Baby’s First Threat Assessment?

Upon reading my previous post, a few of you have wisely pointed out: … but detection of WHAT? How can you talk about the best starter tool for threat detection without any concept of the subject of said detection?

OK, fine! I made assumptions and you know what they say about people who “ass-u-me.” Specifically, I assumed the detection of commodity threats that plague everybody (not unique and targeted ones): all this ransomware and “cryptominingware” stuff, other popular malware, popular web hacking, phishing, popular DDoS and popular other intrusions (POS hacks if you have POS, etc). Note that the context for this discussion is organizations who have barely evolved from “security = firewalls + anti-virus + SSL” stance!

Essentially, this is the case where “reading Verizon DBIR to learn about threats in general” is your lighweight threat assessment process.

While everybody tosses the term APT around (do they still?), nation-state and advanced, let’s do the opposite: what threats do you consider to be BASIC and COMMODITY? What threats nobody should ignore? What are today’s non-advanced threats?

Perhaps these:

• Commodity malware including ransomware
• Basic web hacking (if you have web presence)
• Credential theft/abuse
• Phishing
• Basic volumetric DDoS
• Others?

(note that the above list is not taxonomically pure, since it mixes up attack methods, threats and incident types, but perhaps this is OK for the audience of this effort)

Still too hard for the audience in question?

Blog posts related to this project:

• The Best Starting Technology for Detection?
• Back to Basics: Indispensable Security Processes for Detection and Response
• New Research: Starting Your Detection and Response Capability

*** This is a Security Bloggers Network syndicated blog from Anton Chuvakin authored by Anton Chuvakin. Read the original post at: https://blogs.gartner.com/anton-chuvakin/2018/03/14/babys-first-threat-assessment/