The "diamond model of intrusion analysis" uses a diamond shape to represent the four core aspects of any malicious activity: 😉
|
|
|
|
| Information about the threat actor carrying out the intrusion, including their motives, capabilities, resources, and attribution. This can include identifying individuals, groups, or organizations. | The tools, techniques, and procedures used by the adversary. This includes malware, exploits, hacking methods, and any capabilities needed to achieve their objectives. | The systems, servers, devices, and networks compromised or used by the adversary to enable and support their intrusion activities. | The targets of the intrusion, including organizations, individuals, data, and systems compromised. Understanding victimology helps identify adversary targeting patterns. |
The adversary, the capability, the infrastructure, and the victim. The diamond shape also shows the connections and relationships between these aspects, as well as the phases and results of the intrusion. The diamond model is a useful tool for security analysts to understand, document, and communicate about cyber threats.
Jumping right in, we must identify adversary, which is aka the attacker. Where attackers are usually alluded to creation or destruction for an unwanted cause. In other words, something undesirable because it is under the category of enemy. Defined, from their actions, will be creating and/or resulting in conflict.
Comments
Post a Comment
Comment section