Given the vast amount of known threat indicators and the level of network activity today, automation has become a necessity. It’s often difficult and time consuming for human analysts to efficiently manage large amounts of granular data and a wide range of cognitive biases. Therefore, manual threat correlation is often too slow to keep up with the amount of data generated, results include a high number of false negatives and positives, and outputs are not always reproducible.
However, performing manual threat correlation processes will remain crucial. The human brain’s ability to leverage well-formed biases and perform higher-order reasoning is essential for assessing the validity and value being provided by whatever solutions your organization uses as well as building your cyber threat management team’s knowledge base. Thus, even when automated methods are employed, the final tier of analysis typically uses these human abilities for sense-making before any actions are taken.
Conduct your own research and discuss with the group the following:
- Field Techniques of Comparison?
- Rules for Based Matching?
- What is Fuzzy Matching?
How threat actors can evade detection via threat correlation ?