I have gotten older, I find I’m less eager learn the depths of every technical solution, and have been searching for my happy place. Since my SANS studies, I have gravitated towards an area that is – from what I can see – fun as heck. That area? Cyber Threat Intelligence (CTI). My rookie impression is that this vast world is understaffed and under-supported, and this might be because organizations are so busy looking for operators that they don’t classify this role as mission critical. Fast forward to today: I spent a good part of the day listening into the SANS CTI Conference virtually, and I took away two things. First, there are some wicked sharp folks who have a passion in this area. Second, while I am not likely to become a full-fledged CTI professional, I sure want to learn more and incorporate what I can to help organizations see CTI’s value. This post launches my cyber threat intelligence journey.
Continue readingTag: SOC (Page 1 of 3)
If you are a security professional, MITRE’s ATT&CK is everywhere these days. Even in places it does not belong! That being said, there are a ton of tools, projects, and extensions to ATT&CK. Some are fundamental (like Navigator) while others are niche. How do we tell what is right for us? What projects are essential to power up your security program? For my upcoming Cisco Live presentation in February, I take a crack at mapping ATT&CK’s massive ecosystem to roles and functions. Am I off to a good start? Let’s me share how I tackled this and you can let me know!
Continue readingA month ago, we talked about how visibility can make us more frustrating victims to our adversaries. It makes sense – easy marks are those who don’t see that they are victims in the first place! Take victims of physical (traditional) crime. Burglers love a target who isn’t using alarm systems, cameras, or even their own eyes and ears to actively detect incursions. But having eyes and ears isn’t what makes you formidable. It is that you have those sensory inputs AND you know how to interpret what they are saying and how they respond. Do you know how to discern bad behavior from the norm and know how to tell between friend and foe? And do you know what the right response is based on that proper interpretation? We’re going to tackle the first question here today as we discuss how killer baselines improve security outcomes.
Continue readingWe’ve covered a lot of different angles to threat modeling. The main takeway for me is that there is no “best approach” – pick what makes sense to you! How you justify that is up to you, and hopefully less controversial than John Lennon’s denial that “Lucy in the Sky with Diamonds” was about LSD. Here we’re talking about the Diamond Model of Intrusion Analysis. This model describes an active event under investigation, but it is mentioned here because it is helpful to understand how this information so directly links to the other models we’ve discussed before. So what makes the Diamond Model a useful threat modeling tool for analysts on the front line?
Continue readingAmericans reading this may be like me and headed towards a food coma. My gift to you? I give you a crowd-pleasing topic for family banter. Rather than argue over controversial topics, avoiding Aunt Mildred’s hugs, or snoozing through a futile Cowboys game, cook up a retro feast for the family with the Cyber Kill Chain! If you’ve seen the “Fishes” episode of The Bear, you know how bad things can get. So consider this your safe topic, one everybody can enjoy. Your kids will thank you. Your family will be prepared to defend against nation state threats while bickering over the wishbone. Relative peace AND security? You’re welcome.
Continue reading