EC-Council - Threat Intelligence Essentials (T|IE)
Description
Cybersecurity and technology-based mitigation approaches rely heavily on intelligence. This program aims to enhance your understanding and implementation of foundational threat intelligence concepts, including differentiating intelligence from data or information and highlighting its vital role in modern cybersecurity. Additionally, the program enables students to thoroughly explore the threat intelligence lifecycle, understand its significance in shaping
team roles, delve into the ethical and legal considerations, and understand the importance of measuring threat intelligence effectiveness.
As you progress through the programme, you'll master the different types of threat intelligence: strategic, operational, tactical, and technical. You'll learn how each uniquely contributes to areas like regulatory compliance and risk management. In the later modules, you'll engage in hands-on activities that involve data collection, analysis, and the use of Threat Intelligence Platforms (TIPs) for real-world applications in threat hunting and detection. Put your newly acquired abilities to the test with an exhilarating Capture the Flag (CTF) Exercise seamlessly integrated in our Capstone project. This CTF is seamlessly integrated by live virtual machines, genuine software, and real networks, all delivered within a secure and regulated sandbox environment. With these exclusive hands-on, human-versus-machine CTF challenges you will develop the hands-on proficiencies essential for success in your cyber professional role.
The programme culminates with a forward-looking perspective, emphasizing the importance of continuous learning and staying ahead of future trends in this ever-evolving field. Threat Intelligence Essentials is designed to prepare students for progressive careers as Security Operations Center (SOC) Analysts, Threat Intelligence Analysts, IT Risk Analysts, or Cybersecurity Analysts, enabling them to confidently tackle today's cybersecurity challenges with expertise!
Target group
- School students, graduates, professionals, career starters and changers, IT / Technology / Cybersecurity teams with little or no work experience.
- Anyone who wants to start a career in cybersecurity or threat intelligence.
- Anyone interested in threat intelligence, Indicators of Compromise (IoC) analysis, defensive cybersecurity operations, and incident response.
- Any professional involved in securing public, private, and hybrid cloud infrastructures, identities, data, and applications.
- IT / Cybersecurity professionals, system administrators, cloud administrators, cybersecurity administrators, engineers, and architects will also benefit from this course.
Training Program
- Duration : 5 days
Module 01: Introduction to Threat Intelligence
This section will introduce you to the program and provide you with foundational information about threat intelligence.
LabStudents will install the DetectionLab Security Operations Center (SOC) virtual environment. This Detection Lab environment will assist students in completing hands-on threat intelligence exercises found in Modules 3, 6, and 7.
Topics Covered:
- Threat Intelligence and Essential Terminology
- Key Differences Between Intelligence, Information, and Data
- The Importance of Threat Intelligence
- Integrating Threat Intelligence in Cyber Operations
- Threat Intelligence Lifecycles and Maturity Models
- Threat Intelligence Roles, Responsibilities, and Use Cases
- Using Threat Intelligence Standards or Frameworks to Measure Effectiveness
- Establishing SPLUNK Attack Range for Hands-on Experience
Module 02: Types of Threat Intelligence
This section will focus on helping students understand key distinctions and use cases for various threat intelligence types. Students will further understand how various sources generate threat intelligence and how it informs downstream cybersecurity processes or compliance functions.
Module Objectives:
- Students will be able to articulate and explain the core differences between types of threat intelligence.
- Students will understand how threat intelligence is created and how it impacts regulatory decisions or essential cybersecurity controls.
- After completing this section, students will be able to comprehend the importance of various threat intelligence types and how to effectively select or integrate appropriate threat intelligence into specific business processes or situational scenarios.
Topics Covered:
- Understanding the Different Types of Threat Intelligence
- Preview Use Cases for Different Types of Threat Intelligence
- Overview of the Threat Intelligence Generation Process
- Learn How Threat Intelligence Informs Regulatory Compliance
- Augmenting Vulnerability Management with Threat Intelligence
- Explore Geopolitical or Industry Related Threat Intelligence
- Integrating Threat Intelligence with Risk Management
Module 03: Cyber Threat Landscape
This section will help students better understand the current state of cybersecurity threats, emerging trends, obstacles, and how current threat actors are impacting society.
Labs:
- Previewing MITRE ATT&CK in DetectionLab
- Indicators of Compromise Overview in DetectionLab
Module Objectives:
- Students will learn the key concepts surrounding cyber threats and how to define them.
- Students will understand how threat actors, attack vectors, vulnerabilities, and exploits generate Indicators of Compromise (IoC) and how emerging technologies can complicate defensive efforts.
- After completing this section, students will be able to understand cyber threat actor profiles, their operational models, telemetry generated by threat actors, and how IoCs inform threat intelligence efforts.
