Cyber Threat Workshop

Integrating Threat Intelligence in Real Life

background image

Apps, APIs, and Notebooks for Insights throughout the SOC

In this Cyber Threat Workshop, we continue our Summer Camp Series by looking at easy ways to integrate and automate intelligence throughout your security operation. Often, threat intelligence is irrelevant, stale, and hard to make sense of for the extended security stack. But when intelligence connects to your real-world attack surface, it will illuminate insights that are highly relevant (related to your personal digital footprint) and actionable (facts from real-world observations).

Introduction: Internet Discovery
and Graphing

  • Internet Graphing and History
  • Introduction to Datasets
  • Infrastructure Chaining and Pivoting
  • Threat and Adversary Mapping
  • Common Apps, APIs, and Notebooks

Pipe Relevant Threat Intelligence
to Your Security Ecosystem

  • See an organization’s attack surface for relevant threats and exposures
  • Identify risks and vulnerabilities
  • Expand threat search from one to thousands
  • Identify relationships and related infrastructure, including depth indicators from certificates, banners, and NetFlow

Automate Monitoring, Watchlists,
and Threat Tracking

  • Identify adversaries by finding fingerprints and threat indicators
  • See where and how threats become entangled with your attack surface
  • Track threats by expanding to preferred systems, like SIEM, SOAR, XDR, EDR, and even firewall rules

Our team of security experts show how to leverage internet intelligence and smart graphing to pinpoint relationships within the global attack surface: you and others, good and bad, adversaries and allies. Once you can see and discover real-world threats, we transition to give an introduction to the apps, APIs, and notebooks commonly used to speed up investigations and enrich existing security systems with up-to-the-moment threat intelligence. By leveraging continuous tracking, you can identify threats that are most relevant to you and your attack surface, and quickly gain awareness by leveraging external intelligence with internal (network) telemetry.

Additionally, RiskIQ’s security pros share how to identify adversary-threat infrastructure and specific scripts and queries you can deploy for even faster results and rapid response.

Finally, you will learn how to identify the extended scope of threats and remediate vulnerabilities to global-scale attacks with live observations of CVEs and their current exploitation in the wild.

Hands-on labs and exercises show how to expose real-life malicious and/or risky applications, hosts, domains, and components from services to silicon—every layer of your exploitable attack surface.

Watch and Learn:

  • Introduction: Security Intelligence
  • Techniques for cyber threat analysis and management
  • How to leverage attack surface intelligence for faster threat investigations and response
  • Real-world use cases with hands-on exercises, labs, and investigations