Defining Threat Modeling and Threat Hunting

Questions
- What would an attack look like?
- What is the risk of losing confidentiality, integrity, or availability?
- How likely is a specific threat?
- What defenses do we have?
- What is missing?
Adversary Capabilities: Develop and execute attacks
- From MITRE:
  - Acquired
  - Augmented
  - Developed
  - Advanced
  - Integrated
Total Attack Surface: What you own and can be attacked
- Corporate network
- Cloud
- Online Presence
- Internal Apps
- Building and People
Attack vector: how is the attack delivered
- According to MITRE
  - Cyber
    IT systems
    Social media
    Email
    USB drives
    Open ports
  - Physical
    Doors
    Locks
    Access Cards
    Surveillance
  - Human
    Impersonation
    Phishing
    Coercion
    Blackmail
Likelihood – How likely is the attack to happen?
- Real threat or just a probable one?
- Happened to use before? Happened to anyone else before?
- Just an educated guess
Final Threat Modeling Questions
- What’s the motivation behind an attack?
- How do other companies defend themselves?
- How frequent are attacks in your industry?
Cyber Threat Hunting
- According to inforsec institute: “Cyber threat hunting is very similar to real-world hunting: it requires skill, patience, creativity, and a keen eye for spotting the prey”.
- Be proactive
- Act before you have proof
- Don’t wait for a breach
- This is not incident response
Threat hunting methodology
- Start from scratch.
- Establish a hypothesis
- Look for threat actors
- Look for IoCs
Justifying Threat Hunting
- Have you been compromised?
- Discovers new attack surface
- Improves threat detection
- Provides security intelligence
- Identifies critical assets

PreviousAttack Frameworks and The Cyber Kill Chain NextVulnerability Identification and Validation

Last updated 2 years ago

Defining Threat Modeling and Threat Hunting

Questions
- What would an attack look like?
- What is the risk of losing confidentiality, integrity, or availability?
- How likely is a specific threat?
- What defenses do we have?
- What is missing?
Adversary Capabilities: Develop and execute attacks
- From MITRE:
  - Acquired
  - Augmented
  - Developed
  - Advanced
  - Integrated
Total Attack Surface: What you own and can be attacked
- Corporate network
- Cloud
- Online Presence
- Internal Apps
- Building and People
Attack vector: how is the attack delivered
- According to MITRE
  - Cyber
    IT systems
    Social media
    Email
    USB drives
    Open ports
  - Physical
    Doors
    Locks
    Access Cards
    Surveillance
  - Human
    Impersonation
    Phishing
    Coercion
    Blackmail
Likelihood – How likely is the attack to happen?
- Real threat or just a probable one?
- Happened to use before? Happened to anyone else before?
- Just an educated guess
Final Threat Modeling Questions
- What’s the motivation behind an attack?
- How do other companies defend themselves?
- How frequent are attacks in your industry?
Cyber Threat Hunting
- According to inforsec institute: “Cyber threat hunting is very similar to real-world hunting: it requires skill, patience, creativity, and a keen eye for spotting the prey”.
- Be proactive
- Act before you have proof
- Don’t wait for a breach
- This is not incident response
Threat hunting methodology
- Start from scratch.
- Establish a hypothesis
- Look for threat actors
- Look for IoCs
Justifying Threat Hunting
- Have you been compromised?
- Discovers new attack surface
- Improves threat detection
- Provides security intelligence
- Identifies critical assets

PreviousAttack Frameworks and The Cyber Kill Chain NextVulnerability Identification and Validation

Last updated 2 years ago