Threat actors
- Advanced persistent threat
(APT) - Hacktivists
- Organized crime
- Nation-state
- Script kiddie
- Insider threat
o Intentional
o Unintentional - Supply chain
• Tactics, techniques, and
procedures (TTP)
• Confidence levels - Timeliness
- Relevancy
- Accuracy
• Collection methods and sources - Open source
o Social media
o Blogs/forums
o Government bulletins
o Computer emergency
response team (CERT)
o Cybersecurity incident
response team (CSIRT)
o Deep/dark web - Closed source
o Paid feeds
o Information sharing
organizations
o Internal sources
• Threat intelligence sharing - Incident response
- Vulnerability management
- Risk management
- Security engineering
- Detection and monitoring
• Threat hunting - Indicators of compromise (IoC)
o Collection
o Analysis
o Application - Focus areas
o Configurations/
misconfigurations
o Isolated networks
o Business-critical assets
and processes - Active defense
- Honeypot