EC-Council Certified Threat Intelligence Analyst (CTIA)

 

Course Overview

Certified Threat Intelligence Analyst (C|TIA) is a training and credentialing program designed and developed in collaboration with cybersecurity and threat intelligence experts across the globe to help organizations identify and mitigate business risks by converting unknown internal and external threats into known threats. It is a comprehensive specialist-level program that teaches a structured approach for building effective threat intelligence.

The program was based on a rigorous Job Task Analysis (JTA) of the job roles involved in the field of threat intelligence. This program differentiates threat intelligence professionals from other information security professionals. It is a highly interactive, comprehensive, standards-based, intensive 3-day training program that teaches information security professionals to build professional threat intelligence.

In the ever-changing threat landscape, C|TIA is an highly essential program for those who deal with cyber threats on a daily basis. Organizations today demand a professional level cybersecurity threat intelligence analyst who can extract the intelligence from data by implementing various advanced strategies. Such professional level programs can only be achieved when the core of the curricula maps with and is compliant to government and industry published threat intelligence frameworks.

C|TIA is a method-driven program that uses a holistic approach, covering concepts from planning the threat intelligence project to building a report to disseminating threat intelligence. These concepts are highly essential while building effective threat intelligence and, when used properly, can secure organizations from future threats or attacks.

This program addresses all the stages involved in the Threat Intelligence Life Cycle, with This attention to a realistic and futuristic approach makes C|TIA one of the most comprehensive threat intelligence certifications on the market today. This program provides the solid, professional knowledge that is required for a career in threat intelligence, and enhances your skills as a Threat Intelligence Analyst, increasing your employability. It is desired by most cybersecurity engineers, analysts, and professions from around the world and is respected by hiring authorities.

Who should attend

  • Ethical Hackers
  • Security Practitioners, Engineers, Analysts, Specialist, Architects, Managers
  • Threat Intelligence Analysts, Associates, Researchers, Consultants
  • Threat Hunters
  • SOC Professionals
  • Digital Forensic and Malware Analysts
  • Incident Response Team Members
  • Any mid-level to high-level cybersecurity professionals with a minimum of 3-5 years of experience.
  • Individuals from the information security profession and who want to enrich their skills and knowledge in the field of cyber threat intelligence.
  • Individuals interested in preventing cyber threats.

Course Objectives

  • Key issues plaguing the information security world
  • Importance of threat intelligence in risk management, SIEM, and incident response
  • Various types of cyber threats, threat actors and their motives, goals, and objectives of cybersecurity attacks
  • Fundamentals of threat intelligence (including threat intelligence types, lifecycle, strategy, capabilities, maturity model, frameworks, etc.)
  • Cyber kill chain methodology, Advanced Persistent Threat (APT) lifecycle, Tactics, Techniques, and Procedures (TTPs), Indicators of Compromise (IoCs), and pyramid of pain
  • Various steps involved in planning a threat intelligence program (Requirements, Planning, Direction, and Review)
  • Different types of data feeds, sources, and data collection methods
  • Threat intelligence data collection and acquisition through Open Source Intelligence (OSINT), Human Intelligence (HUMINT), Cyber Counterintelligence (CCI), Indicators of Compromise (IoCs), and malware analysis
  • Bulk data collection and management (data processing, structuring, normalization, sampling, storing, and visualization)
  • Different data analysis types and techniques including statistical Data Analysis, Analysis of Competing Hypotheses (ACH), Structured Analysis of Competing Hypotheses (SACH), etc.)
  • Complete threat analysis process which includes threat modeling, fine-tuning, evaluation, runbook, and knowledge base creation
  • Different data analysis, threat modeling, and threat intelligence tools
  • Threat intelligence dissemination and sharing protocol including dissemination preferences, intelligence collaboration, sharing rules and models, TI exchange types and architectures, participating in sharing relationships, standards, and formats for sharing threat intelligence
  • Creating effective threat intelligence reports
  • Different threat intelligence sharing platforms, acts, and regulations for sharing strategic, tactical, operational, and technical intelligence

Outline: EC-Council Certified Threat Intelligence Analyst (CTIA)

Module 01: Introduction to Threat Intelligence

Understanding Intelligence
  • Intelligence Definition and Essential Terminology
  • Intelligence vs. Information vs. Data
  • Intelligence-Led Security Testing (Background and Reasons)
Understanding Cyber Threat Intelligence
  • Cyber Threat Intelligence (CTI)
  • Cyber Threat Intelligence Stages
  • Characteristics of Threat Intelligence
  • Benefits of CTI
  • Enterprise Objectives for Threat Intelligence Programs
  • How can Threat Intelligence Help Organizations
  • Types of Threat Intelligence
    • Strategic Threat Intelligence
    • Tactical Threat Intelligence
    • Operational Threat Intelligence
    • Technical Threat Intelligence
  • Threat Intelligence Generation
  • Threat Intelligence Informed Risk Management
  • Integration of Threat Intelligence into SIEM
  • Leverage Threat Intelligence for Enhanced Incident Response
    • Enhancing Incident Response by Establishing SOPs for Threat Intelligence
  • Organizational Scenarios using Threat Intelligence
What Organizations and Analysts Expect?
  • Common Information Security Organization (CISO) Structure
    • Cyber Threat Analyst Responsibilities
  • Threat Intelligence Use Cases
Overview of Threat Intelligence Lifecycle and Frameworks
  • Threat Intelligence Lifecycle
  • Threat Analyst Roles in Threat Intelligence Lifecycle
  • Threat Intelligence Strategy
  • Threat Intelligence Capabilities
  • Capabilities to Look for in Threat Intelligence Solution
  • Threat Intelligence Maturity Model
  • Threat Intelligence Frameworks
    • Collective Intelligence Framework (CIF)
    • CrowdStrike Cyber Threat Intelligence Solution
    • NormShield Threat and Vulnerability Orchestration
    • MISP - Open Source Threat Intelligence Platform
    • TC Complete
    • Yeti
    • ThreatStream
  • Additional Threat Intelligence Frameworks

Module 02: Cyber Threats and Kill Chain Methodology

Understanding Cyber Threats
  • Overview of Cyber Threats
  • Cyber Security Threat Categories
  • Threat Actors/Profiling the Attacker
  • Threat: Intent, Capability, Opportunity Triad
  • Motives, Goals, and Objectives of Cyber Security Attacks
  • Hacking Forums
Understanding Advanced Persistent Threats (APTs)
  • Advanced Persistent Threats (APTs)
  • Characteristics of Advanced Persistent Threats (APTs)
  • Advanced Persistent Threat Lifecycle
Understanding Cyber Kill Chain
  • Cyber Kill Chain Methodology
  • Tactics, Techniques, and Procedures (TTPs)
  • Adversary Behavioral Identification
  • Kill Chain Deep Dive Scenario - Spear Phishing
Understanding Indicators of Compromise (IoCs)
  • Indicators of Compromise (IoCs)
  • Why Indicators of Compromise Important?
  • Categories of IoCs
  • Key Indicators of Compromise
  • Pyramid of Pain

Module 03: Requirements, Planning, Direction, and Review

Understanding Organization’s Current Threat Landscape
  • Identify Critical Threats to the Organization
  • Assess Organization’s Current Security Pressure Posture
    • Assess Current Security Team’s Structure and Competencies
    • Understand Organization’s Current Security Infrastructure and Operations
  • Assess Risks for Identified Threats
Understanding Requirements Analysis
  • ▪ Map out Organization’s Ideal Target State
  • ▪ Identify Intelligence Needs and Requirements
  • ▪ Define Threat Intelligence Requirements
    • Threat Intelligence Requirement Categories
  • Business Needs and Requirements
    • Business Units, Internal Stakeholders, and Third-Parties
    • Other Teams
  • Intelligence Consumers Needs and Requirements
  • Priority Intelligence Requirements (PIRs)
  • Factors for Prioritizing Requirements
  • MoSCoW Method for Prioritizing Requirements
  • Prioritize Organizational Assets
  • Scope Threat Intelligence Program
  • Rules of Engagement
  • Non-Disclosure Agreements
  • Avoid Common Threat Intelligence Pitfalls
Planning Threat Intelligence Program
  • Prepare People, Processes, and Technology
  • Develop a Collection Plan
  • Schedule Threat Intelligence Program
  • Plan a Budget
  • Develop Communication Plan to Update Progress to Stakeholders
  • Aggregate Threat Intelligence
  • Select a Threat Intelligence Platform
  • Consuming Intelligence for Different Goals
  • Track Metrics to Keep Stakeholders Informed
Establishing Management Support
  • Prepare Project Charter and Policy to Formalize the Initiative
    • Establish Your Case to Management for a Threat Intelligence Program
    • Apply a Strategic Lens to the Threat Intelligence Program
Building a Threat Intelligence Team
  • Satisfy Organizational Gaps with the Appropriate Threat Intelligence Team
    • Understand different Threat Intelligence Roles and Responsibilities
    • Identify Core Competencies and Skills
    • Define Talent Acquisition Strategy
    • Building and Positioning an Intelligence Team
    • How to Prepare an Effective Threat Intelligence Team
Overview of Threat Intelligence Sharing
  • Establishing Threat Intelligence Sharing Capabilities
  • Considerations for Sharing Threat Intelligence
  • Sharing Intelligence with Variety of Organizations
  • Types of Sharing Partners
  • Important Selection Criteria for Partners
  • Sharing Intelligence Securely
Reviewing Threat Intelligence Program
  • Threat Intelligence Led Engagement Review
  • Considerations for Reviewing Threat Intelligence Program
  • Assessing the Success and Failure of the Threat Intelligence Program

Module 04: Data Collection and Processing

Overview of Threat Intelligence Data Collection
  • Introduction to Threat Intelligence Data Collection
  • Data Collection Methods
  • Types of Data
  • Types of Threat Intelligence Data Collection
Overview of Threat Intelligence Collection Management
  • Understanding Operational Security for Data Collection
  • Understanding Data Reliability
  • Ensuring Intelligence Collection Methods Produce Actionable Data
  • Validate the Quality and Reliability of Third Party Intelligence Sources
  • Establish Collection Criteria for Prioritization of Intelligence Needs and Requirements
  • Building a Threat Intelligence Collection Plan
Overview of Threat Intelligence Feeds and Sources
  • Threat Intelligence Feeds
  • Threat Intelligence Sources
Understanding Threat Intelligence Data Collection and Acquisition
  • Threat Intelligence Data Collection and Acquisition
  • Data Collection through Open Source Intelligence (OSINT)
    • Data Collection through Search Engines
      • Data Collection through Advanced Google Search
      • Data Collection through Google Hacking Database
      • Data Collection through ThreatCrowd
      • Data Collection through Deep and Dark Web Searching
    • Data Collection through Web Services
      • Finding Top-level Domains (TLDs) and Sub-domains
      • Data Collection through Job Sites
      • Data Collection through Groups, Forums, and Blogs
      • Data Collection through Social Networking Sites
      • Data Collection related to Blacklisted and Whitelisted Sites
    • Data Collection through Website Footprinting
      • Data Collection through Monitoring Website Traffic
      • Data Collection through Website Mirroring
      • Extracting Website Information from https://archive.org
      • Extracting Metadata of Public Documents
    • Data Collection through Emails
      • Data Collection by Tracking Email Communications
      • Data Collection from Email Header
      • Data Collection through Emails: eMailTrackerPro
    • Data Collection through Whois Lookup
    • Data Collection through DNS Interrogation
      • Data Collection through DNS Lookup and Reverse DNS Lookup
      • Fast-Flux DNS Information Gathering
      • Dynamic DNS (DDNS) Information Gathering
      • DNS Zone Transfer Information Gathering
    • Automating OSINT effort using Tools/Frameworks/Scripts
      • Maltego
      • OSTrICa (Open Source Threat Intelligence Collector)
      • OSRFramework
      • FOCA
      • GOSINT
      • Automating OSINT effort using Tools/Frameworks/Scripts
  • Data Collection through Human Intelligence (HUMINT)
    • Data Collection through Human-based Social Engineering Techniques
    • Data Collection through Interviewing and Interrogation
    • Social Engineering Tools
  • Data Collection through Cyber Counterintelligence (CCI)
    • Data Collection through Honeypots
    • Data Collection through Passive DNS Monitoring
    • Data Collection through Pivoting Off Adversary’s Infrastructure
    • Data Collection through Malware Sinkholes
    • Data Collection through YARA Rules
  • Data Collection through Indicators of Compromise (IoCs)
    • IoC Data Collection through External Sources
      • Commercial and Industry IoC Sources
        • IT-ISAC
      • Free IoC Sources
        • AlienVault OTX
        • Blueliv Threat Exchange Network
        • MISP
        • threat_note
        • Cacador
      • IOC Bucket
      • Tools for IoC Data Collection through External Sources
    • IoC Data Collection through Internal Sources
    • Tools for IoC Data Collection through Internal Sources
      • Splunk Enterprise
      • Valkyrie Unknown File Hunter
      • IOC Finder
      • Redline
    • Data Collection through Building Custom IoCs
    • Tools for Building Custom IoCs
      • IOC Editor
    • Steps for effective usage of Indicators of Compromise (IoCs) for Threat Intelligence
  • Data Collection through Malware Analysis
    • Preparing Testbed for Malware Analysis
    • Data Collection through Static Malware Analysis
    • Data Collection through Dynamic Malware Analysis
    • Malware Analysis Tools
      • Blueliv Threat Exchange Network
      • Valkyrie
    • Tools for Malware Data Collection
Understanding Bulk Data Collection
  • Introduction to Bulk Data Collection
  • Forms of Bulk Data Collection
  • Benefits and Challenges of Bulk Data Collection
  • Bulk Data Management and Integration Tools
Understanding Data Processing and Exploitation
  • Threat Intelligence Data Collection and Acquisition
  • Introduction to Data Processing and Exploitation
  • Structuring/Normalization of Collected Data
  • Data Sampling
    • Types of Data Sampling
  • Storing and Data Visualization
  • Sharing the Threat Information

Module 05: Data Analysis

Overview of Data Analysis
  • Introduction to Data Analysis
  • Contextualization of Data
  • Types of Data Analysis
Understanding Data Analysis Techniques
  • Statistical Data Analysis
    • Data Preparation
    • Data Classification
    • Data Validation
    • Data Correlation
    • Data Scoring
    • Statistical Data Analysis Tools
      • SAS/STAT Software
      • IBM SPSS
  • Analysis of Competing Hypotheses (ACH)
    • Hypothesis
    • Evidence
    • Diagnostics
    • Refinement
    • Inconsistency
    • Sensitivity
    • Conclusions and Evaluation
  • ACH Tool
    • PARC ACH
  • Structured Analysis of Competing Hypotheses (SACH)
  • Other Data Analysis Methodologies
Overview of Threat Analysis
  • Introduction to Threat Analysis
  • Types of Threat Intelligence Analysis
Understanding Threat Analysis Process
  • Threat Analysis Process and Responsibilities
  • Threat Analysis based on Cyber Kill Chain Methodology
  • Aligning the Defensive Strategies with the Phases of the Cyber Kill Chain Methodology
  • Perform Threat Modeling
    • Asset Identification
    • System Characterization
    • System Modeling
    • Threat Determination and Identification
    • Threat Profiling and Attribution
    • Threat Ranking
    • Threat Information Documentation
  • Threat Modeling Methodologies
    • STRIDE
    • PASTA
    • TRIKE
    • VAST
    • DREAD
    • OCTAVE
  • Threat Modeling Tools
    • Microsoft Threat Modelling Tool
    • ThreatModeler
    • securiCAD Professional
    • IriusRisk
  • Enhance Threat Analysis Process with the Diamond Model Framework
  • Enrich the Indicators with Context
  • Validating and Prioritizing Threat Indicators
Overview of Fine-Tuning Threat Analysis
  • Fine-Tuning Threat Analysis
  • Identifying and Removing Noise
  • Identifying and Removing Logical Fallacies
  • Identifying and Removing Cognitive Biases
  • Automate Threat Analysis Processes
  • Develop Criteria for Threat Analysis Software
  • Employ Advanced Threat Analysis Techniques
    • Machine Learning based Threat Analysis
    • Cognitive based Threat Analysis
Understanding Threat Intelligence Evaluation
  • Threat Intelligence Evaluation
  • Threat Attribution
Creating Runbooks and Knowledge Base
  • Developing Runbooks
  • Create an Accessible Threat Knowledge Repository
  • Organize and Store Cyber Threat Information in Knowledge Base
Overview of Threat Intelligence Tools
  • Threat Intelligence Tools
    • AlienVault USM Anywhere
    • IBM X-Force Exchange
    • ThreatConnect
    • SurfWatch Threat Analyst
    • AutoFocus
    • Additional Threat Intelligence Tools

