Table of Contents
- Introducing ThreatConnect 6.4 – Improving Threat Intelligence Processes and SOC Metrics
- CISA Issues Incident and Vulnerability Response Playbooks
- What is PASTA Threat Modeling?
Introducing ThreatConnect 6.4 – Improving Threat Intelligence Processes and SOC Metrics
Business Wire
ARLINGTON, Va.–(BUSINESS WIRE)–ThreatConnect Inc.®, the leader in enabling a risk led and intelligence-driven security is announcing ThreatConnect 6.4, which introduces new capabilities that allow security operations and cyber threat intelligence (CTI) analysts to get useful context faster during investigations and to better measure team efficiencies.
ThreatConnect combines its Threat Intelligence Platform (TIP) and Security Orchestration and Automation platform (SOAR), creating a continuous feedback loop that helps make Intelligence-Driven Operations a reality.
This latest product release builds upon the foundation of Intelligence-Driven Operations, empowering the workflow of threat intelligence and security operations teams individually and together.
The 6.4 release helps CTI and security operations center (SOC) teams get more context quickly, enabling faster investigations for both.
CTI teams are enabled to more easily build and maintain a dynamic threat library, while updated dashboards allow SOC and IR leaders to accelerate the team’s efficiency.
Three new features empower these capabilities:
Explore With CAL™ to better understand the complex relationships of threat indicators with a graph-based interface into our Collective Analytics Layer
Browser Extension V2 to build context around threats quickly and enhance your threat library
New Workflow Metrics to drive operational efficiencies, helping SOC teams learn how to optimize their tools, team processes, and automations
Link: https://www.businesswire.com/news/home/20211129005566/en/Introducing-ThreatConnect-6.4—Improving-Threat-Intelligence-Processes-and-SOC-Metrics
CISA Issues Incident and Vulnerability Response Playbooks
Dan Gunderman
Info Risk Today
The 43-page document builds on CISA’s Binding Operational Directive 22-01, issued this month, in which federal civilian agencies were required to patch some 200 vulnerabilities known to be exploited in the wild – including short deadlines for urgent common vulnerabilities and exposures, or CVEs, and others requiring mitigation by May 2022 (see: CISA Directs Federal Agencies to Patch Known Vulnerabilities).
CISA’s playbook also addresses requirements laid out in President Joe Biden’s May executive order on cybersecurity – which calls for a widespread technological modernization across the federal government, including efforts to implement multifactor authentication and zero trust architectures (see: Biden’s Cybersecurity Executive Order: 4 Key Takeaways).
Though directed toward federal agencies, CISA said in its statement that it “strongly encourages” private sector partners to review the playbooks.
CISA’s guides include checklists for incident response, incident response preparation, and vulnerability response.
They also clearly delineate interagency cybersecurity functions, outline CISA’s role as the main response agency, and urge agencies to readily share information.
Link: https://www.inforisktoday.com/cisa-issues-incident-vulnerability-response-playbooks-a-17944
What is PASTA Threat Modeling?
Tony Ucedavélez
Versprite Blog
The Process of Attack Simulation and Threat Analysis (PASTA) is a risk-centric threat modeling methodology co-founded in 2015 by VerSprite CEO Tony UcedaVélez and security leader Marco M.
Morana.
Organizations all over the world, like GitLab, are adopting PASTA as their internal threat modeling standard because of its risk-centric approach, collaborative tendencies, evidence-based threat intel, and focus on the probability of each attack.
Benefits of PASTA Threat Modeling:
- Contextualized approach that always ties back to business context
- Simulates and tests the viability of evidence-based threats
- Takes the perspective of an attacker
- Leverages existing processes from within the organization
- Collaborative process that can quickly scale up or down
Stage One: Define the Objectives
Stage Two: Define the Technical Scope
PASTA is meant to be a collaborative effort and encourages working together with the engineering team, the cloud team, developers, and architects to ask “What are you working with.
What are you supporting in this environment?” And then “What will be helpful to align.
What is the technology landscape?” This conversation will set you up to move successfully on to stage three, application decomposition.
Stage Three: Decompose the Application
Stage three of PASTA is application decomposition.
In stage two, we built context around what we are running.
Stage three goes further by creating context around how everything communicates, how it all comes together.
The key output of this stage is to understand if you have implicit trust models and where they are.
It may be an IoT device talking to the cloud, or an embedded device talking to an automobile component.
You may have an implicit trust model that could be a good conduit for exploitation.
Stage Four: Analyze the Threats
Stage four is analyzing the threats.
The main output for stage four is to understand what the application does and what sort of threats are affecting your defined attack surface.
Dos and Don’ts of Threat Intelligence Consumption & Analysis
Dos:
- Make your own threat intel utilizing internal/external researchers or internal logs
- Know where your threat sources come from, it’s relevant, and cross validated
Don’ts:
- Use one source of threat intel data
- Use your competitors threat intelligence as a basis for industry related threats
- Let the threat analysis reveal assets you didn’t consider in stages 2 and 3 (this means you did those steps wrong”
Stage Five: Vulnerability Analysis
Stage five correlates the application’s vulnerabilities to the application’s assets.
How are you going to sew together tools and best practices, in terms of volume management, volume assessment, static analysis, dynamic analysis, etc..
And in all the noise that you’re seeing in the vulnerability analysis, what are the ones that are material to the threats in your threat library.
The key differentiator with PASTA is focusing on risks that will have the most impact to the business – all based upon stage one.
Stage Six: Attack Analysis
The key objective for stage six of PASTA, is to prove that the things we found vulnerable in stage five, are actually viable.
To blueprint a good model for attacks, you want to use attack trees.
Using attack trees allows you to map known vulnerabilities to a node on the attack tree to determine it’s likelihood.
Stage Seven: Risk and Impact Analysis
At the end of the day, PASTA threat modeling is about reducing risks.
The end goal for stage seven, is to build countermeasures that mitigate the threats that are important.
To finalize the threat modeling exercise, we want to utilize and tie back in the information we found in stages one through six.
Link: https://versprite.com/blog/what-is-pasta-threat-modeling/