GCP – Introduction to Threat Intelligence and Attribution course, now available on-demand
Ask 10 cybersecurity experts to define “attribution” and they would likely provide as many different answers. The term has become an industry buzzword for the process by which evidence of a breach is converted into a public disclosure naming the attackers responsible.
In reality, attribution is the result of intelligence analysis and it can help organizations understand who might target them for a cyberattack and why they would be targeted. Google Threat Intelligence and Google Cloud Security proudly announce the latest edition of “Introduction to Threat Intelligence and Attribution,” now available on-demand through Mandiant Academy.
This is the latest course to join our series on cybersecurity, analytical tradecraft, and intelligence operations. It aims to help demystify the attribution process, delineating between clustering together similar threat activity characteristics, known as small “a” attribution, and the overlay with elements of identification and sponsorship to organizations, known as big “A” attribution.
The “who” and “why” are often the first questions asked following a breach. Unfortunately, they are frequently the last questions network defenders can confidently — and responsibly — answer.
This course is intended for cybersecurity practitioners, including:
threat intelligence or strategic analysts
members of a security operations center
malware reverse engineers
incident responders
vulnerability managers
What you’ll learn: An overview
The six-hour, five-module course explores the components of a threat group, outlines how to explore raw information to discover potential relationships, and how to recognize threat actor behaviors. Students will become familiar with the basic factors to consider when tracking real-world activity. We provide samples for students to practice researching and pivoting.
The course also examines operational and strategic intelligence, which can help determine the identities and motives behind a cyberattack.
Module summaries
01
Outlines attribution’s relationship to threat intelligence and their combined role in a cybersecurity program.
02
Introduces tactical intelligence and attribution, focusing on identifying and analyzing indicators of malicious activity
03
Explores the challenges of tactical attribution in threat intelligence
04
Explores operational intelligence and attribution, focusing on characterizing the activities of threat groups
05
Addresses sponsorship, the highest level of attribution
Already an attribution expert?
This the latest course in a series related to cybersecurity, analytical tradecraft, and intelligence operations. If students find attribution interesting and want to know more about practical threat intelligence, consider these other courses:
Cyber intelligence Foundations
Intelligence Research 1: Scoping
Intelligence Research 2: Open Source Intelligence
Cyber Intelligence for Critical Infrastructure
Start learning today
To access the wealth of knowledge available by on-demand, instructor-led, or experiential training through Mandiant Academy, go to: https://www.mandiant.com/academy.
Read More for the details.