat Intel Collections
    • Incorporating Threat Intel into Incident Response
    • Threat Intel & Actionable Contextual Data
    • Commercial Threat Intel Feed Providers ( RecordedFuture, BlueLiv, etc. )
    • Commercial Threat Intel Platforms ( Anamoli, DigitalShadows, etc. )
  • Objective: Gain in-depth knowledge on Malware Information Sharing Platform (MISP) and learn to setup a working instance with configurations and integrations that can be used immediately in your organisation
  • Outcome: Attendees will be able to setup Malware Information Sharing Platform (MISP) with configurations and feed integrations that can be used immediately in organisation
    • MISP Project Overview
    • MISP Features & Use cases
    • Events, Objects and Attributes in MISP
    • MISP Data model & Core data structure
    • MISP – Creating and populating events
    • MISP – Distribution and Topology
    • Information Sharing and Taxonomies
    • MISP Galaxy
    • MISP Object Templates
    • MISP Deployment and Integrations
    • Normalizing OSINT and other community & Private Feeds
    • SIEM and MISP Integration
    • Incident Response and threat hunting using MISP
    • Viper and MISP
    • MISP Administration
    • MISP feeds – A simple and secure approach to generate, select and collect intelligence
    • MISP and Decaying of Indicators
    • Workflow of a security analyst using Viper as a management console for malware analysis
  • Objective: Gain knowledge of Incident Response Methodology, processes and in-depth knowledge on how to integrate Threat Intelligence processes with Incident Response processes using HIVE and learn how to automate them as a single workflow
  • Outcome: Attendees will be able to setup HIVE and integrate it with MISP and setup an automated & integrated work flow for malware analysis.
    • Introduction to Incident Response
    • Incident Response & Handling Methodology
    • MISP & HIVE Integrations
    • HIVE Implementation
    • Malware Analysis Use case using MISP & HIVE

Trainers

Reviews

Interested In

CERTIFIED THREAT INTELLIGENCE (TI) ANALYST

Starting From
RM5500
Class Type
Private, Public

Why Us

Variety of Courses

Variety of Courses

Customizable Class

Customizable Class

Consultants Facilitate

Consultants Facilitate

HRDF Claimable

HRDF Claimable

Professional Certifications

Professional Certifications

Free Chat to Get Quote

Free Chat to Get Quote

Related Courses

Book Now

Course Name: CERTIFIED THREAT INTELLIGENCE (TI) ANALYST
Duration: 5 Days
Class Type *
Intake Date *
First Name *
Last Name *
Email *
Contact No. *
Pax *
Total Price: RM
0.00

Enquire Now

Course Name *
Name *
Email *
Contact No. *
Enquiry For
Company Name *
Job Position *
Message *

Download Details

Name *
Email *
Contact No. *