89: Cybereason - Molerats in the Cloud

en-usApril 06, 2021

Podcast Summary

From Unit 8200 to CEO: Lior Div's Journey in Cybersecurity: Disappointed with not becoming a combat pilot, Lior Div found his fascination with wireless technology led him to Unit 8200. Surrounded by creative individuals, he gained valuable insights and skills that later helped him co-found Cybereason and become a successful CEO.
Lior Div, the CEO of Cybereason and a former member of Unit 8200 in Israel, reveals how he was initially disappointed when he didn't get assigned to the combat pilot unit and instead was assigned to work in Unit 8200, which is like Israel's version of the NSA. He describes how his fascination with wireless technology led him to this unit, where he found himself surrounded by highly intelligent and creative individuals who were working on signal intelligence. This experience gave him valuable insights and skills that later helped him to co-found Cybereason, a cybersecurity company that investigates and uncovers malicious activity, as well as to become a successful CEO.
From Hacking Company to Impossible Missions: Rigorous training and hands-on experience can help individuals become experts in their fields - as shown by Lior's journey from Unit 8200 to his own hacking company, mastering everything from cellular networks to internet functions.
Lior's experience in Unit 8200 and his own hacking company provided him with the knowledge to take on impossible missions involving hacking, cracking, and reverse engineering. His team used deception to distract targets while they infiltrated their computers, making it easier for them to work undetected in a noisy environment. He gained hands-on experience during his six-year stint in Unit 8200, where he learned everything from how cellular networks work to how the internet functions. Lior's story highlights how rigorous training and hands-on experience can help individuals become experts in their fields.
The Intricate Process of Hacking and Its Impact on the Physical World.: Hacking is not just about infiltrating a system, but a detailed and complicated process that can have serious real-world consequences if successful. It's important to understand the full scope of potential risks and take appropriate security measures.
Hacking is not limited to just entering a system, it is a lengthy process that involves mapping the environment, locating and collecting data, exfiltrating it outside the organization and staying in the system to keep collecting information. The Stuxnet attack was the first demonstration of the ability to leverage software and code to achieve military or government goals and create a link between the cyber world and the physical world. This attack changed the world and sparked the imagination of people to understand that we are not just talking about IT security anymore. Attackers can be determined to go after a target and can bend physics to their benefits with enough creativity and ingenuity.
Traditional Indicators of Compromise are Outdated - Meet Malop: Malop is a data analytics approach that uses real-time monitoring to identify malicious behavior and anticipate attackers' next move. Cybereason has successfully deployed this method to detect and prevent attacks, highlighting the importance of endpoint detection and protection.
Traditional indicators of compromise are not enough to detect advanced attacks. The Malicious Operation approach, or Malop, invented by the founders of Cybereason, assumes that attackers have many steps to perform in order to carry out their operation. By analyzing data in real-time, collecting massive amounts of data and looking for malicious indicators of behavior, defenders can anticipate the next move of the attacker and detect and prevent the attack. Cybereason is a big data analytic company that can analyze massive amounts of data to find malicious operations in organizations, not just malware. Endpoint detection and protection is crucial to this method, and Cybereason was successful in deploying 50,000 sensors on a large network to detect an attacker.
Installing Endpoint Software to Prevent Massive Cyber Attacks: Identifying every step of an attack, from the code used to the specific individual responsible, can prevent massive-scale cyber attacks. Installing endpoint software on all computers is essential for detecting malicious activity and ensuring network security.
Installing endpoint software on all computers is essential for preventing massive-scale cyber attacks. Companies often face the problem of not knowing what computers are on their network, which leaves them vulnerable to malicious activity. The ability to tell a story of what hackers are doing inside an environment is crucial to preventing attacks. This was proven when a group of Chinese hackers was identified on a cellular network with 50,000 endpoints. The hackers had the admin password for every system, but the company was able to replace it after being presented with evidence of the attack. Identifying every step of the attack, from the code used to the specific individual responsible, made it clear that the company had been compromised.
Cybereason's Approach to Combatting Cyber Threats: Cybereason's multifaceted approach to cybersecurity, including threat detection and response, threat intelligence research, and global context analysis, helps expose and disrupt malicious activity groups, contributing to a safer world.
