threat intelligence

The evolution of a Threat Pattern

In an era of agile development and digital transformation, any application is subject to ongoing enhancement and improvement. Indeed, software engineering is a complex process with many interdependent tasks where multiple functions share responsibilities to strike a balance between software quality and business objectives, regardless of the specialized nature of the teams within the organizational…

Testing a Threat Pattern: Quality is Never an Accident

John Ruskin, one of the great visionaries of the 19th century, said “Quality is never an accident; it is always the result of intelligent effort”, in our continuing journey through the lifecycle of a threat pattern, we are now at the testing phase. After analyzing  requirements, asset and threats, designing a general and reusable model for the threat pattern and implementing the…

“Up Your Game” to Close the Security Skills Gap

Ask any CISO to name the top challenges of the job, and their first response is likely to be the security “skills gap” – the inability to find enough skilled people to handle an organization’s security needs. With over 200,000 security jobs unfilled in the U.S. alone, organizations, especially security operations centers (SOCs), are continuously…

Mastering the implementation of a Threat Pattern

In previous posts we have discussed two of the most critical phases in the “The Lifecycle of a Threat Pattern”: analysis and design. In the analysis phase the objective is to fully understand the asset in scope by getting deeper into the context to formulate a set of residual risks to which the asset might be…

Engineering The Design Of A Threat Pattern

In our journey of developing and maintaining threat patterns, we have now arrived at a critical phase: the design. While the need of an implementation phase is immediate as well as the evaluation of the background analysis in order to build something meaningful (as explained by my colleague, Demetrio Milea) – the intermediate design phase is the…

Four Characteristics of Top-Notch Threat Intelligence

Threat intelligence is a hot topic these days and was arguably one of the top themes of RSA Conference 2016. However, organizations need to realize that simply having more data about the latest threats, vulnerabilities, and exploits is not the answer to all their cybersecurity problems. On the contrary, threat intelligence is only helpful if…

The Life Cycle of a Threat Pattern

Applying a structured approach to developing and maintaining significant threat patterns is absolutely key to successfully hunting for the advanced TTPs used by many motivated threat actors. In the post, Context in Risk-Based Threat Patterns, author Demetrio Milea suggested a simple and effective method borrowed from the Software Development Life Cycle (SDLC) to design and maintain threat patterns…

The Realm of Threat Intelligence – Attack Scenarios and Use Cases

The three previous blogs in this series have covered Packet Analysis, Log Analysis and Threat Intelligence; this final article aims to bring all of this information into one cohesive solution for any SOC or Cyber Defence organisation. For further reading on this subject please see our presentation at last year’s RSA Conference in Abu Dhabi…

The Realm of Threat Intelligence – Journey from the past into an Advanced SOC

Using Intelligence to gather information on your adversary is not a new concept, Military and Government Agencies have been involved gathering information to use against their opponents since the days of Sun-Tzu and Chanakya. Cyber Intelligence has also been the domain for Government agencies like the UK’s GCHQ and the US’s NSA for many years;…

The Realm of Threat Intelligence – The Logs are dead; long live the Logs!

In the previous blog post we looked at Network Packets (PCAP’s) and how they can be utilized within a SOC environment. In this post we will build on this and take a look at Logs (which most of the security sales staff will now tell you that it is going to solve all your security…