Monitor adversary conduct in real-time with Risk Actor Insights Playing cards

15 sec-summary

Understanding your adversaries’ ways, strategies, and procedures is prime to securing your assault floor. Your menace actor profiles ought to mirror latest and historic exercise, goal industries, malware, vulnerabilities, Ways, Methods, and Procedures (TTPs), and menace intelligence stories.

With Feedly’s Risk Actor Insights Playing cards, you’ll be able to:

• Get an up-to-date 360° view of menace actors. Rapidly develop insights about new menace actors focusing on your trade or replace identified adversary profiles.
• Profile menace actors with context. Be taught their TTPs, malware (together with ransomware), and the vulnerabilities they exploit.
• Dive deep to plan your menace hunts. Learn linked intelligence stories, launch from TTPs to MITRE ATT&CK Navigator, extract detection guidelines, or pivot to CVE or Malware Insights playing cards.

Risk Actor Insights Playing cards are created for each menace actor and their acknowledged aliases. Feedly AI additionally searches for brand spanking new menace actors, creating new Insights Playing cards when they’re found and updating them in real-time as new info is printed. These playing cards make it easier to shortly assess the menace to your group and keep forward.

The problem with monitoring menace actors

Maintaining with menace actors is troublesome.

They continuously change their ways, strategies, and procedures (TTPs) to evade detection. New adversaries emerge commonly, bringing novel strategies. And, most teams are identified by a number of aliases (Lazarus Group has over 40).

As of this writing, CrowdStrike tracks over 230 menace actor teams, and Microsoft tracks over 300. Maintaining with all of them could be a monumental activity requiring a crew of analysts and costly vendor companies. It’s why most cyber menace groups deal with a narrower set of adversaries, usually these identified to focus on their trade, provide chain, or nation.

But, with this extra targeted strategy, organizations nonetheless danger lacking new menace actors, shifts in TTPs, malware used, or CVEs exploited.

Feedly helps groups uncover new menace actors or adjustments of their behaviors with the TTP Dashboard and AI Feeds. Risk Actor Insights Playing cards are one other instrument to assist adversary analysis, offering a consolidated view of a menace actor. Groups can launch a Risk Actor Insights Card to study extra a few new menace actor or see up to date information or TTPs on their tracked adversaries.

Get an up-to-date 360° view of adversaries with Risk Actor Insights Playing cards

Every day, Feedly AI scans hundreds of thousands of articles, trying to find menace indicators, tagging entities and objects, and logging them within the Feedly Risk Graph. This offers Feedly distinctive insights into the relationships between menace actors and their strategies, malware, CVEs, and many others., enabling the dynamic creation of Risk Insights Playing cards for any menace actor.

Risk Insights Playing cards present real-time up to date profiles of adversaries (together with aliases), in addition to:

• Trending exercise
• Focused international locations, organizations, and industries
• Ways, strategies, and procedures (TTPs)
• Related malware
• Exploited vulnerabilities
• Detection guidelines
• Articles that hyperlink menace actors to the strategies, malware, CVEs, and many others.

You’ll be able to even filter Insights Playing cards by timeframe to determine latest or longer-term tendencies in exercise or TTPs.

Profile menace actors with context

Making a menace actor profile requires looking via open sources and understanding their TTPs, malware, and assault vectors used. It will probably contain studying dozens of stories or articles, trying to find related info, following hyperlinks, synthesizing findings, and writing stories.

Risk Actor Insights playing cards pull knowledge from the Feedly Risk Graph about relationships between menace actors and strategies, malware, CVEs, and many others. The playing cards current this info in a complete, simple-to-read format that offers you the total context as they analyze menace actors, accelerating their work and minimizing blind spots.

Right here, we present the Risk Actor Insights card for OilRig (APT34) once more, this time specializing in their TTPs and exploited vulnerabilities.

If we scroll additional, we see detection guidelines and menace intelligence stories containing extra context for the linked indicators and TTPs.

Lastly, we see new articles with hyperlinks to the menace actor to get essentially the most present info.

Dive deep to plan your menace hunts

Planning efficient menace hunts requires deeply understanding your adversaries’ ways, strategies, and procedures, together with the malware and assault vectors they use. To enhance your effectivity, you could need to search for a number of menace actors utilizing comparable TTPs.

Risk hunters might begin with the TTP dashboard to shortly see which TTPs are trending amongst adversaries. Alternatively, you can begin with the Risk Actor Insights Card and hyperlink to the procedures and mitigations to learn extra about them.

From there, you’ll be able to launch MITRE ATT&CK Navigator:

Or pivot to CVE Insights Card to study extra on how vulnerabilities are exploited:

Or Malware Insights playing cards to discover ways to shield towards malware:

You may even discover some detection guidelines or IoCs that will help you seek for adversary conduct in your surroundings:

In brief…

Whether or not you need to shortly stand up to hurry on a brand new adversary focusing on your trade or sustain with conduct shifts by identified menace actors, the Risk Actor Insights Playing cards are a fantastic place to begin. They’re up to date in real-time with newly printed info and comprise the context wanted to create profiles or plan menace hunts comparable to their targets, TTPs, malware used, and vulnerabilities exploited.