Paralus LLC

Applied Threat Intelligence

Scheduled Offerings

Current Paralus online offerings:

  • TBD
  • In-Person or Online Dedicated Offerings Are Available, Please Contact Us For More Details!

Overview

WWhen used properly, cyber threat intelligence allows an organization to leverage another’s breach or incident to their own benefit. Yet while many cyber threat intelligence courses and guides exist, these are primarily designed for developing long-range, in-depth intelligence products for strategic or similar overview with an overemphasis on theory and little experience in practice. Applied threat intelligence instead supports a different audience: day to day security work and network defense. While cyber threat intelligence must always meet standards for accuracy, relevancy, and timeliness, SOC watch-standers and IR personnel need enriched, good-enough information now over “the best” information later in order to execute their jobs.

This course fills a critical role that other training does not address: how to successfully embed cyber threat intelligence operations into the daily rhythm of security to support everyday tasks, and extraordinary incidents. Toward that end, while this course will touch on theoretical concepts such as kill chain methodology, Diamond Model clustering, and other ideas, the real focus will be on what efforts make operational threat intelligence possible and sustainable:

  1. Building and maintaining lines of communication between intelligence and operations personnel to drive ideal outcomes in security event analysis and closure.
  2. Establishing roles, responsibilities, and service agreements in advance.
  3. Determining priorities, intelligence requirements, and customer threat landscape.
  4. Molding threat intelligence information to security tools to make enriched information useful and actionable.
  5. How to analyze internal and external data sources to extract actionable threat intelligence for operational defenders.
  6. An extensive walk-through of IOC analysis, pivoting, and information enrichment to demonstrate how to better equip defenders to respond to emerging threats.
  7. Discussions on reporting, feedback, and closing the intelligence loop to definitively show how threat intelligence operations link to SOC, IR, and security policy entities.

Syllabus

A comprehensive syllabus is available here.