Chapter 2 Exploring Cybersecurity Threats

Audio

Transcript

So let's talk about assessing threat intelligence. So the first thing is it timely, that's important. Is it something that's going on now or is it something that happened a year ago? So you know, timely is important. You want to know. 

1st about all the stuff that's going on right this minute.

If it's running behind a delay, can be costly. If it's giving you old information that just bogs down and can overwhelm your analyst. So what you need is timely information. That's.

And you know is occurring now, not something that occurred last year. So and you can't afford for it to be even hours behind in today's world. So it's the information accurate. So can you rely on what it says and how likely is it that the assessment is valid? Does it rely on a single source or multiple sources?

How often are those sources correct? So I've looked at blacklists that have a a website blacklist that and it was blacklisted five years ago. While they've done nothing to update that, to see if that website is still bad. You know, just because bad guy.

Was running on a certain IP address five years ago. Doesn't mean that somebody else doesn't have that IP address now. Same thing. It's just because an IP address was good.

Last week doesn't mean it's good now, so hackers will look for IP addresses that recently went dormant. So maybe a company that went out of business, they didn't renew their website, things like that and they want to grab those fresh, clean, not blacklisted websites and use those so.

Accurate and timely information is important, and that is the information relevant.

If it describes the wrong platform, software or reason for the organization to be targeted, it's not, you know, that's bad. If it tells you it's something in Microsoft that it's something in some other software, you know that doesn't do you any good. If it's attack that's targeted to hot at hospitals and you're not.

One and it leads you to believe that you may be targeted. That's not good. So the information has to be relevant. It has to tell you the exact vulnerability, what software or service that's involved with.

 Is IT industry specific or is it organization specific? What makes it relevant to you as an organization?