Network traffic analysis for IR: Threat intelligence collection and analysis
Introduction
While any security professional can call themselves an analyst, the full scale and scope of the cyber-threat intelligence analyst is often underestimated. Especially when paired with other cyber-incident response and detection tools and programs, the practice of cyber-threat intelligence can help organizations to track, identify and deal with increasingly sophisticated threats against their business. While malware is the tool, the real threat is a human one and a cyber-threat analyst can use network traffic analysis and other data sources to establish methods to counter human threats and bolster their organization’s defenses.
On a day-to-day basis, cyber-threat intelligence can help network defenders to understand failed and successful methods employed by adversaries, supply that and other information to security operations professionals, and provide actionable data to incident response teams to assist in scoping, mapping and responding to intrusions. In other words, cyber-threat intelligence based on both network traffic and other data sources can help organizations to prioritize their risk and inform all aspects of their security programs.
So just what does cyber-threat intelligence entail and what is its role in incident response? This article will explore these topics while also laying a foundation for the practice itself.
Cyber-threat intelligence overview
Cyber-threat intelligence can be both a complex and a simple concept. At its core, cyber-threat intelligence means the analysis of the information relating to cyberthreats, both real and potential. This information can include the source of the threat, the type of technical threat, its delivery method, the damage it can or has caused, and many other pieces.
Because it is impossible for any one organization to understand the full scale of modern cyberactors, cyber-threat intelligence analysts combine their own organizational data — ranging from network traffic to risk and vulnerability reports — with data shared by governments, private businesses and (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Patrick Mallory. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/TBzwq7edEms/
