How Target Connects Threat Intel Analysis and Detection Teams to Overcome Communication Barriers
Hey, folks, let’s chat today about a groundbreaking method that one massive retailer has developed to handle an age-old issue in cybersecurity – having too many pieces of threat intelligence with no way to analyze or communicate that info effectively. That main barrier of information sharing across security domains is what the so-called “WAVE” system was designed to knock down.
So, what exactly is this WAVE system? Spearheaded by the team at the big-box giant, it’s a Workflow for Adversary Verification & Evaluation matrix specifically intended to predict, detect, and assign attribution to the tactics, techniques, and procedures (TTPs) of potential threats.
And the coolest part, WAVE incorporates aspects of other existing helpful frameworks, like the Diamond Model for Intrusion Analysis, MITRE ATT&CK, and Lockheed Martin’s Cyber Kill Chain Model. Therefore, it creates an easily digestible and practical approach to address threat intelligence.
But, as some notable folks in the industry have observed, while the advancements made by WAVE are awesome, they reveal that we’re still navigating the early stages of refining cyber threat intelligence to be a more robust ability.
Why is this? Well, the average person could care less about the technical specifics of a threat group or its preferred TTPs. That said, what they absolutely need to know is how their company can gain visibility into these threats for the purpose of protection and incident prevention.
Let’s talk about how WAVE works. It gives comprehensive context to a company’s security teams by creating a common language for everyone. This better prepares the team to prevent damage from attacks and fills communication gaps between threat analysis and detection.
TTPs, or the method by which a threat group carries out their devious deeds, can appear in two main ways. They can be common in a specific threat group’s everyday activity, or used frequently by multiple threat groups. Owning that knowledge allows security teams to put threat prevention and patching at the forefront and assign a certain group’s attack flow can support tracking subsequent activity.
And here’s the kicker: this well-rounded, updated method has been so successful, it’s equipped an organization that was blindsided by a data breach a few years ago to remain vigilant against potential incidents.
However, while WAVE integrates wonderfully with existing frameworks, the problem with most of them is that they’re not scalable. Therefore, one of the noteworthy things about WAVE is that smaller teams across different domains can utilize it competently.
Even better, it’s propelled this big-box behemoth to share its lessons and threat intelligence with industry colleagues, even going as far as sharing the WAVE system. So, it’s not just about protecting their organization, but about helping create a safer environment for other businesses, too. And that, my friends, is something worth cheering on. And just another step toward making the digital landscape a safer place!
by Morgan Phisher | HEAL Security