Open to Non-MembersJoin RH-ISAC and Palo Alto Networks for a presentation that will provide attendees with a deep dive into what the Unit 42 Attribution Framework is and how organizations can implement it into their CTI program.
Overview
Threat actor attribution has traditionally been considered more art than science, often relying heavily on a few threat researchers to confirm observed activity. This approach is unsustainable and contributes to confusion in naming threat groups. We have addressed this by creating the Unit 42 Attribution Framework, while leveraging the excellent work of the Diamond Model of Intrusion Analysis.
The Unit 42 Attribution Framework provides a systematic approach for analyzing threat data. This framework facilitates the attribution of observed activities to formally named threat actors, temporary threat groups or activity clusters. A core component is the integration of the Admiralty System, where we assign default scores for reliability and credibility to each evidentiary object. This methodology, which allows for researcher discretion in adjusting scores, is fundamental to the tracking of threats and elevates the efficacy of intelligence collection and analysis.
Presented by: Robert Falcone, Distinguished Engineer, Unit 42
