Threat Intelligence Series: From Zero to Hero. Session 1.

Session 1: Threat Intell and Mitre Att&ck 101

Background to the “TI Series: From Zero to Hero”

1st Meeting. Threat Intel & Sharing – South Chapter Best Practices (9th September)

Threat intelligence (TI) is becoming increasingly important for organisations and a popular feature in cyber security programs. We ran our first Threat Intel Webinar on September 9^th 2020 to explore, through a combination of panel speakers followed by audience participation, best practices on how Members are both gathering TI and how they approach sharing or accessing that intelligence. Three presentations were made from a software, hardware & OT security perspectives.

Attendees were surveyed to understand their level of knowledge and key topics of interest and we found that: 54% of attendees are “Beginners”, 34% are “Intermediate” and 10% are “Advanced” when it comes to understanding and experience of TI.

The top 4 topics of interest are:

1. Custom developed solutions
2. TI Information resources
3. Commercial TI platforms
4. Latest product development, e.g. ML

Given this feedback and following the interest in the 1st meeting, it is proposed to develop a Threat Intel Working Group within Cyber Ireland. The overall objective of this group is:

Build the expertise within the Cyber Ireland community to develop Threat Intelligence capabilities through sharing of knowledge and experiences at a strategic level.

The Threat Intel Groups first initiative is to organise a series of short (30 minute) webinars exploring TI and sharing from beginner to advanced topics – “TI Series: From Zero to Hero”.

The TI Group is being led by industry experts:

• Eoin Carroll, Advanced Threat Research, McAfee
• Andy Grzess, CTO Smarttech 247

Session 1: Threat Intel and Mitre Att&ck 101 (21^st October)

A summary of Session 1 of the TI Series is presented:

Andy Grzess – Chief Technology Officer in Smartech247

• What is Threat Intelligence (TI)?
• What are Indicators of Compromise (IOCs), Indicators of Attack (IOAs), Tactics, Techniques and Procedures (TTPs) for TI?
• Common Questions: Who, What, Where, When, Why, How
• Threat Intelligence applied to a Risk Model
• TI transforms questions into answers
• Share to empower: Our Neighbourhood Watch

Eoin Carroll – Principal Engineer, Platform Security & Advanced Threat Research in McAfee

• The Power of MITRE ATT&CK (101)
• Threat Intelligence Frameworks
• MITRE ATT&CK Evolution
• MITRE ATT&CK Use Cases & ROI
• The Pyramid of Pain
• Proactive Cyber Defence
• MITRE ATT&CK in Action

The webinar recording is now live on our Youtube Channel.

Useful Resources:

• MITRE ATT&CK 101 https://medium.com/mitre-attack/att-ck-101-17074d3bc62
• Apply MITRE’s ‘ATT&CK’ Model to Check Your Defenses https://www.mcafee.com/blogs/other-blogs/mcafee-labs/apply-mitres-attck-model-to-check-your-defenses/
• How Frankfurt Stopped Emotet In Its Tracks https://www.mcafee.com/blogs/enterprise/how-frankfurt-stopped-emotet-in-its-tracks/
• RecordedFutures Threat Intelligence Handbook https://go.recordedfuture.com/book
• Windows Defense Evasion “Process Reimaging” https://www.mcafee.com/blogs/other-blogs/mcafee-labs/in-ntdll-i-trust-process-reimaging-and-endpoint-security-solution-bypass/
• We Must Verify before Trusting https://www.mcafee.com/blogs/other-blogs/mcafee-labs/transitioning-to-a-mass-remote-workforce-we-must-verify-before-trusting/