Tag: MITRE
-
How to use sysmon to detect threats
Sysmon is a powerful Windows system monitoring tool developed by Microsoft, which is used to detect and log different types of system activity events that can be used to investigate threats and attacks on Windows endpoints. Sysmon can be used to provide detailed insights into the activities taking place on a Windows system that can…
-
Threat Informed Defense (TID)
Threat Informed Defense (TID) is an approach to cybersecurity that prioritizes threat intelligence and threat modeling to develop and implement tailored security controls and response plans. TID enables organizations to detect, prevent, and respond to cyber threats more effectively, reducing the overall risk of a successful attack. One widely used framework for implementing TID is…
-
A quick review on Pyramid of pain
Introduction: The Pyramid of Pain is a framework used in the field of cybersecurity to help organizations better understand the tactics, techniques, and procedures (TTPs) used by attackers, and how to defend against them. It is called the “Pyramid of Pain” because it reflects the increasing level of effort and resources required by attackers to…
-
Using the MITRE ATT&CK Matrix for Effective Threat Hunting
Introduction Effective threat hunting is a proactive approach to cybersecurity that involves identifying and mitigating potential threats before they can cause harm to an organization’s systems and data. One advanced method of threat hunting is the use of the MITRE ATT&CK Matrix. The MITRE ATT&CK Matrix is a knowledge base of known adversary tactics, techniques,…
-
Using Threat-Informed Detection Approaches for Implementing Prevention and Detection Solutions in a SOC and Mapping to the NIST CSF
Introduction: In today’s complex threat landscape, organizations must take a proactive approach to cybersecurity. Threat-informed detection and prevention approaches involve using threat intelligence to identify and respond to potential cybersecurity threats. Within a Security Operations Center (SOC), threat-informed approaches can be integrated into the incident response process to more effectively detect, respond to, and recover…
-
A useful concepts for SIEM assessment, implementing a SIEM-CMM: SIEM capability Maturity Model concepts
I. Introduction A. Purpose of the white paper The purpose of this white paper is to provide an overview of the Technical Capability and Maturity Model (CMM) for Security Information and Event Management (SIEM) implementation, and to highlight the importance of SIEM implementation capability and maturity for organizations. B. Definition of SIEM SIEM is a…
-
A quick review on SIEM Implementation Technical Capability and Maturity Model
Introduction Security Information and Event Management (SIEM) solutions are essential components of modern cybersecurity architectures. These solutions enable organizations to collect, correlate, and analyze security-related data from various sources, including logs, network traffic, and endpoint devices. By providing real-time threat detection and incident response capabilities, SIEM solutions help organizations protect their assets and data from…
-
Using Threat Intelligence to Conduct Effective Threat Hunting
Introduction Threat hunting is a proactive approach to detecting and responding to advanced cyber threats. The goal of threat hunting is to identify and mitigate potential threats before they can cause harm to an organization’s assets. Threat intelligence is an essential component of effective threat hunting. This white paper will explore the role of threat…
-
Do you think your SIEM is enough?
Is Your SIEM Working Well Enough? Many companies use Security Information and Event Management (SIEM) technology to support their cybersecurity programs. SIEM allows for the real-time collection and historical analysis of security events from a wide variety of sources, helping to detect threats and support incident response. However, it is important to ensure that your…
ReZaAdineH 