WEBVTT

1
00:00:00.040 --> 00:00:02.879
<v Speaker 1>Ever heard of a group called Spam House. They're like

2
00:00:02.919 --> 00:00:05.639
<v Speaker 1>these warriors against spam, right, but back in two thousand

3
00:00:05.639 --> 00:00:09.160
<v Speaker 1>and seven they got hit, like slammed with this massive

4
00:00:09.199 --> 00:00:10.640
<v Speaker 1>cyber attack, the storm Worm.

5
00:00:10.679 --> 00:00:13.640
<v Speaker 2>Oh yeah. It's a classic example really of how even

6
00:00:13.679 --> 00:00:18.679
<v Speaker 2>the people fighting against these threats they can become target themselves.

7
00:00:18.719 --> 00:00:21.079
<v Speaker 2>It's a real reminder of what we're dealing with in

8
00:00:21.120 --> 00:00:21.559
<v Speaker 2>this world.

9
00:00:21.760 --> 00:00:23.839
<v Speaker 1>Yeah, for sure. And that's actually what's got me so

10
00:00:24.280 --> 00:00:26.000
<v Speaker 1>I don't know interested in this book, we're looking at

11
00:00:26.039 --> 00:00:29.440
<v Speaker 1>operationalizing threat intelligence. It's like they want to give us,

12
00:00:29.519 --> 00:00:32.840
<v Speaker 1>you know, the actual tools and knowledge to really understand

13
00:00:32.880 --> 00:00:35.399
<v Speaker 1>and be ready for these threats. And forget the Hollywood

14
00:00:35.399 --> 00:00:38.399
<v Speaker 1>hacking stuff. We're talking actual strategies here exactly.

15
00:00:38.479 --> 00:00:40.320
<v Speaker 2>And a big part of that, a big part of

16
00:00:40.320 --> 00:00:44.079
<v Speaker 2>it is understanding what threat intelligence actually is, because honestly,

17
00:00:44.119 --> 00:00:45.280
<v Speaker 2>it's often misunderstood.

18
00:00:45.359 --> 00:00:47.799
<v Speaker 1>Right, It's got to be more than just like data, right,

19
00:00:48.200 --> 00:00:49.079
<v Speaker 1>Oh way, more.

20
00:00:49.479 --> 00:00:51.920
<v Speaker 2>Think of it this way. Imagine you're trying to bake

21
00:00:51.960 --> 00:00:54.759
<v Speaker 2>a cake, but you've just got this random pile of ingredients.

22
00:00:55.000 --> 00:00:58.439
<v Speaker 2>You might get lucky maybe, but chances are, you know

23
00:00:58.479 --> 00:01:01.439
<v Speaker 2>it's going to be a mess. Threat intelligence. It's like

24
00:01:01.479 --> 00:01:04.519
<v Speaker 2>having a recipe. It's about taking those raw ingredients that's

25
00:01:04.560 --> 00:01:08.239
<v Speaker 2>your data, malware samples, ips, whatever, and you're planting it,

26
00:01:08.480 --> 00:01:11.439
<v Speaker 2>you analyze it, and then and only then can you

27
00:01:11.480 --> 00:01:13.400
<v Speaker 2>turn it into something you can actually use, like to

28
00:01:13.400 --> 00:01:15.519
<v Speaker 2>build up a security posture you can rely on.

29
00:01:15.760 --> 00:01:17.519
<v Speaker 1>So it's not just about the info, it's about the

30
00:01:17.599 --> 00:01:19.280
<v Speaker 1>right info and knowing what to do with it.

31
00:01:19.439 --> 00:01:22.359
<v Speaker 2>Yeah, precisely. And just like you know there are different

32
00:01:22.359 --> 00:01:24.439
<v Speaker 2>cakes for different things, there are different I guess you

33
00:01:24.439 --> 00:01:27.799
<v Speaker 2>could say flavors of threat intelligence. Yeah, and each one

34
00:01:27.879 --> 00:01:28.519
<v Speaker 2>has a purpose.

