BUSINESS surveillance
Understanding your company ’ s password policy provides helpful context . But more important is monitoring for stolen credentials that can log into company systems . window . Instead , you ( hopefully ) try to find another ground-level entrance or the key you hid by the ceramic gnome . Threat actors will often follow a similar path with less resistance .
Monitor what you discovered
Based on your mapping exercise , your next task is to monitor the prioritised domains , executives and most vulnerable attack vectors .
Understanding your company ’ s password policy provides helpful context . But more important is monitoring for stolen credentials that can log into company systems . Intelligence providers that collect from these malware logs and integrate into IAM platforms increase the speed of detecting and resetting passwords before improper use . According to the 2023 Verizon Data Breach Investigations Report , more than three-quarters of breaches involved external actors , with nearly half of those external breaches involving stolen credentials . group called NoName057 ( 16 ) targeted the Spanish government ’ s websites in a DDoS attack . Recognising when a current event may prompt even a low-level attack can improve defences .
Fix what is broken
Mitigation is where the ‘ action ’ takes place . Which steps did the security team take to improve security controls ? ‘ Detection rules ’ or a pattern-matching search against security logs can quickly notify analysts of potential malicious activity . If the malware is typically spread via a ZIP file , a detection rule can trigger an alert when there is a match in your company ’ s logs . Your intelligence provider should produce the detection rules associated with the malware and threat actors most likely to impact your company , ideally via your unique threat map .
Threat actors do not typically use stolen credentials immediately . Instead , Initial Access Brokers ( IABs ) package and sell these credentials to other actors who plan to use them . Monitoring for direct and indirect company references ( when your company as a target is implied ) will provide another opportunity to detect threat actor activity .
Using AI to generate a threat map
A threat map that analyses past attacks and understands current vulnerabilities provides security teams with a short-list of actors to prioritise for monitoring .
There ’ s no need for analysts to spend their time manually researching and creating their own threat maps , thanks to Recorded Future AI . Threat actors can now understand their ‘ why ’ for choosing to exploit a vulnerability in a particular organisation based on their opportunity for success . For example , if your company is still susceptible to the MOVEit file transfer vulnerability , a threat actor will take advantage .
Emotional response
Threat actors have feelings too . When Spain ’ s Prime Minister met with Ukraine ’ s President , a hacktivist
64 WWW . INTELLIGENTCISO . COM