Diamond Model for Intrusion Analysis: What You Need to Know presented at BSidesDC 2014

by Andy Pendergast,

Summary : Any good Threat Intelligence analyst’s overarching goal is to provide actionable intelligence to aid in the defense of the network and larger business processes of the organization. To do this, the analyst needs to correlate data from several sources both internal and external, make associations between disparate events, recommend or take courses of action from their analysis, and likely write reports for management describing the nature and intent of the threats they are dealing with.
The Diamond Model for Intrusion Analysis lays a foundation for analysts to begin to address these challenges by applying scientific rigor to what has long been considered an art. It accurately details the fundamental aspects of all malicious activity as well as the core analytic concepts used to discover, develop, track, group, and ultimately counter both the activity and the adversary.
Learn how to implement the Diamond Model into your organization's threat intelligence processes and workflow to be able to better understand and defend against the most sophisticated threats.