Purple teaming and the role of threat categorization

2024-01-11 05:30

These assessment services typically test defenses against ten to twenty attack techniques, and only use one variations of each technique.

How can teams defend against the huge cloud of possible variations of each attack technique when they don't account for all those variations? This is why I believe purple team assessments must evolve.

First, teams should decide which techniques they want to test for, then catalog the variants of those attacks to the best of their ability, and finally, pick a representative sample of those variants.

Picking a representative sample of attack techniques is difficult because there's no good system in cybersecurity for cataloguing the variants of an attack.

Traditionally in cybersecurity, attack techniques are broken down into three levels - tactics, techniques and procedures.

How can the industry solve this problem? I believe assessments should look at five or six levels when evaluating attack techniques: tactics, techniques, sub-techniques, procedures, operations, and functions.

News URL

https://www.helpnetsecurity.com/2024/01/11/attack-technique-variants/

#threat