Penetrating real-time threat behaviour: Cyber analytics and the pen tester

0

It’s the wild, wild, west out there in cyberspace, except the feral camels that once roamed Texas are the hackers, and they’re roaming beyond borders and through firewalls on the daily. At present, cyber threat intelligence gathering is a mish-mash of intrusion detection system logs, port scans, IP addresses, information sharing platforms, Twitter feeds and traditional write-ups. There is no one consistent language used across these platforms to refer to attacks, techniques or procedures and there’s no one single source of data. Much like post-truth America, you’ve got to look in all the right places to piece together the whole story and even then it’s hard to know if you’ve put the puzzle together the way it was intended. What this means is while there’s massive complexity when trying to understand the path an attacker has taken, it also means that there’s huge potential when it comes to leveraging the data or bits (pun intended) of evidence a hacker leaves behind.

Information Gathering and the Penetration Tester

Penetration testers, who are my focus here, do much of their work when it comes to figuring out attack paths and new ways to penetrate, based on historical data or tried and true ways to compromise a system or application. They might listen to a few podcasts, keep an eye on social media, follow a hacking news website and sign up to a mailing list, but all of this is hugely labour intensive and no one person has the hours in the day to keep on top of, let alone be well versed in, all the latest attacks. The dream, of course, is to have a program or Artificial Intelligence learn the tactics, techniques and procedures of hackers out in the wild, bring it all back into a nice table where all the data is the same data type, turn into a visualisation with a gorgeous dashboard and then teach the team new attacks on the fly as they happen in real-time. This, dream, as wondrous as it sounds, is hanging above the Magic Faraway Tree and yet to be written down and sold as a four set gold embossed collection. What we do have, and I’m focusing here on open source data and software, are many tools and data sets that can bring us just that little bit closer to a rousing monologue that could change the history of how we prevent cyber-attacks in the future…Click here to read full article.

Share.