Cybereason's success lies in not only detecting malicious activity in a network but also having a response team to fix those issues, in addition to a threat intelligence team to research on emerging threats. They strive to reverse the adversary advantage by finding out how hackers hack, and exposing their tactics and techniques to the world, making it a safer place. The Nocturnus team at Cybereason hunts through the data collected to find new threats in the security community, and investigates them by reverse-engineering the malware. Their linguistic capabilities, combined with technical knowledge, enable them to tie the threats to a global or a geopolitical context. Cybereason aims to make the world a safer place by exposing shady activity groups and releasing major research that disrupts their ability to operate for a long time.
The Importance of Understanding Geopolitical Context in Threat Research: When investigating threats, it's essential to consider the political climate and context as one piece of information may reveal the entire infrastructure of the threat actor.
Understanding the geopolitical context is crucial in threat research. The Spark malware discovered by Cybereason in February 2020 was used in phishing e-mails that appeared to target political figures associated with the Fatah movement. The e-mails contained fake news about secret meetings and other sensitive information. The malware gave attackers full access to the endpoint computers, allowing them to steal information and run commands. In October/November 2020, Cybereason discovered new tools being used in phishing lure documents related to the Israeli peace process and internal Palestinian affairs. When doing threat research, one piece of information can lead to many others, and researchers must pull on strings to uncover all aspects of the threat actor's infrastructure.
The Tactics of Hackers and their Complex Ways to Avoid Detection.: Hackers use various backdoors to evade sandboxes and use remote communication channels to send commands to malware. They hide in plain sight using Dropbox or Google Drive without detection, while both hackers and defenders have a mutual love for technology and exploiting systems.
Hackers use various backdoors for different targets to take full control over the victim’s computer. SharpStage is installed on a victim’s machine that can control the machine, run arbitrary commands, fetch information, and uses a Dropbox client for exfiltration. The backdoors themselves target Arabic-speaking users as a clever way to avoid most sandboxes and to blend right in without detection. The most interesting one is DropBook that uses Facebook fake accounts for remote C2 communication channel to send commands to malware. The attackers use Dropbox or Google Drive to hide in plain sight as it looks like normal traffic and blends right in without detection. Hackers and defenders have a certain respect for each other's work as they share a love for technology and learning ways to exploit systems.
Geopolitical Awareness and Cyber Threat Analysis: Connecting the dots and understanding the motivation behind the attack can help narrow down the list of possible suspects and effectively detect and respond to cyber threats. Curiosity and problem-solving skills drive top-performing cybersecurity professionals.
Geopolitical awareness is crucial to cyber threat analysis. Cybereason's team was able to connect dots and enrich their tools to effectively detect and respond to the Molerat threat. Understanding the threat actors in a specific geopolitical space helped narrow down the list of possible suspects and identify the motivation behind the attack. The Molerat group is a well-defined, politically-motivated activity group that mostly targets government entities, political activists, and diplomats in the Middle East and North Africa region. Being curious, solving problems, and uncovering new activity is what drives top-performing cybersecurity professionals to put in extra hours and work on exciting cases.
Molerats/Gaza Cyber Gang and their targets: Cybereason's technology helps in identifying indicators of potential cyber attacks by Molerats, but it is important to avoid online trust, including those who may be perceived as friends or enemies.
The group known as Molerats or Gaza Cyber Gang has been involved in cyber attacks for the past nine years, targeting various countries including Palestine, Israel, US, and UK. While there are reports suggesting that the group may have some alliance with Hamas, there is no concrete evidence to support this claim. The group's targets include high-level Fatah officials and stealing information from them may give them leverage in certain negotiations. Cybereason's machine learning algorithms and behavior-based detection help in identifying indicators of the group's presence in a network, making the world more secure. However, it is important to note that 100% attribution is rare and it is crucial to not trust anyone online, including friends or enemies.
Cybereason Defense Platform - Next-gen Protection for Enterprise Endpoint Security and Prevention: Cybereason's Defense Platform provides real-time monitoring and analysis of endpoint data to identify abnormal processes and connections, and offers multi-evidence correlation to identify suspicious activities and stop malicious operations, helping enterprises be more future-ready to prevent attacks and be more secure.
Cybereason's Defense Platform offers comprehensive protection from endpoint to everywhere in an enterprise environment. It collects data from every endpoint and analyzes it in real time to create a network of relationships that enables it to identify abnormal processes and connections, and mark them as evidence. The system correlates multiple evidences and identifies suspicious activity, and if there is a malicious operation, it stops it and provides a detailed story of what happened. Thus, it helps an organization be more future-ready to deal with attacks. Cybereason offers full protection on endpoints with next-gen antivirus, anti-ransomware, and anti-virus attack, and collects endless amounts of evidence as data flows through the system. The Defense Platform is an operation-centric approach that makes an enterprise more secure.