35
00:01:28.640 --> 00:01:30.239
<v Speaker 1>Okay, I'm following. Can you give me an example.

36
00:01:30.400 --> 00:01:33.719
<v Speaker 2>Sure, Let's say you find a malicious URL. Okay, so

37
00:01:33.840 --> 00:01:38.879
<v Speaker 2>tactical intelligence that's your immediate response block it, but strategic

38
00:01:38.959 --> 00:01:42.760
<v Speaker 2>intelligence that might tell you this url it's part of

39
00:01:42.760 --> 00:01:45.840
<v Speaker 2>something much bigger, maybe a whole campaign going after a

40
00:01:45.840 --> 00:01:50.000
<v Speaker 2>French bank specifically. Right Suddenly, it's not just reacting to

41
00:01:50.040 --> 00:01:53.560
<v Speaker 2>a single thing. You're seeing their motives, how they work,

42
00:01:53.920 --> 00:01:56.159
<v Speaker 2>which means you can get ahead of it, protect yourself,

43
00:01:56.200 --> 00:01:56.840
<v Speaker 2>protect others.

44
00:01:56.920 --> 00:01:58.760
<v Speaker 1>That's huge. It's like I don't even know the difference

45
00:01:58.760 --> 00:02:02.640
<v Speaker 1>between dodging a bullet and like knowing the entire battlefield exactly.

46
00:02:02.719 --> 00:02:06.000
<v Speaker 2>But here's the thing, and it's a big one. Not

47
00:02:06.200 --> 00:02:10.400
<v Speaker 2>all threat intelligence is equal. Just because something says it's

48
00:02:10.400 --> 00:02:15.039
<v Speaker 2>intelligence doesn't mean it's accurate, it's reliable, or even that

49
00:02:15.120 --> 00:02:17.120
<v Speaker 2>it matters to your situation, you know.

50
00:02:17.280 --> 00:02:18.960
<v Speaker 1>So then how do you even how do you filter

51
00:02:19.080 --> 00:02:21.960
<v Speaker 1>all that out? How do you tell what's good what's garbage?

52
00:02:22.039 --> 00:02:23.919
<v Speaker 2>That's well, you have to think critically. You got to

53
00:02:23.919 --> 00:02:26.639
<v Speaker 2>look at the source. Has anyone else backed this up?

54
00:02:26.919 --> 00:02:29.400
<v Speaker 2>Does it fit with what other credible sources are saying?

55
00:02:30.080 --> 00:02:33.400
<v Speaker 2>And this is key, is it even relevant to your

56
00:02:33.479 --> 00:02:34.400
<v Speaker 2>specific threats?

57
00:02:35.080 --> 00:02:37.560
<v Speaker 1>So even in security, you got to be what like skeptical,

58
00:02:38.000 --> 00:02:40.960
<v Speaker 1>like a journalist checking their sources or something.

59
00:02:40.879 --> 00:02:44.520
<v Speaker 2>Undred percent, because making a decision based on bad intel

60
00:02:44.680 --> 00:02:47.120
<v Speaker 2>it can be worse than having none at all. You're

61
00:02:47.120 --> 00:02:49.560
<v Speaker 2>opening yourself up without even realizing it.

62
00:02:49.680 --> 00:02:52.639
<v Speaker 1>Okay, that's that's a little scary, but it makes sense.

63
00:02:53.599 --> 00:02:57.120
<v Speaker 1>So we've got what threat intelligence is, why it matters?

64
00:02:57.960 --> 00:03:01.479
<v Speaker 1>What about the people behind the attack? Though? Who are

65
00:03:01.520 --> 00:03:03.800
<v Speaker 1>these people? Why are they doing it? Is it always

66
00:03:03.800 --> 00:03:04.439
<v Speaker 1>about money?

