Threat intelligence, threat hunting, malware analysis, threat actor

1.3 Describe security terms

📘Cisco Certified CyberOps Associate (200-201 CBROPS)

Definition:
Threat intelligence is information about potential or current cyber threats that can help an organization prevent, detect, and respond to attacks.

Key Points:

  • It tells security teams who is attacking, how, and why.
  • Helps prioritize security alerts so that the most dangerous threats are handled first.
  • Can be strategic, tactical, or operational: Type of Threat IntelligenceWhat It MeansExample in IT environmentStrategicHigh-level understanding of threatsA report stating nation-state groups are targeting financial institutionsTacticalSpecific attacker techniquesA malware using a new exploit in a software vulnerabilityOperationalImmediate threat infoA phishing campaign targeting your email servers this week

Tools and Sources:

  • Threat feeds (e.g., URL reputation databases, IP blacklists)
  • Security Information and Event Management (SIEM) tools
  • Open-source intelligence (OSINT) platforms

Exam Tip:

  • Remember: Threat intelligence = actionable information about threats to improve security posture.

2. Threat Hunting

Definition:
Threat hunting is proactively searching for hidden threats in your network before they trigger alarms.

Key Points:

  • Unlike reactive detection (alerts), threat hunting is proactive.
  • Relies on patterns, anomalies, and indicators of compromise (IOCs).
  • Requires tools, logs, and analyst knowledge to find threats that automated systems may miss.

Steps in Threat Hunting:

  1. Hypothesis: Example – “An attacker might be using stolen credentials to access the server.”
  2. Data Collection: Gather logs from firewalls, endpoints, servers.
  3. Analysis: Use SIEM, EDR (Endpoint Detection & Response), or scripts to search for anomalies.
  4. Investigation: Confirm if suspicious activity is a threat.
  5. Response: Remove the threat, patch vulnerabilities, update detection rules.

Example in IT environment:

  • A threat hunter notices unusual login times in Active Directory logs and discovers a compromised account.

Exam Tip:

  • Know that threat hunting is proactive and aims to find hidden threats before they cause damage.

3. Malware Analysis

Definition:
Malware analysis is the process of studying malicious software to understand what it does, how it spreads, and how to stop it.

Key Points:

  • Helps create detection rules and remediation strategies.
  • Two main types: TypeDescriptionExampleStatic AnalysisExamining malware without running itChecking the file hash, code, or embedded URLsDynamic AnalysisRunning malware in a safe, isolated environmentObserving malware behavior in a sandbox VM

Tools:

  • Sandboxes (e.g., Cuckoo Sandbox)
  • Disassemblers (e.g., IDA Pro)
  • VirusTotal for quick file checks

Example in IT environment:

  • Security analysts analyze a suspicious email attachment in a sandbox and discover it tries to steal credentials.

Exam Tip:

  • Static = “look at it without running”
  • Dynamic = “watch what it does in a safe environment”

4. Threat Actor

Definition:
A threat actor is an individual, group, or organization that carries out cyber attacks.

Types of Threat Actors:

TypeWho They AreExample in IT environment
Script KiddieNovice using pre-made toolsRunning publicly available malware without understanding it
HacktivistPolitically or socially motivatedDefacing a government website
CybercriminalFinancially motivatedRunning ransomware campaigns
Insider ThreatEmployee or contractorStealing sensitive data from the company
Nation-StateGovernment-backed groupAdvanced Persistent Threat (APT) targeting critical infrastructure

Key Points:

  • Threat actors have motives, capabilities, and targets.
  • Understanding the actor helps predict likely attacks and defense strategies.

Exam Tip:

  • Remember: A threat actor = someone or something that tries to harm your network.

Summary Table

TermDefinitionPurpose in CybersecurityExample in IT Environment
Threat IntelligenceInfo about threatsPrioritize defensesIPs of malware servers
Threat HuntingProactive search for threatsFind hidden threatsDetect abnormal logins
Malware AnalysisStudy malwareUnderstand & stop malwareSandbox analysis of a virus
Threat ActorEntity behind attacksPredict & defend against attacksHacktivist group attacking a site

Key Exam Tips:

  1. Distinguish terms:
    • Threat intelligence = info
    • Threat hunting = proactive search
    • Malware analysis = study malware
    • Threat actor = attacker
  2. Know examples of tools for each: SIEM for hunting, sandbox for malware analysis, threat feeds for intelligence.
  3. Be ready to match scenarios to terms. For instance:
    • “Analyzing a malicious email attachment in a sandbox” → Malware analysis
    • “Searching AD logs for unusual access patterns” → Threat hunting
Buy Me a Coffee

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by