Intelligence Driven Security
Overview
The US Special Operations Forces pioneered a methodology called F3EAD, which enabled amongst other things the ability to take out insurgent and terrorist networks. This methodology focuses on 'Finding' the adversary, 'Fixing' their location, 'Finishing' their operational utility, and collecting the materials associated with the target. This material is then 'Exploited' or used to extract operational details of the network they are associated with, 'Analyzed' for intelligence which is useful to find other targets, and 'Disseminated' for other friendly forces to conduct operations. This class focuses on modifying the F3EAD methodology for utility in Cyber Defense Operations to allow cyber defenders to incorporate intelligence practices into their daily operations and focus not only on one off indicators but the overall threat factor. Intelligence enables cyber defense teams to look at the cyber battlefield from the 50,000-foot view and piece together all aspects of the cyber adversary's operations. From what altitude are you viewing the cyber battlefield?
In this class, you will learn the importance of Threat Intelligence, how to consume intelligence, and how to integrate it into your enterprise. This integration will focus on real time integration to allow threat intelligence to be processed at 'line speed'. Students will learn how to leverage intelligence for defense as well as investigative purposes. A key focus will be on identifying intelligence sources and exploiting them to extract intelligence. We will then explore how to enrich this intelligence and feed it into enterprise security solutions to enhance defensive postures. There will be some technical hands-on activities exploring data visualization, forensic analysis, malware analysis, and dynamic memory analysis. Students will leave with a competence in identifying intelligence sources and incorporating them into automated solutions. This will include extensive hands-on work using numerous tools across several different disciplines. While not exhaustive or specifically deep in any one area, students will leave with an arsenal of tools and techniques to apply intelligence to enterprise defense.
Who Should Take this Course
Cyber Defense Professionals, Incident Responders, SOC personnel, Intelligence Professionals, and anyone looking to incorporate intelligence processes into their existing work flow.
Student Requirements
A basic understanding of networking, computer hardware, and security concepts.
What Students Should Bring
- USB Port
- Administrative Privileges on their workstation
- VMware Player, VMware Fusion, or VMware Workstation
What Students Will Be Provided With
Trainer will provide materials on USB stick, this will include all tools covered in class, relevant documentation, and additional materials such as cheat sheets for the tools.
Trainers
Adam Meyers is the VP of Intelligence for CrowdStrike; in this role, he overseas the team's daily activity, provides direction and strategic vision for the company's intelligence collection, reverse engineering, and analysis efforts. He also serves as a senior security researcher, who focuses on reverse engineering targeted malware threats, mobile malware and related technologies. Previously he was the Director, Cyber Security Intelligence with the National Products and Offerings Division of SRA International. In that role, Mr. Meyers served as a senior subject matter expert for cyber threat and cyber security matters for a variety of SRA projects. Mr. Meyers provided both technical expertise at the tactical level and strategic guidance on overall security program objectives. Mr. Meyers also acted as the product manager for SRA Cyberlock, a dynamic malware analysis platform.