67
00:03:04.759 --> 00:03:07.039
<v Speaker 2>Well, money is a big driver, sure, but it's not

68
00:03:07.120 --> 00:03:10.800
<v Speaker 2>the only one. You've got activists, they're driven by ideology, right,

69
00:03:10.960 --> 00:03:14.840
<v Speaker 2>Nation states doing espionage. And then there are people, I

70
00:03:14.840 --> 00:03:16.560
<v Speaker 2>don't know, maybe they're bored, maybe they just want to

71
00:03:16.599 --> 00:03:18.520
<v Speaker 2>see what they can do, you know, notoriety.

72
00:03:18.680 --> 00:03:21.319
<v Speaker 1>Wow, so you're saying someone could launch an attack just

73
00:03:21.439 --> 00:03:22.000
<v Speaker 1>for kicks.

74
00:03:22.840 --> 00:03:25.280
<v Speaker 2>It's more common than you'd think, honestly. And then you

75
00:03:25.319 --> 00:03:27.759
<v Speaker 2>have the cases where well, it's not so clear cut.

76
00:03:27.879 --> 00:03:31.000
<v Speaker 2>You have researchers, security people, they become the targets.

77
00:03:31.080 --> 00:03:31.719
<v Speaker 1>That's chilling.

78
00:03:32.159 --> 00:03:34.879
<v Speaker 2>Yeah, the book mentions a researcher got targeted just for

79
00:03:34.960 --> 00:03:37.639
<v Speaker 2>looking at a blog. It makes you realize how exposed

80
00:03:37.680 --> 00:03:39.520
<v Speaker 2>you can be online, even if you think you're just

81
00:03:39.680 --> 00:03:42.039
<v Speaker 2>you know, browsing, right. It shows the stakes are really

82
00:03:42.080 --> 00:03:44.960
<v Speaker 2>high here, and you got to understand the different players

83
00:03:45.000 --> 00:03:47.280
<v Speaker 2>what they want. It's not always you know, black and white.

84
00:03:48.000 --> 00:03:51.000
<v Speaker 2>Sometimes the people you think you're protecting yourself from, well

85
00:03:51.120 --> 00:03:52.759
<v Speaker 2>they're the ones you'd least expect.

86
00:03:53.039 --> 00:03:56.080
<v Speaker 1>Okay, yeah, I'm definitely this is all pretty interesting. So

87
00:03:56.319 --> 00:03:59.439
<v Speaker 1>how do these analysts, the people doing this work, how

88
00:03:59.439 --> 00:04:02.840
<v Speaker 1>do they even go about finding this intel? It sounds

89
00:04:03.240 --> 00:04:04.520
<v Speaker 1>incredibly complicated.

90
00:04:04.680 --> 00:04:07.840
<v Speaker 2>It is complex, yeah, but it's not like magic or anything.

91
00:04:07.919 --> 00:04:11.800
<v Speaker 2>It's a process, a structured way of doing things, identifying

92
00:04:11.800 --> 00:04:15.520
<v Speaker 2>the threats, analyzing, mitigating the whole nine yards.

93
00:04:15.639 --> 00:04:18.519
<v Speaker 1>So not like the movies, all the frantic typing and

94
00:04:18.560 --> 00:04:20.079
<v Speaker 1>screens flashing exactly.

95
00:04:20.160 --> 00:04:24.800
<v Speaker 2>Thread Intelligence it relies on methodologies, you know, proven ways

96
00:04:24.800 --> 00:04:27.879
<v Speaker 2>of doing things, like there's the thread intelligence life cycle.

97
00:04:28.040 --> 00:04:32.560
<v Speaker 2>This framework, it breaks everything down into manageable stages, so

98
00:04:32.680 --> 00:04:34.560
<v Speaker 2>from the planning stages all the way to putting the

99
00:04:34.560 --> 00:04:37.000
<v Speaker 2>intelligence together and getting it out there. It helps analysts

100
00:04:37.000 --> 00:04:38.879
<v Speaker 2>stay organized and make sure they're looking at everything they

101
00:04:38.959 --> 00:04:39.240
<v Speaker 2>need to.