Module 06: Intelligence Reporting and Dissemination

Overview of Threat Intelligence Reports
  • Threat Intelligence Reports
  • Types of Cyber Threat Intelligence Reports
    • Threat Analysis Reports
    • Threat Landscape Reports
  • Generating Concise Reports
  • Threat Intelligence Report Template
  • How to Maximize the Return from Threat Intelligence Report
  • Continuous Improvement via Feedback Loop
  • Report Writing Tools
    • MagicTree
    • KeepNote
Introduction to Dissemination
  • Overview of Dissemination
  • Preferences for Dissemination
  • Benefits of Sharing Intelligence
  • Challenges to Intelligence Sharing
  • Disseminate Threat Intelligence Internally
  • Building Blocks for Threat Intelligence Sharing
  • Begin Intelligence Collaboration
  • Establish Information Sharing Rules
  • Information Sharing Model
  • Information Exchange Types
  • TI Exchange Architectures
  • TI Sharing Quality
  • Access Control on Intelligence Sharing
  • Intelligence Sharing Best Practices
Participating in Sharing Relationships
  • Why Sharing Communities are Formed?
  • Join a Sharing Community
  • Factors to be Considered When Joining a Community
  • Engage in Ongoing Communication
  • Consume and Respond to Security Alerts
  • Consume and Use Indicators
  • Produce and Publish Indicators
  • External Intelligence Sharing
  • Establishing Trust
  • Organizational Trust Models
Overview of Sharing Threat Intelligence
  • Sharing Strategic Threat Intelligence
  • Sharing Tactical Threat Intelligence
  • Sharing Operational Threat Intelligence
  • Sharing Technical Threat Intelligence
  • Sharing Intelligence using YARA Rules
  • IT-ISAC (Information Technology - Information Security and Analysis Center)
Overview of Delivery Mechanisms
  • Forms of Delivery
  • Machine Readable Threat Intelligence (MRTI)
  • Standards and Formats for Sharing Threat Intelligence
    • Traffic Light Protocol (TLP)
    • MITRE Standards
    • Managed Incident Lightweight Exchange (MILE)
    • VERIS
    • IDMEF
Understanding Threat Intelligence Sharing Platforms
  • Information Sharing and Collaboration Platforms
    • Blueliv Threat Exchange Network
    • Anomali STAXX
    • MISP (Malware Information Sharing Platform)
    • Cyware Threat Intelligence eXchange (CTIX)
    • Soltra Edge
    • Information Sharing and Collaboration Platforms
Overview of Intelligence Sharing Acts and Regulations
  • Cyber Intelligence Sharing and Protection Act (CISPA)
  • Cybersecurity Information Sharing Act (CISA)
Overview of Threat Intelligence Integration
  • Integrating Threat Intelligence
  • How to Integrate CTI into the Environment
  • Acting on the Gathered Intelligence
  • Tactical Intelligence Supports IT Operations: Blocking, Patching, and Triage
  • Operational Intelligence Supports Incident Response: Fast Reaction and Remediation
  • Strategic Intelligence Supports Management: Strategic Investment and Communications

Prices & Delivery methods

Online Training

Duration
3 days

Price
  • US$ 2,097
Classroom Training

Duration
3 days

Price
  • United States: US$ 2,097

Click on town name or "Online Training" to book Schedule

This is an Instructor-Led Classroom course
This is a FLEX course, which is delivered simultaneously in two modalities. Choose to attend the Instructor-Led Online (ILO) virtual session or Instructor-Led Classroom (ILT) session.

Germany

Hamburg This is a FLEX course. Enroll
Online Training Time zone: Europe/Berlin Enroll
Hamburg This is a FLEX course. Enroll
Online Training Time zone: Europe/Berlin Enroll

Hungary

Budapest This is a FLEX course. Course language: English Enroll
Online Training Time zone: Europe/Budapest Enroll

Romania

Bucharest This is a FLEX course. Course language: English Enroll
Online Training Time zone: Europe/Bucharest Enroll
Bucharest This is a FLEX course. Course language: English Enroll
Online Training Time zone: Europe/Bucharest Enroll

Slovenia

Ljubljana This is a FLEX course. Course language: English Enroll
Online Training Time zone: Europe/Ljubljana Enroll