One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 8035 |
| Date de publication | 2016-08-16 13:00:00 (vue: 2016-08-16 13:00:00) |
| Titre | Intelligent Cyber Defense using Threat Analysis |
| Texte |
Traditional cyber security strategy focuses on blocking known cyber threats and attack vectors. This strategy revolves around vulnerability assessment, active defense using the IDS and firewall, and an incident response plan to handle critical situations after a security breach. The overall strategy depends on pre-identified threats and tools designed to find and block known malware and attack vectors. But, what if attackers use new techniques or tools? The well-known and carefully drafted cyber security strategy can’t help defend you in that case, and at the end of the day the CISO may get fired.
The Only Thing That Is Constant Is Change -” – Heraclitus
The ever-changing cyber security world has to offer more than before. You should not expect attackers to use the same techniques every time - you need to take a proactive approach to discover what is happening to others and learn from their mistakes.
Incorporating cyber threat intelligence with your cyber security strategy helps you to fight against cybercrime. Regular monitoring and reporting of emerging threats and vulnerabilities can alert you to take timely action before an actual attack occurs. By using threat analysis, you can:
Take proactive defense measures
Narrow down focus areas and put the maximum effort where required
Make procurement decisions (what software and hardware to buy in the future)
Recruit people for your team with relevant skill sets
Reduce false positives
Convince or communicate with management about real dangers to the business
Provide up-to-date information to the incident response team for their investigation
Traditional approach VS Intelligent approach
Cyber threat intelligence primarily focuses on external threats. Through collecting and processing threat information and generating the actionable information, it enhances cyber defense and helps stop attacks as quickly as possible.
Collecting Threat Intelligence
Organizations can access huge databases of malware signatures, logs and other threat vectors, but converting this information into intelligence is the real art. Let’s look into the threat indicators that really matter. The most common threat indicators are:
Hashes (signatures)
Compromised or malicious domains and IP addresses
Malware spreading by phishing emails can be identified using its hash identifier. Hash is a unique identifier that every computer program has, and by collecting the updated information of the malware/virus hash file, you can alert your security solution to block the malicious file at its first entry. Apart from the malicious file, you should block the compromised domain hosting/spreading phishing pages, as well as track the blacklisted IPs and domains, and block their access so that they never reach your organization’s technology infrastructure. The risks associated with the threat indicators we've discussed are:
Malware, spyware and backdoors
Phishing, spam and other fraudulent activity
Darknet IP addresses
C&C (command and control) servers that manage botnets and instigate DDoS attack
Anonymous proxies and P2P sharing websites
We utilize public and private data feeds to collect information about these threat indicators. Threatcrowd, also available in MALTEGO, is a well-known project providing feeds of blacklisted / malware-spreading websites with hash details.
|
| Envoyé | Oui |
| Condensat | related @irfaanshakeel about academy access action actionable active activity actual addresses affected after against alert alerts alienvault also analysis analysts analyze analyzing anonymous any apart applicable approach are are: areas around art assessment assigning associated attack attackers attackpassword attacks author: available awareness2016 backdoors based be: before blacklisted block blocking botnets brand’s breach brief business but buy c&c can can’t can: careful carefully case change changed changing ciso clear collect collected collecting com command common communicate community completely complexity compromise compromised computer confidential connect constant contain context control converting convince creating critical cyber cybercrime danger dangers darknet data databases date day ddos decisions defend defense depends designed detailed details devices discover discussed distract domain domains down drafted education effort ehacking email emails emerging enables end enhance enhances enterprise entry ever every example exchange expect external false feast feeds fight file find fired firewall first focus focuses founder fraudulent from future gain gartner generating geo get handle happening hardware has hash hashes help helps heraclitus him hosting/spreading hostname huge identified identifier ids impacted important incident incorporating indicators information infrastructure instigate intelligence intelligent invalid investigation ioc ips irfan issue its known lacking learn let’s level linkedin location logs look lost magic make malicious maltego malware malware/virus malwr manage management managing matter maximum may md5 measures mention: method mistakes monitoring more most narrow need net network never new noise not occurs offer only open openphish organization organization’s organizations other others otx overall p2p pages path people phishing plan platform; positives possible pre primarily prioritize prioritizing private proactive processing procurement professional program project propagation protection provide provides providing proxies public pulses put quadrant quality quickly ranks reach real really recruit reduce regional regular relevant reporting reputation required resolve response retain retrieved revolves risk risks same secure security servers services sets sha1 sha256 shakeel share sharing should siem: signatures situation situations skill software solution solve some spam specific spreading spyware stay step stop storiesoniondog strategy sub take takes target targeted team techniques technology than then these thing threat threatcrowd threats through time timely tools track traditional trust type types unable unevaluated unique updated urlquery urls use using utilize validate vectors virustotal visionary vulnerabilities vulnerability we've websites well what where world your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.