C Y B E R T H R E AT I N T E L L I G E N C EJ U L I E M U R P H Y

W H AT I S C Y B E R T H R E AT I N T E L L I G E N C E ?

Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently,

“intelligence is not a data feed or something that comes from a tool” but actionable information that answers a knowledge gap

SANS, 2018

I N F O R M AT I O N V I N T E L L I G E N C E

Raw Processed

Unevaluated Evaluated And Interpreted

All Sources Reliable Sources

Unknown Data IntegrityComplete, Accurate, Relevant,

Timely

Not Actionable Actionable

Enisa, 2016

C AT E G O R I S I N G C Y B E R T H R E AT I N T E L L I G E N C E

• IP’s, signatures, logs, URL’s

• Tactics, techniques and procedures

• Financial implications / Business impact

T H R E AT S

What We Know

What We Know We Don’t Know

What We Don’t Know We Don’t Know

Bromiley, 2016

K N O W L E D G E

‘Intelligence’ is described as information and knowledge acquired about an adversary through means of observation, followed by investigation, analysis and understanding.

Waltz, 1998

E M E R G I N G T H R E AT S

: https://www.accessnow.org/doubleswitch-attack/

B R E X I T

https://www.independent.co.uk/news/uk/home-news/brexit-nhs-350m-a-week-eu-change-britain-gisela-stuart-referendum-bus-a7236706.html

https://news.sky.com/story/ministers-forced-to-publish-leaked-brexit-impact-study-11230715

https://www.independent.co.uk/news/uk/politics/brexit-latest-live-updates-finances-money-worse-off-

article-50-a7468411.html

T R U M P

http://uk.businessinsider.com/donald-trump-trademarked-make-america-great-again-2015-5?r=US&IR=T

Y O U C A N ’ T ‘ U N S E E ’ S O M E T H I N G

• Hashtag poisoning

• Positive, negative and neutral posts

• Targeting individuals

• Trolling and harassment

• Multiple channels

• False reports of malicious accounts

S A M P L E TA C T I C S

I T TA K E S A V I L L A G E T O R A I S E A C H I L D

Cyber threat intelligence (CTI) is the analysis of an adversary’s motives, capability and opportunity to illicit harm consequently, “intelligence is not a data feed or something that comes from a tool” but actionable information that answers a knowledge gap

‘Intelligence’ is described as information and knowledge acquired about an adversary through means of observation, followed by investigation, analysis and understanding.

Communication Multi-disciplinary

From the top Intelligence led

Security Maturity = Key Selling Point

Intelligence requires context and anticipation of future situations to inform decisions by identifying an available course of action

http://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp2_0.pdf

T H E R E S P O N S E D E T E R M I N E S T H E I M PA C T

?