ATPs and Use Case Research

ATPs and Use Cases Research

This article is my research into known ATPs, TTP, IOC Major threat breaches in order to develop Uses cases for Threat Detection based ATPs, TTP, IOC Major threat breaches.

ATPs

Major Breaches

MITRE ATT&CKs

CVE Types

TOP TEN CVE Vendors

Threat Reports

  • Patch Management – Tripwire-Dimensional-Research-VM-Survey
    • While 59% of respondents said they could detect new hardware or software added to their network within minutes or hours, 31% said it would take days, weeks or even months. Another 11% said they couldn’t detect it at all.
    • More than a third (35%) said they used automatic discovery solutions on less than half of their software and hardware assets. Another 13% said they didn’t use automatic discovery at all.
    •  While a large majority reported doing some kind of vulnerability scanning, 39% said they did it monthly or less often than that.
    •  A large majority (74%) reported that they fixed vulnerabilities in a month or less, but that still leaves the “one-in-four” that don’t. And while about half reported applying patches in two weeks or less, that means the other half don’t.
    • For creators and vendors of software products, the survey also came with a warning. A majority of respondents said their organizations would, in some cases, stop using a product because of vulnerabilities. Few–only 6%–said they did it frequently, but another 31% said they did it occasionally and 44% said while it was rare, it happens. And 82% said a patch for a disclosed vulnerability should be available within two weeks or less.

Research

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s