Attackers are now using tools that cripple, confuse, and slow down traditional incident response methods. These tools present major challenges to even the most skilled incident response teams as they attempt to fully remediate an attack, as a Cybereason customer recently discovered.
The company used an IOC-based detection approach that relied on static indicators like IP addresses, domain names, file names, and hashes. However, the attackers modified their tools and easily defeated this approach.
Cybereason worked with the customer’s IR team to deploy our TTP-based approach to detection. In this method, an adversary's tactics, techniques, and procedures are identified and used to detect an attack.
TTP-based detection looks at the attackers' overall behavior stemming from their training, processes, and assets, all of which are more difficult for an attacker to change. Looking for tactics, techniques, and procedures is far more effective at unraveling and neutralizing an entire adversarial operation.
What Cybereason CISO and Head of IR, Israel Barak, and SANS expert, David Shackleford, for a webinar to: