Source URL: https://cloud.google.com/blog/products/identity-security/introduction-to-intelligence-and-attribution-course-now-on-demand/
Source: Cloud Blog
Title: Introduction to Threat Intelligence and Attribution course, now available on-demand
Feedly Summary: Ask 10 cybersecurity experts to define “attribution” and they would likely provide as many different answers. The term has become an industry buzzword for the process by which evidence of a breach is converted into a public disclosure naming the attackers responsible.
In reality, attribution is the result of intelligence analysis and it can help organizations understand who might target them for a cyberattack and why they would be targeted. Google Threat Intelligence and Google Cloud Security proudly announce the latest edition of “Introduction to Threat Intelligence and Attribution,” now available on-demand through Mandiant Academy.
This is the latest course to join our series on cybersecurity, analytical tradecraft, and intelligence operations. It aims to help demystify the attribution process, delineating between clustering together similar threat activity characteristics, known as small “a” attribution, and the overlay with elements of identification and sponsorship to organizations, known as big “A” attribution.
The “who” and “why” are often the first questions asked following a breach. Unfortunately, they are frequently the last questions network defenders can confidently — and responsibly — answer.
This course is intended for cybersecurity practitioners, including:
threat intelligence or strategic analysts
members of a security operations center
malware reverse engineers
incident responders
vulnerability managers
What you’ll learn: An overview
The six-hour, five-module course explores the components of a threat group, outlines how to explore raw information to discover potential relationships, and how to recognize threat actor behaviors. Students will become familiar with the basic factors to consider when tracking real-world activity. We provide samples for students to practice researching and pivoting.
The course also examines operational and strategic intelligence, which can help determine the identities and motives behind a cyberattack.
Module summaries
01
Outlines attribution’s relationship to threat intelligence and their combined role in a cybersecurity program.
02
Introduces tactical intelligence and attribution, focusing on identifying and analyzing indicators of malicious activity
03
Explores the challenges of tactical attribution in threat intelligence
04
Explores operational intelligence and attribution, focusing on characterizing the activities of threat groups
05
Addresses sponsorship, the highest level of attribution
Already an attribution expert?
This the latest course in a series related to cybersecurity, analytical tradecraft, and intelligence operations. If students find attribution interesting and want to know more about practical threat intelligence, consider these other courses:
Inside the Mind of an APT
Cyber intelligence Foundations
Intelligence Research 1: Scoping
Intelligence Research 2: Open Source Intelligence
Cyber Intelligence Production
Cyber Intelligence for Critical Infrastructure
Start learning today
To access the wealth of knowledge available by on-demand, instructor-led, or experiential training through Mandiant Academy, go to: https://www.mandiant.com/academy.
AI Summary and Description: Yes
Summary: The text discusses a new course offered by Google Threat Intelligence and Google Cloud Security that focuses on the complex process of “attribution” in cybersecurity. It highlights the distinction between small “a” attribution and big “A” attribution, emphasizing the importance of understanding threat actors and their motivations for effective cybersecurity postures.
Detailed Description:
The text provides valuable insights into the critical concept of attribution within the cybersecurity domain, particularly as it pertains to threat intelligence and analysis. The course introduced by Google and Mandiant Academy is designed to clarify the attribution process, which is often misunderstood and can vary widely among experts.
Key points from the text include:
– **Definition of Attribution**:
– Attribution refers to the process of determining who is behind a cyberattack, which can involve complex intelligence analysis.
– It transforms evidence from breaches into publicly disclosed information about the attackers involved.
– **Course Overview**:
– The course titled “Introduction to Threat Intelligence and Attribution” consists of five modules and spans six hours.
– It targets professionals in various cybersecurity roles, such as threat analysts, security operations personnel, malware reverse engineers, and incident responders.
– **Learning Objectives**:
– Participants will learn how to:
– Understand the components and behaviors of threat groups.
– Analyze raw information to uncover relationships between threats.
– Navigate the complexities of tactical and operational attribution.
– **Modules Breakdown**:
– **Module 1**: Establishes the connection between attribution and threat intelligence.
– **Module 2**: Focuses on identifying indicators of malicious activity.
– **Module 3**: Discusses the challenges faced in tactical attribution.
– **Module 4**: Covers how to characterize the activities of threat groups.
– **Module 5**: Addresses sponsorship, the highest level of attribution.
– **Practical Applications**:
– The course encourages hands-on practice with samples that help participants familiarize themselves with research techniques related to threat attribution.
– **Further Learning**: For those interested in deepening their expertise, additional related courses are suggested, covering various aspects of cyber intelligence.
The course’s emphasis on distinguishing between levels of attribution (small “a” and big “A”) adds a layer of nuance critical for cybersecurity professionals, enhancing their capability to respond to and understand threats effectively. This training represents significant relevance for experts working in information security, threat intelligence, and operational analysis.