Applied Threat Intelligence

Scheduled Offerings

Current Paralus online offerings:

  • TBD
  • In-Person or Online Dedicated Offerings Are Available, Please Contact Us For More Details!

Overview

When used properly, cyber threat intelligence allows an organization to leverage another’s breach or incident to their own benefit. Yet while many cyber threat intelligence courses and guides exist, these are primarily designed for developing long-range, in-depth intelligence products for strategic or similar overview with an overemphasis on theory and little experience in practice. Operational threat intelligence instead supports a different audience: day to day security work and network defense. While cyber threat intelligence must always meet standards for accuracy, relevancy, and timeliness, SOC watch-standers and IR personnel need enriched information now in order to execute their jobs.

This course fills a critical role that other training does not address: how to successfully embed cyber threat intelligence operations into the daily rhythm of security to support everyday tasks, and extraordinary incidents. Toward that end, while this course will briefly touch on theoretical concepts such as analysis of competing hypotheses, kill chain methodology, and other ideas, the real focus will be on what efforts make operational threat intelligence possible and sustainable:

  1. Establishing roles, responsibilities, and service agreements in advance.
  2. Determining priorities, intelligence requirements, and customer threat landscape.
  3. Molding threat intelligence information to security tools to make enriched information useful and actionable.
  4. How to analyze internal and external data sources to extract actionable threat intelligence for operational defenders.
  5. An extensive walk-through of IOC analysis, pivoting, and information enrichment to demonstrate how to better equip defenders to respond to emerging threats.
  6. Discussions on reporting, feedback, and closing the intelligence loop to definitively show how threat intelligence operations link to SOC, IR, and security policy entities.

The course then concludes with the nature of pivoting, data and observable enrichment, and quick analysis reporting to close out instruction.

Syllabus

A comprehensive syllabus is available here.