Hi there, let’s talk about Operational Threat Intelligence.
What is it and why we need it in a Security Operation Center?
Threat Intel is a service that any SOC must have in order to analyze, identify and correlate emerging cyber threats. The service is helpful for managing budget and monitoring evolving cyber scenarios, improve the correlation capabilities and manage indicators of compromise (IoCs) that can be used to prevent and detect malicious Threat Actors and CyberCrime that scampers on your own network.
How can we do all of this?
First of all we need a process that involves the IoC producers (internal or external) and an open source Threat Intelligence Platform (TIP) tailored to us.The TIP offers these capabilities: validate the IoCs against a false positive detection logic, store and enriches them with metadata and manage decay time.
What is the meaning of Actionable Threat Intelligence?
IoCs, once stored, need to be distributed to the systems that defends the cyber perimeters. In this way the risk of malicious events can be reduced thanks to detection and prevention technologies.
Are IoCs, like diamonds, forever?
Obviously not! An obsolescence strategy is fundamental in order to reach a compromise between tech limitations and the company’s defense capabilities.
Raffaele is a Cyber Security Engineer hungry for knowledge all around the security space. Following his interests, he studied Computer Engineering at University of Salerno and subsequently at Politecnico of Turin where he cooperated in security projects funded by EU community. Raffaele worked in Security Operation Centers of defense companies where he gained deep knowledge in operational security themes and security solutions and services design. He thinks that a security system is “only” a tool, it must be optimized for the context and, where feasible, adapted to the people; that’s why he’s focusing on the automation and integration of systems, eliminating the repetitive tasks with no added value. Attracted by the themes of threat intelligence, offensive security and security solutions design, in order to feed his hunger for knowledge he doesn’t mind new challenges in the design of security solutions and services especially in extended cyber perimeters.
Vito Lucatorto is a Cyber Security Engineer with a passion for Open Source systems. He studied at the University of Bari and later at the University of Milan. Creative and curious, with many projects in mind, interested in automating cyber security processes and passionate about threat intelligence and intelligence activity. He likes to work in critical contexts, to study complex and little-debated topics, to analyze unstructured incidents, to discover new defense and attack techniques.
Vito is specialized and interested in online anti-fraud and CyberCrime aspects.
Trained in a financial environment, he learned fundamental aspects such as analysis and meticulousness in performing tasks and he desires to follow and design high value projects for Cyber Security offices.