Cyber Threat Intelligence in Simple Words (Part 1)
Few days ago, I started working on Threat Intelligence. I have done a few trainings on Threat Intelligence too (Credit goes to my organization). Here are few observations That I found useful.
Threat Intelligence is all about staying one step ahead of attackers. It is all about the knowledge of preventing or mitigating cyber attacks. These days, attack techniques are evolving so, it becomes necessary to map our security infrastructure in such a way that we can guess, hunt and prepare ourselves for an attack before it occurs. Threat intelligence can be used to reduce the impact of an attack too. Too keep it short and simple I divided this topic into two parts.
In this part, I'll highlight the importance of Pyramid of Pain (introduced in 2013) in terms of Threat Intelligence.
Lets discuss Pyramid of Pain first.
Pyramid of Pain is different for different fields but we are considering it for Threat Intelligence. As we can observe in picture above, if we are only focusing on Hash values and IP addresses, and write IOC or take countermeasures on the basis of only these information, then "attackers" are way ahead of us but if we know the techniques & tools that an attacker may use to launch an attack, then it becomes easier for us to secure our infrastructure in a better way. Although, 100% secure is not guaranteed.
领英推荐
Threat intelligence can be considered as a framework though, it is based on human efforts more compared to machines (devices). In next article I'll discuss on Threat Intelligence framework and some countermeasures.
In the next article, I'll explain Threat Intelligence framework in terms of operational nature. I'll also explain the relation between threat intelligence and threat hunting.
Stay safe, Stay happy.
Photo Credits: https://www.uperesia.com/
Content Credits: https://attackiq.com/2019/06/26/emulating-attacker-activities-and-the-pyramid-of-pain/