Course of Action
- Monitor malicious URLs from adversary nations.
- Apply filtering methods to filter phishing emails.
- Develop response mechanism/alerting from AI models for automatically detecting network intrusion and isolate compromised devices or systems.
Implementation
- Monitor Malicious URLs – using AI models generated in Phase 3 for real-time monitoring and alerting of malicious URLs from adversary nations.
- Phishing Emails – utilizing text analysis create filters to filter phishing emails from general email traffic.
- Network Intrusion – enable monitoring and alerting to proactively monitor network traffic and alert the IT security team.
How to Share Discovered Intelligence
Operational Intelligence
- Malicious URLs from adversary nations
- Phishing emails and filters
- Network intrusion detection
How to Share
- Share this intelligence right away with staff and leaders within the organization via the organization preferred methods for immediate communication. Additionally, share information with peers and regulators, such as the FDIC within the banking industry via TAXII peer to peer approach. Leveraging use of multiple information channels including use of social media will enable share with as many intelligence sharing communities as possible.
- Share phishing email awareness information with employees and leaders via daily huddles or emails and with IT staff immediately to ensure that the necessary email filters are put in place. All staff would receive an automated responses of emails classified as phishing.
- Network intrusion detection information should be shared with IT staff right away in impromptu huddles or email to allow them to implement proactive monitoring of network flow. The intelligence can be shared with intelligence sharing communities in a structured manner (STIX or TAXII), and can be shared with bank employees at workshops or staff meetings.