3 weeks ago
9
Ask 10 cybersecurity experts to define “attribution” and they would likely provide as many different answers. The term has become an industry buzzword for the process by which evidence of a breach is converted into a public disclosure naming the attackers responsible.
In reality, attribution is the result of intelligence analysis and it can help organizations understand who might target them for a cyberattack and why they would be targeted. Google Threat Intelligence and Google Cloud Security proudly announce the latest edition of “Introduction to Threat Intelligence and Attribution,” now available on-demand through Mandiant Academy.
This is the latest course to join our series on cybersecurity, analytical tradecraft, and intelligence operations. It aims to help demystify the attribution process, delineating between clustering together similar threat activity characteristics, known as small “a” attribution, and the overlay with elements of identification and sponsorship to organizations, known as big “A” attribution.
The “who” and “why” are often the first questions asked following a breach. Unfortunately, they are frequently the last questions network defenders can confidently — and responsibly — answer.
This course is intended for cybersecurity practitioners, including:
-
threat intelligence or strategic analysts
-
members of a security operations center
-
malware reverse engineers
-
incident responders
-
vulnerability managers
What you’ll learn: An overview
The six-hour, five-module course explores the components of a threat group, outlines how to explore raw information to discover potential relationships, and how to recognize threat actor behaviors. Students will become familiar with the basic factors to consider when tracking real-world activity. We provide samples for students to practice researching and pivoting.
The course also examines operational and strategic intelligence, which can help determine the identities and motives behind a cyberattack.
Module summaries
|
01 |
Outlines attribution’s relationship to threat intelligence and their combined role in a cybersecurity program. |
|
02 |
Introduces tactical intelligence and attribution, focusing on identifying and analyzing indicators of malicious activity |
|
03 |
Explores the challenges of tactical attribution in threat intelligence |
|
04 |
Explores operational intelligence and attribution, focusing on characterizing the activities of threat groups |
|
05 |
Addresses sponsorship, the highest level of attribution |
Already an attribution expert?
This the latest course in a series related to cybersecurity, analytical tradecraft, and intelligence operations. If students find attribution interesting and want to know more about practical threat intelligence, consider these other courses:
Start learning today
To access the wealth of knowledge available by on-demand, instructor-led, or experiential training through Mandiant Academy, go to: https://www.mandiant.com/academy.
Posted in