Threat Intelligence Research Sources | CompTIA Security+ SY0-601 | 1.5d

In this video you will learn about threat intelligence research resources such as:  vendor websites, vulnerability & threat feeds, conferences & local industry groups, academic journals, request for comments, social media, and adversary tactics, techniques & procedures.

As an IT professional, it is important that you stay up to date on what’s taking place when it comes to threats that may cause issues with your computer systems or networks.  We’re going to discuss a few areas that you need to know for the CompTIA Security+ SY0-601 certification exam where you can get valuable information to keep you abreast of what’s going on so that you can educate yourself on the latest threats that are bound to come your way.

  • Vendor Websites:  The best place to start when researching potential threats is to visit vendor websites of the products that you are using.  These companies created the products and know their products better than anyone, so they are the first place you should visit to research any potential threats & vulnerabilities associated with their products.
  • Vulnerability & Threat Feeds:  an ongoing stream of data related to potential or current threats to an organization’s security.  Vulnerability feeds provide information on attacks, including zero-day attacks, malware, botnets, & other security threats.  Vulnerability feeds are vital components of security infrastructure, which help identify & prevent security breaches.[1]  The National Institute of Standards and Technology (NIST) maintains a database of vulnerabilities known as the National Vulnerability Database where it keeps a list of Common Vulnerabilities and Exposures (CVEs).
  • Conferences & Local Industry Groups:  Conferences are a great place to meet industry people and learn first hand about the latest cyber threats floating around the Internet.
  • Academic Journals:  online research & periodicals written by cyber security professionals and organizations is another valuable tool into gathering information pertaining to the latest cyber security threats.
  • Request for Comments (RFC):  an RFC is a publication authored by individuals or groups that describe methods, behaviors, research, or innovations applicable to information technology.  
  • Social Media:  social media sites like Twitter can be a great tool for researching the latest threats & vulnerabilities.
  • Adversary Tactics, Techniques, & Procedures (TTP):  methods used by IT professionals to determine the behavior of a threat actor.  Tactics, techniques, & procedures help you to better understand adversaries better.  While each element is important by itself, by studying all three elements, attacks can more easily be hunted down, identified, and neutralized.  Knowing a  hacker’s TTP can help you identify attacks early enabling you to neutralize them before significant damage is done.[2]

References

  1. Wigmore, I. Threat Intelligence Feed (TI Feed). TechTarget.
  2. Mezquita, T. (2021). Tactics, Techniques, and Procedures (TTP). CyberHoot.