Articles on Threat Intelligence

Below are my perspectives on Threat Intelligence, drawn from my work as a security leader and practitioner.

• Threat Intelligence Six Signals for Threat Attribution
  Intelligence analysts weigh six signals together to build defensible attribution to a threat actor. For each one, they use a disciplined methodology we can cite and stress-test.
• Threat Intelligence How You Can Write Better Threat Reports
  Writing about cybersecurity threats requires deciding what details to include, demonstrating sound analysis, and addressing multiple audiences. A rating sheet checklist can help ensure threat reports...
• Threat Intelligence Report Template for Threat Intelligence and Incident Response
  Large-scale intrusions require organizing intelligence about adversary actions and response efforts. A threat intelligence report template leveraging the Intrusion Kill Chain, Courses of Action...
• Threat Intelligence Anticipating Cyber Threats Beyond APT
  Organizations that experienced APT attacks years ago may offer insights into threats that will eventually reach other companies. Predicted trends include greater use of purchased exploits,...
• Threat Intelligence When Indicators of Compromise (IOCs) Entered the Mainstream Enterprise
  Indicators of Compromise (IOCs) are custom, incident-specific signatures that organizations use to detect attacker artifacts. Mandiant popularized the term around 2007, and by 2015 the concept gained...
• Threat Intelligence Advanced Persistent Threat (APT) - A Touchy Security Topic
  APT causes heated debates because it's become a marketing buzzword. Some define it as an attack process with certain characteristics (the "What" group), while Mandiant uses it for specific...