Despite the intimidating nature of the threat landscape, organizations can achieve considerable defense in depth by monitoring a relatively small number of data sources and keeping an eye out for a handful of malicious patterns in the data.
In fact, much of the information required to detect most commonly encountered threats and malicious techniques can be drawn right from Windows event logs and systems monitoring, according to a new report by security vendor Red Canary.
Researchers from the company analyzed data related to 20,000 confirmed threats detected across Red Canary customer networks last year and mapped the data to the different attack techniques and sub-techniques described in MITRE's widely used ATT&CK framework. The report offers a comprehensive overview of each of the most widely used techniques and threats, with guidance on how attackers are using them and how to spot the activity.
The analysis shows attackers for the most part are continuing to rely on the same techniques and tactics they have been using for years. And, despite all the concern about sophisticated advanced persistent threat (APT) actors and related threats, the most common threats that organizations encountered last year are what some would classify as commodity malware.
"Although the threat landscape can be overwhelming, there are many opportunities we have as defenders to catch threats in [our] networks," says Katie Nickels, director of intelligence at Red Canary. "The challenge for defenders is to balance the 'tried and true' detection opportunities that adversaries reuse with keeping an eye on new techniques and threats."
Red Canary's attack techniques easier detect think
