Security News > 2020 > September > The Crucial Component of Detection and Response: Intelligence Pivoting
While it may be a trendy term, in cybersecurity, intelligence pivoting is pivotal to detection and response.
In my previous article I discussed the concept of intelligence pivoting with a simplified example of looking at external threat intelligence to see if a particular IP address is associated with a specific adversary.
Is this indicator associated with a specific campaign or adversary, and are there associated artifacts you can look for in other tools, like your endpoint detection and response solution? A framework like MITRE ATT&CK that describes threat actor tactics, techniques and procedures, allows you to expand your investigation further and formulate a hypothesis about a specific campaign or adversary that may have infiltrated your network.
You need to look across all your tools to see a broader picture - enriched by multiple indicators and indicator types, and intelligence on adversaries and their methods - so you can gain a deeper understanding of what is going on and can respond effectively.
Intelligence pivoting allows you to build that broader picture and is pivotal to detection and response.