Threat research can be an invaluable asset to security teams when attempting to formulate a proactive stance or reactive response. Whether the subject is a previously undocumented attack type or a new variant of a well-known threat, research can provide needed context and insight that help practitioners identify and resolve gaps in their security program in order to avoid being exploited.
But techniques, methods, and actions found in threat research don’t always easily translate into practical steps you can take to prevent, detect, mitigate, or respond should a particular attack occur. While research can offer up specifics that can educate you on what occurs during an attack, what you really need is for those details to be transformed into strategies and actions based on the cybersecurity frameworks you rely on — including MITRE ATT&CK and NIST — to make the research truly valuable.
So, how can you take third-party threat research and turn it into actionable takeaways for your specific team?
During this on-demand webinar, Dan Kaiser and Sally Vincent from the LogRhythm Labs team walked through their process for reviewing third party reports using the real-world example of Maze ransomware, demonstrating how threat research can be truly useful in protecting your organization from the latest developments in cyberattacks. Specifically, they reviewed how to:
- Turn threat details into new monitoring and threat hunting techniques
- Configure your security solution to incorporate those actionable takeaways
- Use samples of Maze that have been reverse engineered to test your newly configured solution
They also demonstrated how to map third-party threat reports to ATT&CK techniques that can be used to develop mitigation, detection and response actions including:
- Initial Access
- Execution
- Persistence
- Privilege Escalation
- Discovery
- Lateral Movement
- Impact
Listen to this on-demand webinar to learn how to make the most of threat research.