Threat Detection: The Need for Common Taxonomy
Looking into the field of Security Analytics, one will realize that the industry doesn't always speak the same language when it comes to detecting cyber-attacks. Each and every organization sees the need to detect threats and a variety of vendors build capabilities to achieve just that. What kind of threats though? Do we always have a common language allowing security operations teams to map out the threat landscape, assess their capabilities, and identify their needs? Do security and incident response teams have security tools today that speak this same language?
Let us quote Thomas Mann here: “You ask what is the use of classification, arrangement, and systemization? I answer you: order and simplification are the first steps toward the mastery of a subject — the actual enemy is the unknown.”
The security industry needs to seek more systemization in the types of threats it deals with. For instance, one might separate attacks exercising a more-or-less automated machine-driven activity vs. those that exhibit unpredictable human-driven behaviour delivering towards rather complex strategy. Great starting point for such separation would be the Gartner CARTA framework. Without telling these nuances apart, and without understanding the complete attack narrative though, the security practitioners are flying blindfolded.
Petr Černohorský
Petr Cernohorsky is currently a Global Product Manager at Cisco Systems, working on detection strategies for Advanced Threat Solutions within the Security Business Group. Petr holds a master’s degree in Software Engineering and doctorate in Modeling and Simulations, he has held various Engineering and Management positions.
Phone: +420 737 215 220
E-mail: