Overcoming My Mistakes in the Hunt for Threat Intelligence
There is a well-worn adage in warfare: know your enemy. In traditional warfare, the benefit is obvious. If I know the capabilities and tactics of my adversary, then I can better align my forces for successful defense or attack. In traditional warfare, I might study an adversary’s past tactics or recruit a well-placed spy and learn all I need to succeed. In the cyber world, the benefit is the same, but the task is more difficult because tools and tactics change much faster, and I have a dynamic, often opaque, and nearly infinite adversary space. Despite these challenges, cyber defenders are beginning to develop the tools and techniques to know their enemies and better defend their networks, systems, data, and users.
To simplify what is really a very difficult and complicated task, cyber defenders block what they can, then try to detect and respond to the threats that do make it in.