Recent Episodes from Darknet Diaries

In this episode, Geoff White (https://x.com/geoffwhite247) tells us what happened to Axie Infinity and Tornado cash. It’s a digital heist of epic proportions that changes everything.

This story comes from part of Geoff’s book “Rinsed” which goes into the world of money laundering. Get yours here https://amzn.to/3VJs7pb.

Darknet Diaries

en-usJuly 02, 2024

146: ANOM

In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

Darknet Diaries

en-usJune 04, 2024

145: Shannen

Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usMay 07, 2024

undercover operations

144: Rachel

Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usApril 02, 2024

143: Jim Hates Scams

Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

en-usMarch 05, 2024

142: Axact

Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usFebruary 06, 2024

information questioning

deceptive situations

ethical practices

141: The Pig Butcher

The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usJanuary 02, 2024

online identity verification

online relationships

social stigmas

financial scams

emotional manipulation

crypto investments

bec attacks

cybersecurity awareness

fraud prevention

secure transactions

140: Revenge Bytes

Madison's nude photos were posted online. Her twin sister Christine came to help. This begins a bizarre and uneasy story. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usDecember 05, 2023

139: D3f4ult

This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usNovember 07, 2023

138: The Mimics of Punjab

This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 03, 2023

limited law enforcement resources

Related Episodes

126: REvil

REvil is the name of a ransomware service as well as a group of criminals inflicting ransomware onto the world. Hear how this ransomware shook the world. A special thanks to our guest Will, a CTI researcher with Equinix. Sponsors Support for this show comes from Zscalar. Zscalar zero trust exchange will scrutinize the traffic and permit or deny traffic based on a set of rules. This is so much more secure than letting data flow freely internally. And it really does mitigate ransomware outbreaks. The Zscaler Zero Trust Exchange gives YOU confidence in your security to feel empowered to focus on other parts of your business, like digital transformation, growth, and innovation. Check out the product at zscaler.com. Support for this show comes from Arctic Wolf. Arctic Wolf is the industry leader in security operations solutions, delivering 24x7 monitoring, assessment, and response through our patented Concierge Security model. They work with your existing tools and become an extension of your existing IT team. Visit arcticwolf.com/darknet to learn more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Darknet Diaries

en-usOctober 18, 2022

online scams

threat intelligence

ransomware attacks

cybersecurity measures

cybercrime investigations

Microsoft Intune Suite - beyond endpoint management in 2024

Simplify endpoint management and security with a single, connected experience with the Microsoft Intune Suite. It brings you a broad collection of advanced cross-platform capabilities, with new improvements across application security, secure access to on-prem and private cloud resources, and device operations and support.

Enhance application security with Enterprise App Management to streamline deployment, updates, and protection against vulnerabilities. Run approved privileged apps with tailored elevation rules using Endpoint Privilege Management. Ensure secure access to on-prem and private cloud resources using Cloud PKI for streamlined certificate management and Microsoft Tunnel for MAM's Micro-VPN service for unenrolled devices. Gain insights and real-time device querying through advanced analytics. View and control your PCs and Macs, as well as specialized mobile devices, right from the Intune admin center with Remote Help.

Dilip Radhakrishnan, Partner, GPM for Microsoft Intune, give an overview of the Microsoft Intune Suite and its recent updates.

► QUICK LINKS:

00:00 - Simplify endpoint management and security
01:38 - Enterprise App Management
02:21 - Updating apps
02:43 - Endpoint Privilege Management
03:45 - Securing access to on-prem resources with Cloud PKI
04:29 - Securing mobile access to on-prem and private cloud resources
05:05 - Advanced Analytics- Device query
06:48 - Remote Help
07:49 - Wrap Up

► Link References:

Check out https://aka.ms/IntuneSuite

► Unfamiliar with Microsoft Mechanics?

As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

• Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries

• Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog

• Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

► Keep getting this insider knowledge, join us on social:

• Follow us on Twitter: https://twitter.com/MSFTMechanics

• Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/

• Enjoy us on Instagram: https://www.instagram.com/msftmechanics/

• Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Microsoft Mechanics Podcast

enFebruary 07, 2024

application security

advanced analytics

windows 10

elevation settings policy

microsoft intune

unified endpoint management

intune suite remote help

endpoint security

endpoint privilege manager

intune suite

#112 What is threat Intelligence?

