{"id":5005,"date":"2021-12-30T12:26:08","date_gmt":"2021-12-30T12:26:08","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5005"},"modified":"2022-01-13T23:27:15","modified_gmt":"2022-01-13T23:27:15","slug":"it-security-operations-news-sun-5-dec-2021","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2021\/12\/30\/it-security-operations-news-sun-5-dec-2021\/","title":{"rendered":"IT Security Operations News &#8211; Sun, 5 Dec 2021"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><a>Table of Contents<\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Introducing ThreatConnect 6.4 &#8211; Improving Threat Intelligence Processes and SOC Metrics<\/li><li>CISA Issues Incident and Vulnerability Response Playbooks<\/li><li>What is PASTA Threat Modeling?<\/li><\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/mms.businesswire.com\/media\/20211129005566\/en\/717968\/23\/ThreatConnect_Logo_-_Logo_RGB.jpg\">&nbsp;<strong>Introducing ThreatConnect 6.4 &#8211; Improving Threat Intelligence Processes and SOC Metrics<\/strong><br><em>Business Wire<\/em><br>ARLINGTON, Va.&#8211;(BUSINESS WIRE)&#8211;ThreatConnect Inc.\u00ae, the leader in enabling a risk led and intelligence-driven security is announcing ThreatConnect 6.4, which introduces new capabilities that allow security operations and cyber threat intelligence (CTI) analysts to get useful context faster during investigations and to better measure team efficiencies.<br><br>ThreatConnect combines its Threat Intelligence Platform (TIP) and Security Orchestration and Automation platform (SOAR), creating a continuous feedback loop that helps make Intelligence-Driven Operations a reality.<br>This latest product release builds upon the foundation of Intelligence-Driven Operations, empowering the workflow of threat intelligence and security operations teams individually and together.<br><br>The 6.4 release helps CTI and security operations center (SOC) teams get more context quickly, enabling faster investigations for both.<br>CTI teams are enabled to more easily build and maintain a dynamic threat library, while updated dashboards allow SOC and IR leaders to accelerate the team\u2019s efficiency.<br>Three new features empower these capabilities:<br><br>Explore With CAL\u2122 to better understand the complex relationships of threat indicators with a graph-based interface into our Collective Analytics Layer<br>Browser Extension V2 to build context around threats quickly and enhance your threat library<br>New Workflow Metrics to drive operational efficiencies, helping SOC teams learn how to optimize their tools, team processes, and automations<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.businesswire.com\/news\/home\/20211129005566\/en\/Introducing-ThreatConnect-6.4---Improving-Threat-Intelligence-Processes-and-SOC-Metrics\">https:\/\/www.businesswire.com\/news\/home\/20211129005566\/en\/Introducing-ThreatConnect-6.4&#8212;Improving-Threat-Intelligence-Processes-and-SOC-Metrics<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/130e178e8f8ba617604b-8aedd782b7d22cfe0d1146da69a52436.ssl.cf1.rackcdn.com\/cisa-issues-incident-vulnerability-response-playbooks-showcase_image-2-a-17944.jpg\" width=\"16\">&nbsp;<strong>CISA Issues Incident and Vulnerability Response Playbooks<\/strong><br><em>Dan Gunderman<\/em><br><em>Info Risk Today<\/em><br>The 43-page document builds on CISA&#8217;s Binding Operational Directive 22-01, issued this month, in which federal civilian agencies were required to patch some 200 vulnerabilities known to be exploited in the wild &#8211; including short deadlines for urgent common vulnerabilities and exposures, or CVEs, and others requiring mitigation by May 2022 (see: CISA Directs Federal Agencies to Patch Known Vulnerabilities).<br><br>CISA&#8217;s playbook also addresses requirements laid out in President Joe Biden&#8217;s May executive order on cybersecurity &#8211; which calls for a widespread technological modernization across the federal government, including efforts to implement multifactor authentication and zero trust architectures (see: Biden&#8217;s Cybersecurity Executive Order: 4 Key Takeaways).<br><br>Though directed toward federal agencies, CISA said in its statement that it &#8220;strongly encourages&#8221; private sector partners to review the playbooks.<br><br>CISA&#8217;s guides include checklists for incident response, incident response preparation, and vulnerability response.<br>They also clearly delineate interagency cybersecurity functions, outline CISA&#8217;s role as the main response agency, and urge agencies to readily share information.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.inforisktoday.com\/cisa-issues-incident-vulnerability-response-playbooks-a-17944\">https:\/\/www.inforisktoday.com\/cisa-issues-incident-vulnerability-response-playbooks-a-17944<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" src=\"https:\/\/versprite.com\/wp-content\/uploads\/2018\/05\/cropped-vs-icon-270x270.png\" width=\"16\">&nbsp;<strong>What is PASTA Threat Modeling?<\/strong><br><em>Tony Ucedav\u00e9lez<\/em><br><em>Versprite Blog<\/em><br>The Process of Attack Simulation and Threat Analysis (PASTA) is a risk-centric threat modeling methodology co-founded in 2015 by VerSprite CEO Tony UcedaV\u00e9lez and security leader Marco M.<br>Morana.<br>Organizations all over the world, like GitLab, are adopting PASTA as their internal threat modeling standard because of its risk-centric approach, collaborative tendencies, evidence-based threat intel, and focus on the probability of each attack.<br><br>Benefits of PASTA Threat Modeling:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Contextualized approach that always ties back to business context<\/li><li>Simulates and tests the viability of evidence-based threats<\/li><li>Takes the perspective of an attacker<\/li><li>Leverages existing processes from within the organization<\/li><li>Collaborative process that can quickly scale up or down<\/li><\/ul>\n\n\n\n<p>Stage One: Define the Objectives<br><br>Stage Two: Define the Technical Scope<br>PASTA is meant to be a collaborative effort and encourages working together with the engineering team, the cloud team, developers, and architects to ask \u201cWhat are you working with.<br>What are you supporting in this environment?\u201d And then \u201cWhat will be helpful to align.<br>What is the technology landscape?\u201d This conversation will set you up to move successfully on to stage three, application decomposition.<br><br>Stage Three: Decompose the Application<br>Stage three of PASTA is application decomposition.<br>In stage two, we built context around what we are running.<br>Stage three goes further by creating context around how everything communicates, how it all comes together.<br>The key output of this stage is to understand if you have implicit trust models and where they are.<br>It may be an IoT device talking to the cloud, or an embedded device talking to an automobile component.<br>You may have an implicit trust model that could be a good conduit for exploitation.<br><br>Stage Four: Analyze the Threats<br>Stage four is analyzing the threats.<br>The main output for stage four is to understand what the application does and what sort of threats are affecting your defined attack surface.<br><br>Dos and Don\u2019ts of Threat Intelligence Consumption &amp; Analysis<br>Dos:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Make your own threat intel utilizing internal\/external researchers or internal logs<\/li><li>Know where your threat sources come from, it\u2019s relevant, and cross validated<\/li><\/ul>\n\n\n\n<p>Don\u2019ts:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Use one source of threat intel data<\/li><li>Use your competitors threat intelligence as a basis for industry related threats<\/li><li>Let the threat analysis reveal assets you didn\u2019t consider in stages 2 and 3 (this means you did those steps wrong\u201d<\/li><\/ul>\n\n\n\n<p>Stage Five: Vulnerability Analysis<br>Stage five correlates the application\u2019s vulnerabilities to the application\u2019s assets.<br>How are you going to sew together tools and best practices, in terms of volume management, volume assessment, static analysis, dynamic analysis, etc..<br>And in all the noise that you\u2019re seeing in the vulnerability analysis, what are the ones that are material to the threats in your threat library.<br>The key differentiator with PASTA is focusing on risks that will have the most impact to the business \u2013 all based upon stage one.<br><br>Stage Six: Attack Analysis<br>The key objective for stage six of PASTA, is to prove that the things we found vulnerable in stage five, are actually viable.<br>To blueprint a good model for attacks, you want to use attack trees.<br>Using attack trees allows you to map known vulnerabilities to a node on the attack tree to determine it\u2019s likelihood.<br><br>Stage Seven: Risk and Impact Analysis<br>At the end of the day, PASTA threat modeling is about reducing risks.<br>The end goal for stage seven, is to build countermeasures that mitigate the threats that are important.<br>To finalize the threat modeling exercise, we want to utilize and tie back in the information we found in stages one through six.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/versprite.com\/blog\/what-is-pasta-threat-modeling\/\">https:\/\/versprite.com\/blog\/what-is-pasta-threat-modeling\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Table of Contents Introducing ThreatConnect 6.4 &#8211; Improving Threat Intelligence Processes and SOC Metrics CISA Issues Incident and Vulnerability Response Playbooks What is PASTA Threat Modeling? &nbsp;Introducing ThreatConnect 6.4 &#8211; Improving Threat Intelligence Processes and SOC MetricsBusiness WireARLINGTON, Va.&#8211;(BUSINESS WIRE)&#8211;ThreatConnect Inc.\u00ae, the leader in enabling a risk led and intelligence-driven&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[38],"tags":[],"class_list":["post-5005","post","type-post","status-publish","format-standard","hentry","category-security-operations"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=5005"}],"version-history":[{"count":2,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5005\/revisions"}],"predecessor-version":[{"id":5023,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5005\/revisions\/5023"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=5005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=5005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=5005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}