Anomali’s slogan is “Tracking The Adversary,” or as I like to say it, “Tracking Your Adversary.” Many of my prospects and customers ask me, “How does your platform help me to track my adversaries?” My response is that it takes a lot more effort than what I typically demo. However, anyone who sets the right objectives for their Cyber Threat Intelligence (CTI) program and has the required resources available to run it, will experience the benefits that Threat Intelligence Platform’s (TIP) provide. In this article, I will explain the essentials steps that should be taken when it comes to “Tracking The Adversary.”
Identify Your Adversary
There are a lot of threat intelligence feed providers claiming that threat actors named on the lists they provide are your adversaries. While some of these threat actors are targeting the vertical your organization is in, you could consider them as “potential” adversaries until your organization has sufficient evidence showing that they are. Based on the risks stated in your organization’s threat landscape, select the threat intelligence feeds that will help mitigate these.
Once you have selected threat intelligence feeds, and these are consumed into your TIP, you should familiarize yourself with the content. Instead of just forwarding the indicators to your security control systems or to other organizations, you should ask yourself, “Is this information relevant to us?”
Read more to find out!