ISO 27002 was recently updated this year – along with a reduction of overall controls, 11 completely news ones were added to keep up with new and emerging technology.

One of the new controls added under the organisational category, is something called threat intelligence. But what does this mean exactly?

Steve Mason joins us again today to delve deeper into threat intelligence to explain what it is, gives examples of the different types and shares some tools and activities that will help you implement threat intelligence

You’ll learn

What is threat intelligence?
What does threat intelligence actually do?
The different types of threat intelligence
What tools can you implement to help with threat intelligence?
What activities can you do to help implement threat intelligence?

Resources

In this episode, we talk about:

[01:19] The definition and purpose of threat intelligence

[03:01] Threat intelligence doesn’t have to factor into your scope and context – you can integrate findings in later

[03:50] Threat intelligence is about being aware of not only internal threats, but global threats that could impact your business

[04:50] Threat intelligence is not only about IT (i.e. viruses)

[05:19] That being said – cyber threats are still a big factor. So ensure you have tools, training and measures in place to reduce cyber attacks and breaches.

[06:30] Types of Threat intelligence, including: Cyber, Strategic and Tactical

[07:58] What threat intelligence actually does – Firstly ensure that you are collecting relevant data. That data can be analysed and used to reduce risk, to help you be proactive instead of reactive to threats.

[09:51] Threat intelligence is very appliable to Business Continuity (ISO 22301)

[10:35] The different types of tools you could consider, including: Security information and event management (SIEM) and CSOC – Cyber Security Operation Centres

[12:30] Types of threat intelligence activities you can do. This includes: Establishing objectives, collection of information from selected sources, analysing information to understand how it relates and is meaningful to the business and communicating information to relevant individuals.

[15:10] Ensure your threat intelligence is dynamic – and use it to inform and update your Risk Assessments at regular intervals

[16:30] Threat intelligence works with the Plan-Do-Act-Check cycle that is commonly seen in most ISO’s

[17:10] Threat intelligence can be used by any business regardless of any ISO certification you may or may not have.

[18:05] Keep an eye out for our ISO 27001:2022 migration support offering!

Just a reminder, we’re offering 6 months free access to the isologyhub for anyone who signs up to an ISO Support Plan!

We’d love to hear your views and comments about the ISO Show, here’s how:

Share the ISO Show on Twitter or Linkedin
Leave an honest review on iTunes or Soundcloud. Your ratings and reviews really help and we read each one.

Subscribe to keep up-to-date with our latest episodes:

enAugust 09, 2022

Unit 8200 Where Are You - Blackbird9 Podcast

Welcome to Blackbird9's Breakfast Club's Wednesday Podcast Unit 8200 Where Are You? Tonight we will discuss Israel's Operation Talpiot and the mysterious Telecommunications Unit 8200.
https://www.blackbird9tradingposts.org/2017/09/27/unit-8200-where-are-you-blackbird9-podcast/

In the First Hour Host Frederick C. Blackburn will cover the recent chaotic events brought on by the teachings of the Frankfurt School Marxists. Their mission: establish a Greater Israel ruled by globalism under the direction of Talmudic Noahide Law and at the same time force all other nations to surrender their independent sovereignty.

In the Second Hour, Unit 8200 Where Are You?, the host looks at Israel's Operation Talpiot and the clandestine Telecommunications Unit 8200 who seem to be positioned EVERYWHERE in the US Telecom grid. Expanding on his personal experience in the Telecommunications Industry in the run up to . . . and in the aftermath of 9-11, we will discuss the history of this particular type of illegal electronic surveillance by both foreign and domestic jewish interests in the United States. From the Fourth Amendment of the US Constitution to the (((Full Spectrum Dominance))) agenda of these Modern Maccabees working for the Greater Israel agenda all roads always seem lead to Israel and World Zionism. Every. Single. Time.

Blackbird9s Breakfast club

enSeptember 28, 2017

unit 8200

nsa

operation talpiot

electronic surveillance

full spectrum dominance

Capitalizing on AI Transformation - The Six Five On the Road

On this episode of the Six Five - On the Road, hosts Patrick Moorhead and Daniel Newman are joined by HP's Alex Cho, President of Personal Systems, for a conversation on capitalizing on the transformative power of AI in today's dynamic environment. They delve into how HP Personal Systems is seizing the immense opportunities presented by AI to revolutionize the PC business, hybrid meetings, and much more.

The discussion covers: