KNOW YOUR ADVERSARY AND KNOW YOUR THREAT MODEL
Threat modeling with intelligence-driven threat actor profiles hardens your security posture, and builds trust in the resilience of your critical business systems.
Threat modeling helps you understand how adversaries may attack your systems or environment and decide what controls are needed to prevent a breach or failure. Threat actor profiles are in-depth analyses of a threat actor’s motivations, capabilities, and attack patterns. Up-to-date threat profiles built on adversarial intelligence can be used to develop and refine the threat model with likely attack scenarios that stress-test your operational resilience against a set of high-risk threat actors’ tactics, techniques, and procedures (TTPs).
Funksec ransomware group's Diamond Model Profile
THREAT ACTOR PROFILE ASSETS YOU NEED
Threat Modeling
Refine your threat models with actively used TTPs aligned with MITRE ATT&CK techniques. Quickly understand the actor, their recent activity, and targets to build a realistic threat model based on adversary TTPs that are likely to impact you, whether it is vulnerability exploitation, compromised credentials from infostealer malware logs, credential spraying and stuffing attacks, or social engineering attacks.
Threat Hunting and Incident Response Playbooks
Integrate high-risk threat profiles into playbooks to support incident response and proactive hunts for specific threats and behaviors. Profiles also provide vital context that can help threat hunters begin a hunt for threat actors likely to target their network, or pivot to behaviors and TTPs associated with trending and emerging threats.
Assisted Attribution with ‘Target Packs'
Organizations that have developed their own threat profiles can augment these with detailed cyber threat actor profiles that can be integrated in a familiar “target pack” format to further investigations and disrupt criminal operations. Online attribution is challenging; however, identifiers collected in CTI can provide useful evidence to connect multiple online identities with an individual’s activities over time and in different contexts.
Purple Teaming Exercises
If applicable, the SOC can integrate relevant adversary profiles into purple teaming exercises to improve threat-based simulation of adversary tools and TTPs used to test blue team defenses, identify vulnerabilities, and develop proactive mitigations against top-tier threat actors and techniques.
