Jump to Content
Security & Identity

Introduction to Threat Intelligence and Attribution course, now available on-demand

September 23, 2024
Brett Reschke

Senior Developer, Intelligence Training & Digital Assets

Google Cloud Summit Series

Discover the latest in AI, Security, Workspace, App Dev, & more.

Register

Ask 10 cybersecurity experts to define “attribution” and they would likely provide as many different answers. The term has become an industry buzzword for the process by which evidence of a breach is converted into a public disclosure naming the attackers responsible.

In reality, attribution is the result of intelligence analysis and it can help organizations understand who might target them for a cyberattack and why they would be targeted. Google Threat Intelligence and Google Cloud Security proudly announce the latest edition of “Introduction to Threat Intelligence and Attribution,” now available on-demand through Mandiant Academy. 

This is the latest course to join our series on cybersecurity, analytical tradecraft, and intelligence operations. It aims to help demystify the attribution process, delineating between clustering together similar threat activity characteristics, known as small “a” attribution, and the overlay with elements of identification and sponsorship to organizations, known as big “A” attribution.

The “who” and “why” are often the first questions asked following a breach. Unfortunately, they are frequently the last questions network defenders can confidently — and responsibly — answer.

This course is intended for cybersecurity practitioners, including:

  • threat intelligence or strategic analysts

  • members of a security operations center

  • malware reverse engineers

  • incident responders

  • vulnerability managers

What you’ll learn: An overview

The six-hour, five-module course explores the components of a threat group, outlines how to explore raw information to discover potential relationships, and how to recognize threat actor behaviors. Students will become familiar with the basic factors to consider when tracking real-world activity. We provide samples for students to practice researching and pivoting. 

The course also examines operational and strategic intelligence, which can help determine the identities and motives behind a cyberattack.

Module summaries

01

Outlines attribution’s relationship to threat intelligence and their combined role in a cybersecurity program.

02

Introduces tactical intelligence and attribution, focusing on identifying and analyzing indicators of malicious activity

03

Explores the challenges of tactical attribution in threat intelligence

04

Explores operational intelligence and attribution, focusing on characterizing the activities of threat groups

05

Addresses sponsorship, the highest level of attribution

Already an attribution expert?

This the latest course in a series related to cybersecurity, analytical tradecraft, and intelligence operations. If students find attribution interesting and want to know more about practical threat intelligence, consider these other courses:

Start learning today

To access the wealth of knowledge available by on-demand, instructor-led, or experiential training through Mandiant Academy, go to: https://www.mandiant.com/academy.

Posted in