102
00:04:39.639 --> 00:04:42.439
<v Speaker 1>So it's like having a roadmap when you're dealing with

103
00:04:42.480 --> 00:04:44.399
<v Speaker 1>all this stuff exactly.

104
00:04:43.959 --> 00:04:46.199
<v Speaker 2>And like any good map, it helps you get where

105
00:04:46.240 --> 00:04:48.399
<v Speaker 2>you need to go much more efficiently and effectively.

106
00:04:48.680 --> 00:04:51.360
<v Speaker 1>Okay, so there's a structure to this which makes it

107
00:04:51.399 --> 00:04:53.879
<v Speaker 1>seem a little less i don't know, like a foreign language.

108
00:04:54.199 --> 00:04:56.720
<v Speaker 1>But what about the work itself? I mean, how do

109
00:04:56.879 --> 00:05:00.879
<v Speaker 1>these analysts actually stay safe digging into you know, the

110
00:05:00.920 --> 00:05:05.319
<v Speaker 1>dark side of the internet. The book mentioned OPSEEC and

111
00:05:05.600 --> 00:05:09.000
<v Speaker 1>that whole idea of researchers getting targeted is well a

112
00:05:09.040 --> 00:05:10.680
<v Speaker 1>little unnerving to say the least.

113
00:05:10.759 --> 00:05:13.199
<v Speaker 2>Oh, it's absolutely crucial, especially if you're dealing with you know,

114
00:05:13.279 --> 00:05:16.920
<v Speaker 2>actual threat actors or really sensitive stuff. Can you imagine

115
00:05:16.959 --> 00:05:20.680
<v Speaker 2>the pressure of trying to blend in online, knowing that

116
00:05:20.920 --> 00:05:24.319
<v Speaker 2>one wrong move and boom, you compromise your whole security,

117
00:05:24.360 --> 00:05:25.439
<v Speaker 2>maybe even your safety.

118
00:05:25.600 --> 00:05:27.759
<v Speaker 1>Yeah, that's a lot. It sounds well like a spy

119
00:05:27.839 --> 00:05:29.000
<v Speaker 1>movie almost, So what do they do.

120
00:05:29.360 --> 00:05:32.240
<v Speaker 2>It's definitely more than just like using a VPN or

121
00:05:32.240 --> 00:05:34.720
<v Speaker 2>having good passwords, although those those are important, of course,

122
00:05:35.120 --> 00:05:38.319
<v Speaker 2>But the book talks about get this crafting digital personas

123
00:05:38.319 --> 00:05:40.600
<v Speaker 2>almost like undercover agents online.

124
00:05:40.680 --> 00:05:42.920
<v Speaker 1>So they create these fake identities so they can like

125
00:05:43.560 --> 00:05:46.879
<v Speaker 1>blend in and not get caught. That's wild exactly.

126
00:05:47.120 --> 00:05:51.000
<v Speaker 2>You might create a whole backstory online profiles, even think

127
00:05:51.040 --> 00:05:53.800
<v Speaker 2>about it, a digital footprint, to make you look like

128
00:05:53.839 --> 00:05:56.920
<v Speaker 2>someone you're not, someone who'd fit in those circles without

129
00:05:57.000 --> 00:05:58.120
<v Speaker 2>raising any red flags.

130
00:05:58.920 --> 00:06:00.759
<v Speaker 1>It sounds like a tough thing to get right. How

131
00:06:00.800 --> 00:06:03.040
<v Speaker 1>do they know, you know? How much detail is enough

132
00:06:03.079 --> 00:06:06.040
<v Speaker 1>without like going too far and actually getting in trouble.

133
00:06:06.079 --> 00:06:08.079
<v Speaker 2>Well, yeah, that's that's the balancing act, isn't it. You've

134
00:06:08.079 --> 00:06:10.120
<v Speaker 2>got to be convincing enough to get what you need,

135
00:06:10.439 --> 00:06:12.120
<v Speaker 2>but not so much that you cross a line and

136
00:06:12.120 --> 00:06:14.959
<v Speaker 2>put yourself at risk. It takes a deep understanding of

137
00:06:15.480 --> 00:06:19.800
<v Speaker 2>the communities they're infiltrating, right, how they talk, the culture everything.

