Singular atomic-based detections have been the foundation for threat detection in security operation centers (SOCs); however, atomic-based detections alone are not enough – the concept has proven unreliable, yielding noisy detections with short operational lifespans. The pyramid of pain categorizes the various detection levels with threat actor tactics, techniques, and procedures (TTPs) being the goal of detection. The apex is where threat detection should move since understanding threat adversary objectives help to eliminate the focus on chasing dynamic and easily changeable indicators.
Reliance on a single identifier is no longer enough; instead, the atomic components should be structured in sequences to enable behavioral-based detection. Anvilogic is putting our detections deep in the fire to forge a strong security framework. The framework is sequence behavioral-based detections that can help to hone in on the attacker’s core objectives to provide a threat detection model that has been designed to hold its long-term strategic value, making it largely future-proof with the flexibility to modify as new TTPs are identified, while also giving security teams the ability to expand and easily detect for any unknowns.