If you’ve been in cybersecurity for the past five to 10 years, you’ve likely heard the term “threat-informed security.” Simply put, threat-informed defense focuses security teams, technology, and budgets on those threats that can impact a specific organization, industry, location, etc.
The concept basically coincides with a famous (and often referenced) quote from Sun Tzu: “If you know the enemy and know yourself, you need not fear the outcome of a hundred battles. If you know yourself but don’t know the enemy, then every victory won will also be defeated. If you do not know the enemy or yourself, you will be defeated in every battle.”
To put this in cybersecurity terms, security teams need to monitor the tactics, strategies, and processes (TTPs) of their adversaries, understand how these TTPs can be prevented or detected through their security controls, and then make any necessary changes to close the gaps between them. their defenses.
Source link