I wanted to see these analysis papers get released by the end of the weekend and by gosh, we made it just under the wire.
Fusion Report 12-006 was just published to the membership. It details targeting of the senior management team of a non-member group. About a week and a half ago we were asked to provide assistance. Our analytic team and members pitched in, offering a triage assessment the next morning. Today, after about ten days we provided a formal analysis of what we thought happened. Best? We were given only a few pieces of information and through the Alliance members (most of whom are currently analysts) and Red Sky analytic teams, we were able to come up with a couple of pages of new indicators, and confirmed that we believed it to be a known group of APT actors.
In addition (an added bonus!) FR12-006 was the starting point for a Threat Analysis Report (TAR12-001 - I'm not crazy about the name) which talks about what we believe may have been targeting objectives had penetrations been successful. It's interesting to hear members talk - they like micro-level indicators, but more importantly they all want to know "what are they looking for?". Infosec teams are growing tired of fighting the fight one IOC at a time. They're now asking "what do I need to protect first.. then second... then third." TAR12-001gives members our thoughts on "What were they looking for?" and will hopefully help them prioritize their efforts and in time, help maximize their Infosec spend.
So... one more product in our tech fusion analysis line; one new product in our non-tech focused targeting and objectives. I'm loving the analysis. It's Sunday and I spent my day doing link analysis, one indicator at a time.
Last, I was asked the other day by a long time friend if I'd talk to her board of directors. She needs someone that can tell the story and help them understand the business implications of targeted threats. If you're interested in becoming a member, or if you'd like to have someone from Red Sky talk with your senior management team, CEO, or board, drop us a note. I'm preparing an educational piece for my friend as we speak and I'm a huge fan of 'write once use many'!
Until next time,
Jeff
No comments:
Post a Comment