Topics Covered:
- Overview of Cyber Threats Including Trends and Challenges
- Emerging Threats, Threat Actors, and Attack Vectors
- Deep Dive on Advanced Persistent Threats
- The Cyber Kill Chain Methodology
- Vulnerabilities, Threat Actors, and Indicators of Compromise (IoC)
- Geopolitical and Economic Impacts Related to Cyber Threats
- How Emerging Technology is Impacting the Threat Landscape
- MITRE ATT&CK & Splunk Attack Range IOC Labs
Module 04: Data Collection and Sources of Threat Intelligence
This section will teach students how to conduct searches or acquire threat intelligence from reputable sources. Students will also learn how to conduct Open-Source Intelligence (OSINT) gathering activities and other threat intelligence collection methods directly.
Labs:
- Registering for MS-ISAC, Center for Internet Security (CIS) and other Threat Intelligence Advisories
- Methodologies & Techniques for Conducting OSINT Investigations with TraceLab
Module Objectives:
- Students will learn how to assess threat intelligence sources for credibility, different data collection methods, and concepts useful for managing threat intelligence data.
- Students will be introduced to several direct and indirect threat intelligence collection methods, such as OSINT, HUMINT, and IoC analysis.
- After completing this section, students will gain competence in directly assessing threat intelligence data sources, acquiring reputable threat intelligence, focusing data collection efforts, and exploiting useful elements from acquired threat intelligence.
Topics Covered:
- Making Use of Threat Intelligence Feeds, Sources, and Evaluation Criteria
- Overview of Threat Intelligence Data Collection Methods and Techniques
- Compare and Contrast Popular Data Collection Methods
- Bulk Data Collection Methods and Considerations
- Normalizing, Enriching, and Extracting Useful Intelligence from Threat Data
- Legal and Ethical Considerations for Threat Data Collection Processes
- Threat Data Feed Subscription and OSINT Labs
Module 05: Threat Intelligence Platforms
This section will show students how to access and use several leading Threat Intelligence Platforms (TIPs), such as the AlienVault Open Threat Exchange (OTX) and MISP.
Labs:
- (1) Accessing and Searching for IoC data in AlienVault Open Threat Exchange
- Setting up and Deploying MISP to enrich threat intelligence data
Module Objectives:
- Students will learn how to leverage external or internal Threat Intelligence Platforms (TIPs) to gather actionable data to reduce their attack surface.
- Students will be introduced to data management concepts for threat intelligence to drive efficiencies and effective use of threat intelligence received from TIPs.
- After completing this section, students will gain competence in accessing and directly leveraging TIPs for threat hunting, cybersecurity risk validation, and data aggregation or information sharing purposes.
Topics Covered:
- Introduction to Threat Intelligence Platforms (TIPs), Roles, and Features
- Aggregation, Analysis, and Dissemination within TIPs
- Automation and Orchestration of Threat Intelligence in TIPs
- Evaluating and Integrating TIPs into Existing Cybersecurity Infrastructure
- Collaboration, Sharing, and Threat Hunting Features of TIPs
- Customizing TIPs for Organizational Needs
- Using TIPs for Visualization, Reporting, and Decision Making
- AlienVault OTX and MISP TIP Platform Labs
Module 06: Threat Intelligence Analysis
This section will help students explore and apply data analysis techniques against acquired threat intelligence, including Indicators of Compromise (IoC) and tactics, techniques, or procedures generated by threat actors. Students will learn how to prioritize multiple threats, comprehensive threat intelligence reporting, and concepts for visualizing threat intelligence data sets.
Labs:
- Generating and Reviewing TTP data in DetectionLab
- Building a sample Threat Actor Profile
Module Objectives:
- Students will learn the importance and differences of threat intelligence data analysis methods.
- Students will learn how to correlate, enrich, and build essential reporting metrics around acquired threat intelligence.
- After completing this section, students will acquire hands-on experience with identifying relevant threats in their environment, communicating threat actor data using key metrics, and focusing defensive efforts using actionable threat intelligence.
Topics Covered:
- Introduction to Data Analysis and Techniques
- Applying Statistical Data Analysis, Including Analysis of Competing Hypothesis
- Identifying and Analyzing Threat Actor Artifacts
- Threat Prioritization, Threat Actor Profiling, and Attribution Concepts
- Leveraging Predictive and Proactive Threat Intelligence
- Reporting, Communicating, and Visualizing Intelligence Findings
- Threat Actor Profile Labs and MISP Report Generation Labs
Module 07: Threat Hunting and Detection
This section will provide an operational overview of Threat Hunting, contemporary threat hunting methodologies, and tools or techniques students can leverage to perform hypothesisdriven threat hunts.
Labs:
- Conducting a guided Threat Hunt in DetectionLab
Module Objectives:
- Students will learn core threat-hunting terminology, methods, and frameworks used to conduct threat hunts.
- Students will learn how threat hunting may be achieved through monitored endpoint solutions and/or across a network.
- After completing this section, students will gain direct experience in developing and executing threat-hunting hypotheses to drive proactive cybersecurity processes within an organization.
