Online training sessions:

Intelligence-driven Threat Hunting for improving SOC maturity level
with SANS 6-step Incident Response, MITRE ATT&CK phase-ordered kill chain, The Diamond Model of Intrusion Analysis, TIBER-EU, Structured Threat Information Expression (STIX) and more
Abstract:

In order to increase their maturity level, SOC organizations frequently introduce Intelligence-driven Threat Hunting. Benefits of Intel-driven Threat Hunting are:

  • Set a clear hunt focus based on Cyber Threat Intelligence derived from incident and breach response engagements
  • True analysis methodology based on hypothesis formulation and testing
  • In contrast to deep-dive forensic analysis which doesn’t scale across thousands or tens of thousands of endpoints, Threat Hunting is forensic analysis methodology at scale

This online and free training class series guides existing SOC organizations towards an extremely efficient, modern and effective future. 4 training sessions are aimed to help SOC organizations understand the limitation of current SOC analysis methodology and how Intel-driven Threat Hunting can complement it to improve their maturity level enormously. We are shedding light on state-of-the-art cyber defense technology, frameworks and methodologies in a highly innovative and novel way.

Note: These training sessions build on each other. Although we always start a new session by summarizing the previous session, it might not make sense to join at some later point in time if you haven't been there from the beginning.

Class agenda
  1. Uplift SOC maturity level with ground-breaking and highly innovative approaches
    • Review current SOC working model
    • Outlook into a modern future
  2. Understanding state-of-the-art technology, frameworks and methodologies in a novel light
    • SANS 6-step Incident Response
    • MITRE ATT&CK phase-ordered kill chain
    • The Diamond Model of Intrusion Analysis
    • TIBER-EU
    • Structured Threat Information Expression (STIX)
    • Cyber Threat Intelligence derived from Incident and Breach Response engagements
  3. Cyber Threat Modeling - the most effective method for incident preparation
    • Threat-centric modeling
    • Asset- and system-centric modeling (operational environment)
    • Determine influences on the operational environment
  4. Gaining tactical advantage through predictive defense measures
    • Determine realistic future attack paths based on attacker capabilities juxtaposed to an organizational attack surface
    • Modeling of the environmental effects and influences on the operational environment
  5. Visualize attack vector mitigation coverage for security controls
  6. Threat Model operationalization through Threat Hunting
    • Diamond relationships (Adversary, Infrastructure, Capabilities, Victim)
    • Hypothesis formulation
    • Analytic pivoting
      • Discover evidence
      • Discover related elements
    • Analysis of Competing Hypothesis (ACH)
      • Generate new hypotheses
      • Create matrix of competing hypotheses
      • Strengthen, weaken or disprove hypotheses based on discovered evidence
      • Continue analysis with sustainable hypotheses
    • Hypothesis testing
    • Activity Threads
  7. How to leverage the open-source STIX visualizer cti-stix-diamond-activity-attack-graph to support the threat-centric modeling process

Target audience

SOC personnel (Managers, Analysts, Consultants), Security Analysts (Threat Intelligence, Threat Hunting, Incident Response), Digital Forensics & Incident Response (Analysts, Consultants)

Price

Free of charge

Duration

1.5 hours per session

Venue

Remote

Language

Selectively German and English

Planned sessions:

Impressions of previous on-site training classes:

Sign up for Online sessions
How did you get to know about the training class:
I confirm that I have read and agreed to the Privacy Policy
Subscribe to our free newsletter
Agree to be contacted by telephone
Agree to be contacted by email
Last update: 02.03.2023