The concept of “The Pyramid of Pain” was first introduced by David J. Bianco in 2013. Today, most security professionals are familiar with it as a construct for describing the usefulness and relative ease of acquiring threat data and intelligence.
Toward the bottom of the pyramid are indicators that are easier to obtain and work with – hash values, IP addresses and domain names. As you move up the pyramid, campaigns, adversaries and tactics, techniques and procedures (TTPs) come into play. Their value to you, as a security professional, increases dramatically, but these insights are also harder to obtain and use effectively without doing some groundwork. To gather the data and intelligence you need to fully detect and respond to threats, you need the ability to scale up and down the pyramid. With a platform that spans the entire journey you can aggregate internal and external threat and event data every step of the way, analyze and understand its relevance to you, and use it to strengthen your security posture.
First things first
To complete the round-trip journey successfully, you need to start by communicating with all the different detection tools that comprise your security infrastructure. This is like trying to communicate with a group of kids ranging in age from five to 18. They each communicate differently. So, when you speak with them you need to speak in a way that the five-year-olds will understand too. Similarly, detection tools have many different ways of communicating. So, when you need data from them all the best way to communicate is by using the lowest common denominator – indicators. Indicators allow you to tie things together and make sense of all the output from your different security tools. They also allow you to build a bigger picture and start to ..
Support the originator by clicking the read the rest link below.