138
00:06:19.560 --> 00:06:22.360
<v Speaker 1>So they really are like, I don't know, method actors

139
00:06:22.399 --> 00:06:25.120
<v Speaker 1>for cyber Okay, so let's say they've done all that,

140
00:06:25.240 --> 00:06:29.279
<v Speaker 1>got their digital disguises ready, what's next? How do they

141
00:06:29.319 --> 00:06:32.639
<v Speaker 1>actually find these clues that make up threat intelligence? What

142
00:06:32.680 --> 00:06:33.480
<v Speaker 1>are they looking for?

143
00:06:34.160 --> 00:06:38.279
<v Speaker 2>It's a combination of well technical skills, for sure, but

144
00:06:38.399 --> 00:06:43.759
<v Speaker 2>also good old fashioned detective work. One approach is analyzing malware.

145
00:06:44.240 --> 00:06:46.079
<v Speaker 2>You can almost think of it like I don't know,

146
00:06:46.079 --> 00:06:48.199
<v Speaker 2>getting a suspicious package delivered to your door.

147
00:06:48.279 --> 00:06:50.040
<v Speaker 1>You're not suggesting they open it, are.

148
00:06:49.920 --> 00:06:53.120
<v Speaker 2>You, No, No, of course not. But in the digital world,

149
00:06:53.279 --> 00:06:55.759
<v Speaker 2>we've got these things called sandboxes. One example is Joe

150
00:06:55.839 --> 00:06:58.399
<v Speaker 2>sandboxes like a I guess, you could say, a safe room,

151
00:06:58.519 --> 00:07:01.399
<v Speaker 2>a controlled environment where they can and like detonate the

152
00:07:01.439 --> 00:07:04.319
<v Speaker 2>package safely see how it works without actually risking any

153
00:07:04.360 --> 00:07:05.480
<v Speaker 2>damage to their own systems.

154
00:07:05.600 --> 00:07:07.800
<v Speaker 1>Makes sense, So they can watch it, see what it does,

155
00:07:07.879 --> 00:07:10.720
<v Speaker 1>how it behaves, all without unleashing it exactly.

156
00:07:10.759 --> 00:07:13.160
<v Speaker 2>That's what we called the dynamic analysis, seeing it in action.

157
00:07:13.560 --> 00:07:16.279
<v Speaker 2>But then they also do static analysis, which is more

158
00:07:16.360 --> 00:07:19.959
<v Speaker 2>like I guess, carefully examining that package without opening it,

159
00:07:20.040 --> 00:07:22.160
<v Speaker 2>looking for clues about where it came from what it

160
00:07:22.240 --> 00:07:22.639
<v Speaker 2>might be.

161
00:07:22.720 --> 00:07:25.680
<v Speaker 1>So they're getting like the internal and the external view precisely.

162
00:07:25.959 --> 00:07:32.079
<v Speaker 2>And then there's pivoting. Often you'll find like one small clue,

163
00:07:32.160 --> 00:07:35.800
<v Speaker 2>maybe a weird domain name, you can unravel a whole operation.

164
00:07:36.079 --> 00:07:38.800
<v Speaker 2>Really analysts use that one thing to jump to other

165
00:07:38.920 --> 00:07:42.040
<v Speaker 2>data of maybe IP addresses, emails, using names, whatever they

166
00:07:42.040 --> 00:07:44.759
<v Speaker 2>can find. Slowly they build up this map of like

167
00:07:44.879 --> 00:07:47.759
<v Speaker 2>the attackers, whole infrastructure, their movements, everything.

168
00:07:47.800 --> 00:07:49.399
<v Speaker 1>Wow, it's like I don't know, pulling on a loose

169
00:07:49.439 --> 00:07:51.680
<v Speaker 1>thread and then the whole sweater comes undone.

