With the growing intricacy of the cyber-criminal space, cyber attacks are becoming more complex, creative, and tailored to the industries and organizations they target. To pull off a sucessful attack, cyber criminals must research, prepare and seek out information on their targets.
Organizations can detect and gain context around a plan of attack before the damage is done by setting up the appropriate monitoring and investigative processes. Continuously monitoring the dark web and collecting millions of data points on hacker behavior allows organizations to detect an attack before it occurs. When classifying each data point, it is important to start with these three questions in order to better understand the scope and nature of detected threats, form a strategy to prioritize and monitor risk, and how to allocate resources towards a response or intervention.
1. What malicious intent or activity was discovered?
2. Where and how was this information detected?
3. When in the planning process would this information be valuable?
This blog will discuss the first question: What malicious intent or activity was discovered?
There are two big whats every threat hunter needs to be able to answer:
1. What are you most focused on protecting?
2. What types of attacks, techniques, or groups are targeting your industry?
When answering these questions, avoid generic statements or groupings and try and be specific. If you work at a large retailer for example, rather than protecting “company assets” try and focus in on the two or three key targets that keep you up at night – perhaps POS and customer loyalty databases – and the techniques or groups focused on those asset types – perhaps ransomware and Russian organized crime. Being able to answer the two whats is essential to sourcing the right threat intelligence and analyzing what is truly actionable, as they define the basis from which relevance, actionability, and impact severity can be derived.
Interested in learning more about the two other questions that every threat hunter should be able to answer? Check out our whitepaper to learn more about the where and when, and how to then shift your focus to data classification and filtering.