Chapter 2 Exploring Cybersecurity Threats

Audio

Transcript

So this next slide is going to talk about conducting your own research and that's important if you're going to be a good analyst, whether you're SoC level one, level 2, Level 3, whatever you happen to be conducting your own research. So that's basically your job is to determine through all the information that you have.

At your fingertips is if something is real or not.

So the first is vendor security information websites, so if you get an alert that comes in and it's a Microsoft code, well, you're going to go to their website and put in that code to see what you get and see what it is.

Vulnerability and threat feeds. We've talked a lot about those. So you want to to take that information and then you know, look at other maybe ocean sources.

Academic journals and technical publications. Internet requests for comments, RFC documents. So those are all you know, especially technical publications. If you're having issues with, you know you think somebody's hacking your hardware or your software.

You know, you could go to a technical publication by either the company that put out the software or third party companies that are troubleshooters. You know, bug catchers that would put out that type of information.

Professional conferences and local industry groups. Those are all real big, you know, gives you a chance to to meet individuals that are in the same industry but also talk about what's going on, talk about what they're seeing versus what you're seeing, how they dealt with it, social media accounts.

Of prominent security professionals and I know we used to use back in the day, Twitter before it became ex and those were really great for following Twitter feeds of security companies and being able to get really up to date stuff.

And then learning adversaries, tactics, techniques and procedures.

We talked about knowing your adversary, so learn their what's called TTPS, their tactics, their techniques and their procedures. How are they doing things? If you know how they're doing things, it's a lot easier to stop them. So if you know, if you're a network admin and you know.

That bad guys are always coming in through port 123 of your network. Then you know why do you have that open? Go close that port. So different things like that learn how they're doing things that will help keep your network safe.