170
00:07:51.800 --> 00:07:53.839
<v Speaker 2>That's a great way to put it. And then sometimes

171
00:07:54.120 --> 00:07:57.240
<v Speaker 2>you need to go through like mountains of data looking

172
00:07:57.240 --> 00:07:59.399
<v Speaker 2>for these tiny patterns that we might not even see

173
00:07:59.399 --> 00:08:03.399
<v Speaker 2>as humans. That's where clustering comes in. Imagine a detective, right,

174
00:08:03.600 --> 00:08:06.079
<v Speaker 2>they notice the fingerprints at different crime scenes, they all

175
00:08:06.120 --> 00:08:09.000
<v Speaker 2>have this one weird thing in common. Well, that's kind

176
00:08:09.000 --> 00:08:12.000
<v Speaker 2>of what these algorithms do. But with digital.

177
00:08:11.720 --> 00:08:16.759
<v Speaker 1>Data, like digital fingerprint experts making connections we'd miss exactly.

178
00:08:16.879 --> 00:08:20.439
<v Speaker 2>Algorithms like well, there's tlsh and d hash. They can

179
00:08:20.480 --> 00:08:24.879
<v Speaker 2>analyze massive amounts of information looking for similarities and you know,

180
00:08:25.079 --> 00:08:28.680
<v Speaker 2>file hash's code whatever it is. This helps analysts connect

181
00:08:28.720 --> 00:08:31.240
<v Speaker 2>the dots, find those larger campaigns. Maybe there are multiple

182
00:08:31.240 --> 00:08:33.919
<v Speaker 2>people attacking multiple targets. Gets complicated.

183
00:08:34.120 --> 00:08:36.639
<v Speaker 1>Okay, so they're gathering all this data, looking at malware,

184
00:08:36.720 --> 00:08:40.320
<v Speaker 1>following these digital trails basically, But then what what's the

185
00:08:40.399 --> 00:08:42.799
<v Speaker 1>last piece of the puzzle. How do you turn all

186
00:08:42.799 --> 00:08:45.720
<v Speaker 1>that raw info into something useful, something that can actually

187
00:08:45.759 --> 00:08:47.000
<v Speaker 1>stop the next attack.

188
00:08:47.679 --> 00:08:49.639
<v Speaker 2>It really is like that, isn't it putting together this

189
00:08:49.679 --> 00:08:53.080
<v Speaker 2>giant puzzle? But all the pieces are like scattered across

190
00:08:53.159 --> 00:08:55.679
<v Speaker 2>the Internet, and the puzzle is always changing too, right, Yeah,

191
00:08:55.799 --> 00:08:58.960
<v Speaker 2>new threats pop up, attackers, they learn, they adapt, which is.

192
00:08:58.879 --> 00:09:02.399
<v Speaker 1>Where I guess that whole actionable part of thread intelligence

193
00:09:02.440 --> 00:09:05.200
<v Speaker 1>comes in. Knowing isn't enough. You got to be able

194
00:09:05.200 --> 00:09:07.240
<v Speaker 1>to actually do something one hundred percent.

195
00:09:07.399 --> 00:09:09.679
<v Speaker 2>That's the I'd say that's the most important part. You

196
00:09:09.759 --> 00:09:11.519
<v Speaker 2>got all this raw data, you have to be able

197
00:09:11.559 --> 00:09:13.279
<v Speaker 2>to turn it into something that you know, people can

198
00:09:13.440 --> 00:09:16.399
<v Speaker 2>use to make decisions, take action in the whole nine yards.

199
00:09:16.440 --> 00:09:18.159
<v Speaker 1>Okay, so how does that work in the you know,

200
00:09:18.320 --> 00:09:20.840
<v Speaker 1>in the real world. Didn't the book use that example?

201
00:09:20.919 --> 00:09:23.240
<v Speaker 1>Ozark International Bank, right right?

