Threat Intel, Detection and Response
Threat detection and response is one of the most complicated and dynamic areas of a Computer Network Defense strategy. There are many different views regarding how a Threat Detection operation should be implemented, however it is essential that the security posture of the enterprise is known by all tiers of analysts and incident responders. It is crucial that all individuals involved with the detection of malicious, anomalous, and suspicious activity be kept aware and advised of newly emerging trends, vulnerabilities, attack vectors, and the current status of devices within the infrastructure.
Threat detection and incident response is the core mission of the Cyber Security Operations Center (SOC). It is critical to the overall mission statement of a company to effectively formulate, and effectively implement a computer network defense threat detection and incident response methodology.
The objective of effectively implementing an intelligence driven CND strategy is to utilize a balanced approach. Balance is the key component of a strategy, wherein no methodology within the strategy is skewed such as to imbalance the goals and objectives of the global strategy. Imbalanced strategy implementation results in insecurity, and perhaps worse can result in unknown insecurity. The objective of a balanced CND strategy is to raise the level of risk of discovery of enemy actor actions. Enemy actors should never feel confident, nor should they ever feel safe conducting offensive operations against the target network.