Topics Covered:
- Operational Overview of Threat Hunting and Its Importance
- Dissecting the Threat Hunting Process
- Threat Hunting Methodologies and Frameworks
- Explore Proactive Threat Hunting
- Using Threat Hunting for Detection and Response
- Threat Hunting Tool Selection and Useful Techniques
- Forming Threat Hunting Hypotheses for Conducting Hunts
- Threat Hunting Lab in SPLUNK ATT&CK Range
Module 08: Threat Intelligence Sharing and Collaboration
This section will discuss the benefits of threat intelligence information sharing, platforms used to share industry-specific threat intelligence, and the cybersecurity or regulatory concerns that influence information sharing.
Labs:
- Sharing Threat Intelligence using the Anomali Platform
Module Objectives:
- Students will learn how proper information sharing can decrease the cybersecurity attack surface for organizations.
- Students will be introduced to threat intelligence information-sharing platforms, products, and techniques.
- After completing this section, students will understand how to properly share or receive shared threat intelligence using available open-source or free platforms.
Topics Covered:
- Importance of Information Sharing Initiatives in Threat Intelligence
- Overview of Additional Threat Intelligence Sharing Platforms
- Building Trust Within Intelligence Communities
- Sharing Information Across Industries and Sectors
- Building Private and Public Threat Intelligence Sharing Channels
- Challenges and Best Practices for Threat Intelligence Sharing
- Legal and Privacy Implications of Sharing Threat Intelligence
- Sharing Threat Intelligence Using MISP and Installing Anomali STAXX
Module 09: Threat Intelligence in Incident Response
This section will discuss methods students can adopt to integrate threat intelligence effectively into cybersecurity Incident Response (IR) plans or processes. Concepts covered in this section include incorporating threat intelligence into triage, forensics, lessons learned, and other incident response processes.
Module Objectives:
- Students will learn how threat intelligence can be incorporated into cybersecurity incident response plans and processes, including its role in incident prevention or postmortem activities.
- Students will be introduced to concepts that allow them to build or update incident response playbooks that are driven by appropriate and relevant threat intelligence.
- After completing this section, students will better understand how threat intelligence can shorten incident resolution and reduce future cybersecurity attacks against organizations.
Topics Covered:
- Integrating Threat Intelligence into Incident Response Processes
- Role of Threat Intelligence in Incident Prevention Using Workflows and Playbooks
- Using Threat Intelligence for Incident Triage and Forensic Analysis
- Adapting Incident Response Plans Using New Intelligence
- Coordinating Response with External Partners
- Threat Intelligent Incident Handling and Recovery Approaches
- Post Incident Analysis and Lessons Learned Considerations
- Measurement and Continuous Improvement for Intelligence Driven Incident Response
Module 10: Future Trends and Continuous Learning
This section will discuss the impact of technological developments like Artificial Intelligence (AI) that are helping to drive innovation in the Threat Intelligence community. This section will also explore complementary educational sources that will allow them to enhance their professional development or pursue threat intelligence career options and approaches that are useful for staying current with modern threat intelligence practices.
Module Objectives:
- Students will learn about emerging technologies that are impacting the threat intelligence community, core security processes, and technology frameworks like IoT.
- Students will overview threat intelligence career paths, approaches to ongoing professional development, and engagement with the broader threat intelligence community.
- After completing this section, students will understand future risks and technologies impacting the threat intelligence community and educational approaches they can adopt to keep pace with this fast-paced industry.
Topics Covered:
- Emerging Threat Intelligence Approaches and Optimizing Their Use
- Convergence of Threat Intelligence and Risk Management
- Continuous Learning Approaches for Threat Intelligence
- Adapting Professional Skillsets for Future in Threat Intelligence
- Anticipating Future Challenges and Opportunities in Threat Intelligence
- Engaging in the Threat Intelligence Community and Keeping a Pulse on the Threat Landscape
- The Role of Threat Intelligence in National Security and Defence
- Potential Influence of Threat Intelligence on Future Cybersecurity Regulations
Goal
This course aims to equip participants with foundational knowledge and practical skills in cyber threat intelligence. Learners will understand the threat landscape, identify and analyze cyber threats, gather and interpret intelligence data, and apply it to strengthen organizational security. By the end of the training, participants will be able to proactively detect, respond to, and mitigate cyber threats using structured intelligence approaches.
Recommended
- Basic knowledge of networking and cybersecurity principles
- Familiarity with common cyber threats and attack methods
- Experience in IT, security operations, or incident response is helpful but not mandatory
- No advanced technical skills required
- Language : English
- Certification body : EC-Council
- Certification: Yes
- Accessibility : Yes
- Duration: 5 days
Important information:
Our courses are not registered with the Répertoire National des Certifications Professionnelles (RNCP), but they do comply with the requirements of the Répertoire Spécifique (RS).