IReV4.0: Certified Threat Intelligence Analyst (CTIA) | IT Training & Certification | Info Trek
Respect Your Dreams
Follow through on your goals with courses

IReV4.0: Certified Threat Intelligence Analyst (CTIA)

Location

Format What’s this?
  1. 5 Days
  1. All of our private classes are customized to your organization's needs.
  2. Click on the button below to send us your details and you will be contacted shortly.
Request more information

Inquiry for: Myself    My Company

By providing your contact details, you agree to our Privacy Policy

 

 

 

Thank You

Our learning consultant will get back to you in 1 business day

IReV4.0: Certified Threat Intelligence Analyst (CTIA)

WHAT YOU WILL LEARN

The growth and sophistication of cyber-attacks against enterprises and individuals have rendered traditional cybersecurity measures virtually obsolete. The headlines are seemingly endless; companies continue to get compromised, while those responsible for securing corporate networks fall on their swords. Cybercriminals – smart, highly organized, and driven by financial motivations and/or strongly-held personal beliefs – only need to find a single vulnerability to exploit. On the other side, those endeavouring to protect assets need to set up flawless defences. It’s impossible to defend against every possible exploit and threat vector.


Threat Intelligence is defined by Gartner as “evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject’s response to that menace or hazard.”


Threat Intelligence enables Businesses to provide the best possible defense against the most probable threats. It includes in-depth information about specific threats to help an organization protect itself from the types of attacks that could do them the most damage


With Intelligence and Automation equipping cybercriminals to conduct targeted and stealth attacks and we on the other side of the line have serious shortfalls on sharing intelligence. Threat Intelligence sharing are generally done within government agencies, Critical National Infrastructure organisations and it is NOT shared with the industry and vice versa. There is always a disconnect on intelligence sharing between government and corporations.


This workshop introduces attendees with the basics concepts of Threat Intelligence and take them thru the entire process of setting up a Threat Intel



Platform using MISP to consume all the intelligence from around 80+ global community feeds and also enables the attendees to share intelligence on malwares and attacks back to the community. This workshop also enables the attendees to integrate Threat Intelligence with their existing SIEM and other defense products.


AUDIENCE

• Cybersecurity analysts

• Soc analysts

• Threat intel analysts

• Network and security administrators

• Network and security engineers

• Network defense analyst

• Network defense technicians

• Network security specialist

• Network security operator, and any security professional handling network security operations

• Entry-level cybersecurity professionals

• Professionals newly recruited into a SOC / TI team without prior experience


METHODOLOGY

This program will be conducted with interactive lectures, PowerPoint presentation, discussion and practical exercise.

COURSE OBJECTIVES

• Gain in-depth knowledge of security threats, attacks, vulnerabilities, attacker’s behaviors, cyber kill chain.

• Understand the MITRE ATT&CK Framework and Able to identify attacker techniques, tactics, and procedures (TTP) to investigate on indicators of compromise (IOCs) and provide automated / manual responses to eliminate the attack/incident.

• Able to understand the concepts of Threat Intelligence and gain in-depth knowledge on how to integrate Threat Intelligence with the SIEM, SOAR, EDR and other SOC technologies to reduce the Mean time to Detect (MTTD) and Mean time to Respond (MTTR)

• Able to Understand and learn how to setup a Threat Intelligence Framework and platform for your organization and consume community and commercial feeds to understand attacks and defend your organization from future attacks.

• Gain in-depth knowledge on Malware Information Sharing Platform (MISP) and learn to setup a working instance with configurations and integrations that can be used immediately in your organisation.

• Gain knowledge of Incident Response Methodology, processes and in-depth knowledge on how to integrate Threat Intelligence processes with Incident Response processes using HIVE and learn how to automate them as a single workflow.


Expand All

Modules

Module 1: Introduction to Threat Intelligence

• Understanding threats, threat modelling and risk

• What is threat intelligence

• Need for threat intelligence

• Benefits of threat intelligence

• Types of threat intelligence

• Threat intelligence life cycle

• Sources of threat intelligence

• Technologies contributing to threat intelligence (SIEM, EDR, Log Sources)

• Threat Intelligence & SOC

• Incident response & threat intelligence

• Applications of threat intelligence

• Threat intelligence frameworks (CIF, MISP, TAXII)

• Role of threat intelligence analyst & threat hunters


Module 2: Technical Deep Dive on Latest Attacks

• What is security, vulnerabilities & O-days, attack life cycle, different attack vectors

• Threats vs. Risks, why perimeter defense are failing? Why anti-virus is not enough?

• Introduction to cyber kill chain

• Indicators of compromise (IOC) & IOC sources (OTX, MISP)

• Business email compromise (BEC) (lab) with indicators of compromise

• Ransomware (lab) with indicators of compromise

• Advanced persistent threat (lab) with indicators of compromise

• File-less malwares (lab) with indicators of compromise

• Mobile malwares (lab) with indicators of compromise

• Web data breach (lab) with indicators of compromise

• Malvertising (lab) with indicators of compromise

• Social media-based attacks (lab) with indicators of compromise

• Password based attacks (password stuffing, account takeover, phishing, etc) (lab)

• What is mitre ATT&CK framework?

• Tactics, techniques and procedures (TTP)

• Threat actors

• ATT&CK navigator

• The threat hunter-playbook

• Atomic red team library

• Threat-based adversary emulation with ATT&CK

• Behavioral-based analytic detection using ATT&CK

• Mapping to ATT&CK from raw data – lab

• Storing and analysing ATT&CK-mapped intel


Module 3: Setting up Threat Intel Framework

• Enterprise threat landscape mapping

• Scope & plan threat intel program

• Setup threat intel team

• Threat intelligence feeds, sources & data collections

• Open source threat intel collections (OSINT and more)

• Dark web threat intel collections

• SIEM / log sources threat intel collections

• Pubic web data threat intel collections (maltego, ostrica, and more)

• Threat intel collections with YARA

• EDR threat intel collections

• Incorporating threat intel into incident response

• Threat intel & actionable contextual data

• Commercial threat intel feed providers (recordedfuture, BLUELIV, etc.)

• Commercial threat intel platforms (anamoli, digitalshadows, etc.)


Module 4: Malware Information Sharing Platform (MISP)

• MISP project overview

• MISP features & use cases

• Events, objects and attributes in MISP

• MISP data model & core data structure

• MISP - creating and populating events

• MISP - distribution and topology

• Information sharing and taxonomies

• MISP galaxy

• MISP object templates

• MISP deployment and integrations

• Normalizing OSINT and other community & private feeds

• SIEM and MISP integration

• Incident response and threat hunting using MISP

• Viper and MISP

• MISP administration

• MISP feeds - a simple and secure approach to generate, select and collect intelligence

• MISP and decaying of indicators

• Workflow of a security analyst using viper as a management console for malware analysis


Module 5: Cybersecurity Incident Response

• Introduction to incident response

• Incident response & handling methodology

• MISP & hive integrations

• HIVE implementation

• Malware analysis use case using MISP & HIVE


Clement Arul

Clement Arul

A professional who believes that adaptability of security is directly equal to the affordability of security products, services and trainings. Started creating security products, services and trainings and certifications that are affordable as well as be part of the team in creation Nation Cyber Security Frameworks.Clement is also a two-time recipient award of National Award from Govt of Malaysia: Cyber Security Professional of the Year in 2017 and 2014 as well as a three-time Regional Award winner of Cyber Security Professional of the Year Asia and APAC in 2020, 2019 and 2017. He was also awarded as APAC Cyber Security Educator of the Year in 2020 and 2019. Read More

Course Reviews

No Remarks

0

0 Ratings