Cyber Threat Intelligence Analysis
This five (5)-day Instructor-Led Training (ILT) course teaches network defenders to collect, analyze and apply targeted cyber intelligence to defensive operations in order to proactively act on and adapt to sophisticated and dedicated attacks by cyber adversaries. As malicious software incorporates more advanced counter-detection techniques, the limited signature and heuristic analysis capabilities of anti-virus software and Intrusion Detection and Prevention Systems (IDS/IPS) become less and less effective. White-listing and sandboxing technologies have proven to mitigate many host-based attacks, but additional methodologies of analysis and attribution of known and unknown APT actors are needed to positively identify and prioritize the most formidable threats to the network. This course applies the Intelligence Cycle to the full-spectrum exercise of proactive network defense. It is intended as the core competency of Threat Intelligence operations and as the precursor to additional technical intelligence collection courses. It further serves to provide students with the all-source methodology of employing cyber collection sources and disciplines in a cumulative effort to apply to network defensive postures. When properly employed, this process fosters a cyber environment of preemptive action and provides network defenders and operators with an understanding of the tools, techniques and procedures (TTPs) needed to generate the timely and relevant intelligence that is required to preemptively apply network fortifications before compromise and to respond to cyber events in an expeditious manner.
Students will learn how to apply all-source cyber intelligence-informed operational
methodologies, including proactive cyber analysis, to accurately identify risks from
specific threats. This is delivered through method-driven instruction of Intelligence
Analysis techniques taught by experienced Intelligence Community (IC) professionals. The
instructors will teach the intelligence-driven operations cycle – data collection,
exploitation, analysis, reporting and dissemination – to develop the student’s methods
of identifying threats and assessing and prioritizing risk. Students will be introduced
to cyber intelligence sourcing, risk management and assessment, indicators of
compromise, application and assessment of adversarial profiles and TTPs to proactively
The principle objective of this course is to equip network defenders, intelligence analysts, and other security operations personnel with a modern methodology to characterizing, investigating, attributing, and responding to advanced cyber threats in a collaborative, real-time environment. Students should expect to leave this course with proficiency in intelligence-driven network defense operations.
MODULES IN THIS COURSE
• Module 1: Introduction To Threat Intelligence
• Module 2: Planning & Requirements
• Module 3: Collection & Exploitation Operations
• Module 4: Analysis, Reporting & Dissemination
• Module 5: Culmination Exercise
Individuals that are tasked with network defense, internal risk assessment or the analysis of cyber threats to their respective organizations network.
There are no required prerequisites for course attendance, but students will benefit from possessing a relative working knowledge of network defenses and networking.
40 hours of course work, ideally delivered over 5 consecutive business days of a week.
Course includes a certificate of attendance.