Podcast
Questions and Answers
What is the main purpose of defining a new Activity Group?
What is the main purpose of defining a new Activity Group?
- To focus on attribution of intrusions
- To track how intrusions are carried out (correct)
- To prioritize the Adversary vertices
- To change the mathematical formula in the paper
Why is it emphasized that Activity Groups are not about attribution?
Why is it emphasized that Activity Groups are not about attribution?
- To encourage defenders to solely prioritize Infrastructure and Victim vertices
- To avoid carrying too much analytical baggage related to Threat Actors (correct)
- To make it difficult for defenders to track threats
- To promote false flag operations by adversaries
What would be disrupted if another adversary pretends to be another adversary (false flag)?
What would be disrupted if another adversary pretends to be another adversary (false flag)?
- The priority given to Adversary vertices
- The concept of Activity Groups
- The mathematical formula for defining Activity Groups
- The tracking of how intrusions are done (correct)
Why are defenders told to defend against Activity Groups rather than Threat Actors?
Why are defenders told to defend against Activity Groups rather than Threat Actors?
What is the focus of threat intelligence?
What is the focus of threat intelligence?
How are targets and victims defined in the context of cyber threats?
How are targets and victims defined in the context of cyber threats?
What do Tactics, Techniques, and Procedures (TTPs) represent in the context of adversary activity?
What do Tactics, Techniques, and Procedures (TTPs) represent in the context of adversary activity?
What is the difference between targets and victims in a cyber threat context?
What is the difference between targets and victims in a cyber threat context?
What do most people mean when they refer to signatures in the security industry?
What do most people mean when they refer to signatures in the security industry?
In the context of security, what does behavioral analytics aim to identify?
In the context of security, what does behavioral analytics aim to identify?
What is an example of a simple behavioral analytic mentioned in the text?
What is an example of a simple behavioral analytic mentioned in the text?
How should indicators and past events be leveraged according to the text?
How should indicators and past events be leveraged according to the text?