Applying Threat Intelligence to the Diamond Model of Intrusion Analysis>
Recorded Future – Cris Carreon
The Diamond Model of Intrusion Analysis is a popular cyberthreat analysis framework focusing on the adversary, capabilities, infrastructure, and victims.
Recorded Future threat intelligence can provide additional details to complement the Diamond Model analysis.
Key Points on the Diamond Model
Adversary – origin, identity, sponsorship, motivation, timeline
Infrastructure – compromised systems, C2 domains/servers/types, data management
Capabilities – reconnaissance, attack delivery, exploitation, malware deployment, tool development
Targets – geography, industry sector, individuals, data
Applying the Model
Used to analyze FIN8, LAPSUS$, and ICS threats by mapping interactions between model components like infrastructure and capabilities.
Benefits
Structured method to dissect incidents and develop mitigation strategies
Transitions teams from reactive to proactive security
Leveraging Recorded Future
Threat actor intelligence cards provide insight into adversary and infrastructure
Methods context maps to capabilities
Targets and operations detail potential victims
Key Takeaways
Diamond Model gives framework to analyze threats
Link: https://www.recordedfuture.com/blog/diamond-model-intrusion-analysis