Cyber Incident Response

Adversary profiling with MITRE Att&CK:

Organizations are increasingly adopting the MITRE ATT&CK framework and moving to a Threat-informed defense strategy. Such framework will help organizations understand the behavior and tactics of threat actors and proactively tailor-cut their protection strategies.

Threat hunting for proactive protection

With the digital transformation going full speed and the continously expanding attack surface, the old school approach of “building the defenses and waiting in the trenches” is no longer sustainable. Neither is the static approach of waiting for the published IoCs and running unitary searches.

Organizations will have to adopt threat hunting, especially red teaming activities to proactively identify vulnerabilities in their environments before they are exploited by threat actors. With red teaming, organizations will get better insight on the weaknesses in their environments and will be able to proactively mitigate them.

Automated Threat Modelling

In order to efficiently prevent attacks and breaches, organizations will have the expand their use of risk-based approaches, especially automated threat modelling. For organizations it does not only provide them with the means for building secure systems in a repetitive and methodical approach with little to no human intervention, it also greatly decreases the chances that an attack is successful and reduces the time and human effort needed for the implementation.

The remaining challenge is that Automated Threat Modelling heavily relies on very good understanding of the business infrastructure and processes. Thus introducing errors or missing information can have a negative impact on an automated approach.

This could also lead to improper security response used during an attack. That is why organizations must leverage their own-SOC detection, threat intelligence sharing and cyber deception tools to identify the risks first.