Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
The Necessity of Enemy Perspectives: The Enemy Gets a Vote
The enemy gets a vote. The current Secretary of Defense and retired Marine Corps General James Mattis is fond of this observation. However, in many areas, and especially in cyber security, it rings true. The enemy does get a vote. Good network hygiene, and ensuring that you have the latest technology only goes so far. What is necessary, is opening up the view of the cyber security staff to the enemy’s perspective and gaining an understanding of their capabilities.
When preparing for potential operations, U.S. military commanders perform mission planning, tasking their intelligence section to conduct Intelligence Preparation of the Battlefield (IPB). This allows the commander the ability to plan and act by intent, with knowledge of the nature of the threats their forces will most likely encounter, while also establishing the means to develop intelligence requirements for continued operations. The Army field manual describes IPB as “a systemic, continuous process of analyzing the threat and environment in a specific geographic area.” Within the realm of cyber security, we can convert this to describe the efforts of threat intelligence as a systemic, continuous process of analyzing the threat against a specific organization and its assets, as each organization faces differing threats based off of its industry, asset types and controls. The key is in gaining visibility into what the enemy sees within this battlespace.
This is the role that threat intelligence plays in an enterprise. It should be used as the connective tissue between network defenders and what they can anticipate defending against, based on not only vulnerabilities and malicious code, but also what is known about the enemy. Intelligence analysts need to “flip the map” and look at the organization from the eyes of an attacker, helping to illuminate the adversary and their capabilities.
Above, I briefly described the U.S. military’s process of IPB. In this process, the adversary’s order of battle, units, formations, and equipment of their military infrastructure are analyzed to understand their capabilities and how they “match up against” the capabilities of the U.S. military. Globalsecurity.org provides us with nine factors to consider when reviewing enemy order of battle and capabilities:
While not all of these factors can be accounted for when analyzing potential threat actors, there are several that should be considered or acclimated for our purposes, such as:
Understanding threat actor capabilities is necessary to gain the advantage and rapidly respond with countermeasures to these threats. Consumers of intelligence (CISOs, security directors and network defenders) need to task their threat intelligence sections with providing well-analyzed information on known threat actors that would have the intent and capability to attempt exploitation or conduct an attack against their organization. It should be provided in a manner that is easily consumable and leads to control evaluations and therefore a better security posture.
The enemy may always get a vote, but the outcome can be in an organization’s favor, the better they know their enemy and can anticipate its moves.
Let us know what you need, and we will have an Optiv professional contact you shortly.