202
00:09:23.279 --> 00:09:27.039
<v Speaker 2>They were getting hit with everything phishing aimed at their employees,

203
00:09:27.480 --> 00:09:30.080
<v Speaker 2>then you had the really nasty malware trying to get

204
00:09:30.120 --> 00:09:33.440
<v Speaker 2>into their systems. The whole works that case study. It

205
00:09:33.519 --> 00:09:36.519
<v Speaker 2>showed how like thread intelligence was crucial for them to

206
00:09:36.519 --> 00:09:37.000
<v Speaker 2>fight back.

207
00:09:37.120 --> 00:09:39.159
<v Speaker 1>Yeah, it was like watching I don't know, a cyber

208
00:09:39.240 --> 00:09:41.600
<v Speaker 1>thriller or something, seeing how they used all these different

209
00:09:41.639 --> 00:09:43.080
<v Speaker 1>tools and techniques.

210
00:09:42.840 --> 00:09:45.480
<v Speaker 2>They were able to start making connections. Yeah, between what

211
00:09:45.600 --> 00:09:50.440
<v Speaker 2>seemed like totally random stuff isolated incidents, figure out the

212
00:09:50.519 --> 00:09:53.279
<v Speaker 2>attacker's playbook, so to speak, what they were going to

213
00:09:53.320 --> 00:09:55.720
<v Speaker 2>do next, and then actually strengthen their defenses.

214
00:09:55.960 --> 00:09:57.960
<v Speaker 1>One thing that I don't know, I found really interesting

215
00:09:58.080 --> 00:10:01.080
<v Speaker 1>was how important that open source and intelligence was, Like

216
00:10:02.240 --> 00:10:04.759
<v Speaker 1>using things like tweet deck to see what people were

217
00:10:04.759 --> 00:10:07.519
<v Speaker 1>saying about the bank, any potential threats out there.

218
00:10:07.600 --> 00:10:11.120
<v Speaker 2>Oh, it's invaluable ocent as we call it. It's all

219
00:10:11.159 --> 00:10:16.240
<v Speaker 2>about basically taking information that's already public, could be social media, news,

220
00:10:16.279 --> 00:10:19.480
<v Speaker 2>those forums where things get discussed, whatever's out there, and

221
00:10:19.519 --> 00:10:22.759
<v Speaker 2>you use that to get a better picture of the threatscape, like.

222
00:10:22.759 --> 00:10:25.919
<v Speaker 1>Having I don't know, eyes and ears everywhere listening for

223
00:10:26.080 --> 00:10:27.559
<v Speaker 1>any sign of trouble exactly.

224
00:10:27.600 --> 00:10:30.679
<v Speaker 2>And then you've got your tools like virus Total. Analysts

225
00:10:30.720 --> 00:10:32.960
<v Speaker 2>can upload a file see if any of the anti

226
00:10:33.080 --> 00:10:34.559
<v Speaker 2>virus engines out there have flagged it.

227
00:10:34.559 --> 00:10:36.919
<v Speaker 1>As bad, so it's like getting a second opinion, but

228
00:10:37.000 --> 00:10:39.720
<v Speaker 1>from like a million security experts at once.

229
00:10:39.600 --> 00:10:43.720
<v Speaker 2>Pretty much. And then platforms something like open CTI that

230
00:10:43.720 --> 00:10:46.440
<v Speaker 2>gives you one place to manage everything, see the connections,

231
00:10:46.840 --> 00:10:47.759
<v Speaker 2>work with other people.

232
00:10:48.080 --> 00:10:50.320
<v Speaker 1>So it's not even just the tools themselves, it's also

233
00:10:50.879 --> 00:10:53.960
<v Speaker 1>having you know, the right processes, the right people to

234
00:10:54.000 --> 00:10:54.600
<v Speaker 1>make sense.

235
00:10:54.440 --> 00:10:58.080
<v Speaker 2>Of it all goodness said it better myself threat intelligence.

236
00:10:59.000 --> 00:11:02.480
<v Speaker 2>It's a team effort. Really got to have collaboration, communication,

237
00:11:02.600 --> 00:11:04.919
<v Speaker 2>and everyone needs to be on the same page about

238
00:11:04.919 --> 00:11:06.519
<v Speaker 2>the threats and how you're going to deal with them.

239
00:11:06.559 --> 00:11:08.799
<v Speaker 1>This has been I gotta say, it's fascinating how this

240
00:11:08.840 --> 00:11:12.039
<v Speaker 1>whole field it's like technical stuff, sure, but also it's

241
00:11:12.080 --> 00:11:13.759
<v Speaker 1>almost like detective work.

242
00:11:13.639 --> 00:11:15.679
<v Speaker 2>You know, and the stakes are huge, which is why

243
00:11:15.919 --> 00:11:18.799
<v Speaker 2>you can't You can't go into this without like a

244
00:11:18.799 --> 00:11:22.519
<v Speaker 2>healthy bit of skepticism. Always question what you think, Yeah,

245
00:11:22.559 --> 00:11:23.919
<v Speaker 2>you know, look for a different point of view.

246
00:11:24.000 --> 00:11:26.080
<v Speaker 1>So for someone listening to us, maybe they're feeling a

247
00:11:26.080 --> 00:11:28.559
<v Speaker 1>bit overwhelmed by all this, what's I don't know, what's

248
00:11:28.600 --> 00:11:30.600
<v Speaker 1>the one thing they should take away? How do you

249
00:11:30.639 --> 00:11:32.200
<v Speaker 1>even start to make sense of.

250
00:11:32.159 --> 00:11:35.279
<v Speaker 2>All this awareness. That's the key threats are out there,

251
00:11:35.679 --> 00:11:39.000
<v Speaker 2>that's the reality. Learn about how these attackers work, what

252
00:11:39.039 --> 00:11:42.320
<v Speaker 2>they do, and just be careful what you do online.

253
00:11:41.960 --> 00:11:46.320
<v Speaker 1>So basic stuff. Don't click suspicious links, be careful what

254
00:11:46.399 --> 00:11:49.840
<v Speaker 1>information you put out there, keep your systems updated exactly.

255
00:11:50.039 --> 00:11:52.600
<v Speaker 2>Make yourself a harder target. That's what it's about. Know

256
00:11:52.720 --> 00:11:55.600
<v Speaker 2>the risks and how to you know, protect yourself.

257
00:11:55.679 --> 00:11:57.799
<v Speaker 1>And this is something that well, it's always changing, right.

258
00:11:57.840 --> 00:11:59.799
<v Speaker 1>What's true today might not be tomorrow.

259
00:12:00.200 --> 00:12:02.000
<v Speaker 2>That's why it's so important to stay up to date,

260
00:12:02.240 --> 00:12:04.879
<v Speaker 2>keep learning, you know, make sure your security can adapt

261
00:12:04.879 --> 00:12:05.960
<v Speaker 2>as things change.

262
00:12:06.279 --> 00:12:09.879
<v Speaker 1>Well, as we wrap up this deep dive into I

263
00:12:09.879 --> 00:12:12.279
<v Speaker 1>guess the world of threat intelligence, I think the message

264
00:12:12.279 --> 00:12:13.440
<v Speaker 1>is well pretty clear.

265
00:12:13.879 --> 00:12:16.440
<v Speaker 2>Knowledge is power, right, and in this day and age,

266
00:12:16.480 --> 00:12:20.399
<v Speaker 2>especially online, that knowledge it could be the difference between

267
00:12:20.399 --> 00:12:22.639
<v Speaker 2>well staying safe and becoming a victim.

268
00:12:22.840 --> 00:12:25.840
<v Speaker 1>That's definitely something to think about. Until next time, Everybody,

269
00:12:25.919 --> 00:12:28.399
<v Speaker 1>stay curious, stay vigilant, and stay safe,