Cyber Threat Intelligence: The No-Nonsense Guide for Cisos and Security Managers (Paperback)

Understand the process of setting up a successful cyber threat intelligence (CTI) practice within an established security team. This book shows you how threat information that has been collected, evaluated, and analyzed is a critical component in protecting your organization's resources. Adopting an intelligence-led approach enables your organization to nimbly react to situations as they develop. Security controls and responses can then be applied as soon as they become available, enabling prevention rather than response.

There are a lot of competing approaches and ways of working, but this book cuts through the confusion. Author Aaron Roberts introduces the best practices and methods for using CTI successfully. This book will help not only senior security professionals, but also those looking to break into the industry. You will learn the theories and mindset needed to be successful in CTI.

This book covers the cybersecurity wild west, the merits and limitations of structured intelligence data, and how using structured intelligence data can, and should, be the standard practice for any intelligence team. You will understand your organizations' risks, based on the industry and the adversaries you are most likely to face, the importance of open-source intelligence (OSINT) to any CTI practice, and discover the gaps that exist with your existing commercial solutions and where to plug those gaps, and much more.

What You Will Learn

• Know the wide range of cybersecurity products and the risks and pitfalls aligned with blindly working with a vendor
• Understand critical intelligence concepts such as the intelligence cycle, setting intelligence requirements, the diamond model, and how to apply intelligence to existing security information
• Understand structured intelligence (STIX) and why it's important, and aligning STIX to ATT&CK and how structured intelligence helps improve final intelligence reporting
• Know how to approach CTI, depending on your budget
• Prioritize areas when it comes to funding and the best approaches to incident response, requests for information, or ad hoc reporting
• Critically evaluate services received from your existing vendors, including what they do well, what they don't do well (or at all), how you can improve on this, the things you should consider moving in-house rather than outsourcing, and the benefits of finding and maintaining relationships with excellent vendors

Who This Book Is For

Senior security leaders in charge of cybersecurity teams who are considering starting a threat intelligence team, those considering a career change into cyber threat intelligence (CTI) who want a better understanding of the main philosophies and ways of working in the industry, and security professionals with no prior intelligence experience but have technical proficiency in other areas (e.g., programming, security architecture, or engineering)

了解在已建立的安全團隊中建立成功的網絡威脅情報（CTI）實踐的過程。本書向您展示了收集、評估和分析的威脅信息是保護組織資源的關鍵組成部分。採用以情報為導向的方法使您的組織能夠靈活地對待不斷發展的情況。一旦可用，安全控制和應對措施就可以立即應用，實現預防而非應對。

有很多競爭的方法和工作方式，但本書消除了混亂。作者Aaron Roberts介紹了使用CTI成功的最佳實踐和方法。本書不僅對高級安全專業人員有所幫助，也對那些希望進入該行業的人有所幫助。您將學習到在CTI中取得成功所需的理論和心態。

本書涵蓋了網絡安全的野蠻西部，結構化情報數據的優點和局限性，以及使用結構化情報數據可以且應該成為任何情報團隊的標準實踐。您將了解基於行業和可能面臨的對手，開放源情報（OSINT）對任何CTI實踐的重要性，發現現有商業解決方案中存在的差距以及如何填補這些差距等等。

您將學到什麼

- 了解各種網絡安全產品以及與盲目與供應商合作相關的風險和陷阱
- 理解情報循環、設定情報需求、鑽石模型以及如何將情報應用於現有安全信息等關鍵情報概念
- 了解結構化情報（STIX）以及其重要性，將STIX與ATT&CK對齊，以及結構化情報如何幫助改進最終情報報告
- 根據預算來處理CTI
- 在資金方面優先考慮的領域以及應對事件、信息請求或臨時報告的最佳方法
- 批判性評估從現有供應商那裡獲得的服務，包括他們做得好的地方，他們做得不好（或根本不做）的地方，您如何改進這一點，您應該考慮將某些事務內部化而不是外包，以及找到並保持與優秀供應商的關係的好處

本書適合對象

- 負責網絡安全團隊的高級安全領導者，他們正在考慮建立威脅情報團隊
- 考慮轉行從事網絡威脅情報（CTI）的人，他們希望更好地了解該行業的主要理念和工作方式
- 沒有情報經驗但在其他領域具有技術能力（例如編程、安全架構或工程）的安全專業人員

Aaron Roberts is an intelligence professional specializing in Cyber Threat Intelligence (CTI) and Open-Source Intelligence (OSINT). He is focused on building intelligence-led cyber capabilities in large enterprises and conducting online investigations and research. He has worked within several the public and private sectors as well as the British Military. As such he understands how intelligence can and should be utilized within a range of environments and the fundamental approach that businesses must take to get the maximum value out of their cyber threat intelligence program.

Aaron Roberts 是一位專精於網路威脅情報（CTI）和開放源情報（OSINT）的情報專業人士。他致力於在大型企業中建立以情報為導向的網路安全能力，並進行線上調查和研究。他曾在公共和私營部門以及英國軍方工作，因此他了解情報在各種環境中應如何運用，以及企業在網路威脅情報計畫中應採取的基本方法，以獲得最大價值。