- Threat intelligence:
identify the adversary, extract TTPs, create a plan (e.g will the procedure the adversary uses trigger alerts?). Good source for TTPs: https://www.thedfirreport.com
- Security operations centers
- Threat hunting
- Incident response
- Forensics
- Vulnerability management/Blue team
- Red team (offensive. Stealth engagement)
- Purple team (virtual team)
Below is the procedure for the purple team exercise against a TTP. It is important to measure how quickly an attack can be detected and responded to, to limit the potential damage.
No comments:
Post a Comment