The overarching threat facing cyber organizations today is a highly skilled asymmetric enemy, well-funded and resolute in his task and purpose. You never can exactly tell how they will come at you, but come they will. It’s no different than fighting a kinetic foe in that, before you fight, you must choose your ground and study your enemy’s tendencies.
A lot of focus has been placed on tools and updating technology, but often we are pushed back on our heels and find ourselves fighting a defensive action.
But what if we change? How do we do that?
The first step is to study the battlefield, understand what you’re trying to protect and lay down your protection strategy. Pretty basic right??
Your technology strategy is very important, but you must embrace and create a thorough Cyber Threat Intelligence (CTI) doctrine which must take on many forms.
First, there is data, and lots of it. However, the data must take specific forms to research and detect nascent elements where the adversary is attempting to catch you napping or give you the perception that the activity you see is normal.
As you pool this data, it must be segmented into layers and literally mapped to geographic locations across the globe. The data is classified distinctly as malicious and reputations are applied. This is a vital step in that it enables analytical programs, along with human intelligence analysts to apply the data within intelligence reports which themselves can take on many forms.
Once the data takes an analytic form, then it allows organizations to forensically piece together a picture of an attack. This process is painstakingly tedious but necessary to understand your enemy and his tendencies. Tools are useful ..
Support the originator by clicking the read the rest link below.
