Track adversary behavior in real-time with Threat Actor Insights Cards

Threat IntelligenceTrack adversary behavior in real-time with Threat Actor Insights Cards Accelerate threat actor profiling15 sec-summaryUnderstanding your adversaries’ tactics, techniques, and procedures is fundamental to securing your attack surface. Your threat actor profiles should reflect recent and historical activity, target industries, malware, vulnerabilities, Tactics, Techniques, and Procedures (TTPs), and threat intelligence reports.With Feedly’s Threat Actor Insights Cards, you can:Get an up-to-date 360° view of threat actors. Quickly develop insights about new threat actors targeting your industry or update known adversary profiles.Profile threat actors with context. Learn their TTPs, malware (including ransomware), and the vulnerabilities they exploit.Dive deep to plan your threat hunts. Read linked intelligence reports, launch from TTPs to MITRE ATT&CK Navigator, extract detection rules, or pivot to CVE or Malware Insights cards.Threat Actor Insights Cards are created for every threat actor and their recognized aliases. Feedly AI also searches for new threat actors, creating new Insights Cards when they are discovered and updating them in real-time as new information is published. These cards help you quickly assess the threat to your organization and stay ahead.“The Threat Actor Insights Cards are incredible. They are an amazing source of information providing everything you need in one place about a specific APT group.”Daniel Schmidt, Security Analyst, Cyber Defense Center, gematikStart Free TrialThe challenge with tracking threat actorsKeeping up with threat actors is difficult.They constantly change their tactics, techniques, and procedures (TTPs) to evade detection. New adversaries emerge regularly, bringing novel methods. And, most groups are known by multiple aliases (Lazarus Group has over 40).As of this writing, CrowdStrike tracks over 230 threat actor groups, and Microsoft tracks over 300. Keeping up with all of them would be a monumental task requiring a team of analysts and expensive vendor services. It’s why most cyber threat teams focus on a narrower set of adversaries, often those known to target their industry, supply chain, or country.Yet, with this more focused approach, organizations still risk missing new threat actors, shifts in TTPs, malware used, or CVEs exploited.Feedly helps teams discover new threat actors or changes in their behaviors with the TTP Dashboard and AI Feeds. Threat Actor Insights Cards are another tool to aid adversary research, providing a consolidated view of a threat actor. Teams can launch a Threat Actor Insights Card to learn more about a new threat actor or see updated news or TTPs on their tracked adversaries.Get an up-to-date 360° view of adversaries with Threat Actor Insights CardsEach day, Feedly AI scans millions of articles, searching for threat indicators, tagging entities and objects, and logging them in the Feedly Threat Graph. This gives Feedly unique insights into the relationships between threat actors and their techniques, malware, CVEs, etc., enabling the dynamic creation of Threat Insights Cards for any threat actor.Threat Insights Cards provide real-time updated profiles of adversaries (including aliases), as well as:Trending activityTargeted countries, organizations, and industriesTactics, techniques, and procedures (TTPs)Associated malwareExploited vulnerabilitiesDetection rulesArticles that link threat actors to the techniques, malware, CVEs, etc.You can even filter Insights Cards by time frame to identify recent or longer-term trends in activity or TTPs.OilRig (APT34) Threat Actor Insights Card showing the threat actor overview, aliases, and article mentions.Profile threat actors with contextCreating a threat actor profile requires searching through open sources and understanding their TTPs, malware, and attack vectors used. It can involve reading dozens of reports or articles, searching for relevant information, following links, synthesizing findings, and writing reports.Threat Actor Insights cards pull data from the Feedly Threat Graph about relationships between threat actors and techniques, malware, CVEs, etc. The cards present this information in a comprehensive, simple-to-read format that gives you the full context as they analyze threat actors, accelerating their work and minimizing blind spots.Here, we show the Threat Actor Insights card for OilRig (APT34) again, this time focusing on their TTPs and exploited vulnerabilities.It also features TTPs and exploited vulnerabilities.If we scroll further, we see detection rules and threat intelligence reports containing more context for the linked indicators and TTPs.Easily download detection rules and visit threat intelligence reports mentioning the threat actor group.Finally, we see new articles with links to the threat actor to get the most current information.Dive deep to plan your threat huntsPlanning effective threat hunts requires deeply understanding your adversaries’ tactics, techniques, and procedures, including the malware and attack vectors they use. To improve your efficiency, you may want to look for multiple threat actors using similar TTPs.Threat hunters may start with the TTP dashboard to quickly see which TTPs are trending among adversaries. Alternatively, you can start with the Threat Actor Insights Card and link to the procedures and mitigations to read more about them.From there, you can launch MITRE ATT&CK Navigator:Or pivot to CVE Insights Card to learn more on how vulnerabilities are exploited:Or Malware Insights cards to learn how to protect against malware:You might even find some detection rules or IoCs to help you search for adversary behavior in your environment:In short…Whether you want to quickly get up to speed on a new adversary targeting your industry or keep up with behavior shifts by known threat actors, the Threat Actor Insights Cards are a great place to start. They are updated in real-time with newly published information and contain the context needed to create profiles or plan threat hunts such as their targets, TTPs, malware used, and vulnerabilities exploited.Stay informed with threat actor insights cardsDiscover, assess, and respond to the latest threat actor activity.Start Free Trial
Source: Internet Gov forum