B esides know n tactics, additional data collected and mapped f or relevant threat actors inclu des: • A ttacker sou rce IP ranges • M alw are metadata • Typical hardware or software leveraged by the attacker • Typical hardware or software targeted by the attacker • Typical times of attacker operations 3 1 % of respondents say their S O C For each defended asset, defenders also gather: has individu als f ocu sed solely on cy b er threat intelligence • H ardw are or sof tw are u sed to access the sensitive data and b u siness processes • Patch level and patching schedule for identified hardware and software • P reviou s attack inf ormation • D etailed identity and access inf ormation associated w ith the resou rce This information is supplemented with intelligence about current events in the organization’s industry to determine who is attacking peers and for what purpose. Industry peers are a great source to develop first-hand insight about the latest tools, tactics and procedu res u sed b y attackers. 5 0 % 3 5 % of respondents say that they have a matu re or very matu re inf ormation of responders say their S O C has secu rity strategy analy sts that read and su b scrib e to specific open-source resources O nly 1 2 % of organizations perform all security operations functions in-house 2 3 % of S O C s do not interact w ith the b u siness 2 9 % of S O C s collab orate and share data w ith other pu b lic S O C s 4 3 % of S O C s collab orate and share data w ith others in their indu stry 4 2 % of SOCs have not detected a significant incident O nly 1 9 % of SOCs have discovered a significant cybersecurity incident O nly 4 7 % of organizations think their SOC would be likely to detect a sophisticated attacker. Enhancing y ou r secu rity operations w ith A ctive Def ense | 9
Enhancing your Security Operations with Active Defense Page 10 Page 12