2. #root@charlie~: whoami
☞ Name: Deep Shankar Yadav
☞ Work: Principal Consultant - eSec Forte Technologies
☞ Community Involvement:
☞ Chapter Co-Leader – OWASP Delhi
☞ Director - Research – CDFISR
☞ Sr. Research Fellow – Cyber Peace Foundation (e-Kawach)
☞ Tech Lead – Indian Honeynet Project
☞ Focus Areas: Incident Response, Digital Forensics, DevSecOps, Cloud
Security, Container Security, Security Automation, Threat
Intelligence, SASE, Enterprise Security Management, ….
3. Agenda
• What is Intelligence?
• Types of Intelligence?.
• What is Cyber Threat Intelligence?
• CTI – Sources.
• CTI – Use Cases
• Career Opportunities
#GPCSSI2021
5. Data: Raw Reports, News, Images and Broadcasts
Information: Collected Data of of Generic Interest
Intelligence: Concisely tailed answer reflecting a deliberate process of
discovery process of discovery, discrimination, distillation and delivery of data
precisely suited to needs.
(Intelligence is information that has been analysed and refined so that it is
useful of policymaker in making decisions – specifically decisions about
potential threats.)
#GPCSSI2021
6. Types of Threat Intelligence
• HUMINT: Human Intelligence
• SIGINT – Signal Intelligence
• MSINT – Measurement and Signature Intelligence
• OSINT – Open Source Intelligence
• Cyber Threat Intelligence
#GPCSSI2021
9. Cyber Threat Intelligence
Evidence-based knowledge, including context, mechanisms, indicators,
implications and ACTIONABLE advice about an existing or emerging menace or
hazard to assets that can be used to inform decisions regarding the subject’s
response to that menace or hazard. – Gartner
#GPCSSI2021
10. Cyber Threat Intelligence
• Who is out there (and after me)?
• What are their capabilities?
• What are their intentions?
#GPCSSI2021
11. Cyber Threat Intelligence : Philosophy
KEEP YOUR FRIENDS CLOSE AND YOUR ENEMIES CLOSER
- Don Corleone (The Godfather)
#GPCSSI2021
13. Types of Cyber Threat Intelligence
• Strategic — Broader trends typically meant for a non-technical audience.
• Tactical — Outlines of the tactics, techniques, and procedures of threat
actors for a more technical audience
• Operational — Technical details about specific attacks and campaigns
#GPCSSI2021
15. Threat Intelligence Lifecycle
CTI, instead of being an end-to-end process, is a
cyclical process, referred to as the intelligence cycle.
The requirements for the cycle is planning and
collection of data, analysis of results, production of
intelligence from the results, dissemination of the
intelligence, and re-evaluation of the intelligence in
the context of new information and feedback.
#GPCSSI2021