IT disaster recovery, cloud computing and information security news

IT risks come in various shapes and sizes– some obvious and others far more difficult to predict. However, many attack scenarios are now easier to address due to the identification of threat patterns, which are a set of characteristics representing suspicious behaviors in security platforms. Using these threat patterns, enterprises can prevent and mitigate a wider range of IT risks despite the complexity of network topologies and the variety of enterprise applications and technologies that need to be defended.

ISACA’s most recent white paper, ‘Threat Pattern Life Cycle Development’, takes this approach a step further by introducing a simple and well-defined process derived from the software development life cycle (SDLC). This approach to designing and implementing threat patterns helps increase threat detection rates and limits the need for the security operations center (SOC) to deal with false positives.

“Enterprises can gain a better understanding of security threats through the deployment of threat patterns in security monitoring solutions,” said Demetrio Milea, one of the co-authors of the paper. “By taking the same structured approach commonly used in software development, the SOC can identify and focus on more specific threat patterns while detecting issues more quickly and minimizing the effort needed to deploy detection techniques.”

"Attack vectors are not static, and advanced attacks are hard to detect,” said Davide Veneziano, the paper’s other co-author. “As a result, a one-off effort is usually insufficient and tends to make the pattern itself static and only useful for a limited time."

The threat pattern life cycle includes the following phases:

  • Analysis
  • Design
  • Development
  • Testing
  • Evolution

For each life cycle phase, ISACA presents vital questions that organizations need to answer before defining, developing and evolving modeled threat patterns. Through this structured approach and software development mindset, enterprises can develop threat management capabilities to better protect their assets, address IT security risk, mitigate existing threats and maximize the limited resources available in the SOC.

Obtain the document.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.