A model-driven approach to analyzing data provides more context into threats than just reports and tags. More importantly, it turns data into threat intelligence. The context explains and illustrates the relationships between the adversary, infrastructure, capabilities, and targeted victim. By using a model, one creates a baseline where this model could be used for data analytics, which is used to determine the probability of new threats being associated with ongoing threats and investigations.
In this presentation, Gino Rombley discusses how to leverage the Diamond Model in a Threat Intelligence Platform (TIP) to contextualize threats. This contextualization uses MITRE ATT&CK Framework to describe the Tactics, Techniques, and Procedures (TTPs) that are associated with a threat actor. The end result is a model or multiple models that can be used for data analytics. The data analytics provide answers to simple or complex questions from a competing hypothesis.
NOTE: A valid email address is required to receive your requested asset.