Security + Topic 2B: Explain threat intelligence sources; Lesson 2: Explaining threat actors and threat intelligence

¡Supera tus tareas y exámenes ahora con Quizwiz!

What is the dark net?

A network established as an overlay to Internet infrastructure by software that acts to anonymize usage and prevent a third-party from knowing about the existence of the network or analyzing any activity taking place over the network.

What is the dark web?

Any part of the world wide web that is not indexed by a search engine

You are assessing whether to join AIS. What is AIS and what protocol should your SIEM support in order to connect to AIS servers?

Automated Indicator Sharing (AIS) is a service offered by the Department of Homeland Security (DHS) for participating in threat intelligence sharing. AIS uses the Trusted Automated eXchange of Indicator Information (TAXII) protocol as a means of transmitting CTI data between servers and clients.

What does AIS stand for?

Automated indicator sharing

The outputs from the primary research undertaken by security solutions providers and academics can take three main forms, what are these forms?

Behavioral threat research, reputational threat intelligence, threat data

TAXII data pushed to subscribers is called what?

Channel

TAXII data requested by the client is called what?

Collection

What does CVE stand for?

Common Vulnerabilities and Exposures

Threat data is also known as what?

Cyber threat intelligence (CTI) data

You are consulting on threat intelligence solutions for a supplier of electronic voting machines. What type of threat intelligence source would produce the most relevant information at the lowest cost?

For critical infrastructure providers, threat data sharing via an Information Sharing and Analysis Center (ISAC) is likely to be the best option.

Within TTP, describe techniques

Generalized attack vectors

What does IoC stand for?

Indicator of Compromise

What does ISAC stand for?

Information Sharing and Analysis Centers

What is Common Vulnerabilities and Exposures (CVE)?

It is a list of vulnerabilities that are stored in databases

Define Trusted Automated eXchange of Indicator Information (TAXII)

It is a protocol that provides a means for transmitting CTI data between servers and clients.

What is an indicator of compromise (IoC)?

It is a residual sign that an asset or network has been successfully attacked or is continuing to be attacked. Put another way, and IoC is evidence of a TTP.

What is automated indicator sharing (AIS)?

It is a service offered by the department of homeland security for companies to participate in threat intelligence sharing.

What is a threat map?

It is an animated graphic showing the source, target, and type of attacks that have been detected by a CTI platform.

Describe the function of ISAC's

It is public and private information sharing centers, in many critical industries, that have been set up to share threat intelligence and promote best practice.

What is reputational threat intelligence?

It's a list of IP addresses and domains associated with malicious behavior, plus signatures of known file based malware

What does OSINT stand for?

Open Source Intelligence

Your CEO wants to know if the company's threat intelligence platform makes effective use of OSINT. What is OSINT?

Open source intelligence (OSINT) is cyber security relevant information harvested from public websites and data records. In terms of threat intelligence specifically it refers to research and data feeds that are made publicly available.

Define Structured Threat Information Expression (STIX)

Provides the framework and standard terminology for IOC's and ways of indicating relationships between them. Provides the syntax for describing CTI.

Within TTP, describe procedures

Specific intrusion tools and methods

Within TTP, define tactics

Strategy and approach

What does STIX stand for?

Structured Threat Information eXpression

Threat research is a counter intelligence gathering effort in which security companies and researchers attempt to discover the TTP's of modern cyber adversaries. What is TTP?

Tactics, techniques, procedures

What does TAXII stand for?

Trusted Automated eXchange of Indicator Information


Conjuntos de estudio relacionados

Speed, Agility, and Quickness Training Concepts

View Set

Module Two: Key Actors and Ideas on the World Stage

View Set

growth and development going to level 2

View Set

CISS 120 - Module 6: Data Link Layer

View Set

Abeka 5th Grade, History Quiz 18 (Geog. Facts 8-10) Nine Weeks

View Set