



We need a shared taxonomy of threat actors. There is an excessive influx of distinct taxonomies of threat actors in cybersecurity, prioritizing pride, humor and competition among vendors over ease and friendliness for end users. Vendors claim that multiple naming taxonomies are necessary to “maintain accurate threat tracking and defense procedures.” However, their arguments do not live up to the evidence of the benefits that unique taxonomies provide. If they were to look at their entire world and even their own humanity, they would find a single taxonomy to refer to, which has brought nothing but ease, understanding, and innovation to scientific discovery. Considering historical lessons, I offer two recommendations: a taxonomy framework that serves end users greater utility than vendor pride, and an evidence framework to support threat actor classification. A page of history: biological taxonomy Man-made taxonomy has a rich global history. As early as 3000 BC in China under Shen Nung, an emperor of China, classified various minerals, plants and animals. In 1500 BCE, Egyptian taxonomists classified medicinal plants, and in 300 BCE, Aristotle, a Greek philosopher, made a significant contribution to the classification of organisms into plants and animals based on their attributes. Hundreds of years later, medieval thinkers would take these separate systems and explore a more philosophical classification that would lend a hand to the revolution that took place in the 18th century under Carl Linnaeus, a Swedish taxonomist who created the Linnaean system, a binomial naming system we know today. The Linnaean system brought order to the field of biological taxonomy by replacing subjective and ambiguous elements with a simple combination of genus and species. For example, the bee, which was previously called Apis pubescens, thorace subgriseo, etc., became Apis mellifera – a simple combination of genus and species. Carl Linnaeus’ work brought structure to the chaotic world of classification and is a great example of how a single taxonomy is beneficial. Basic Taxonomy Models The Linnaean system uses a hierarchical model to classify the biological system. There are two types of taxonomies: hierarchical and faceted. A hierarchical pattern (as shown below) moves from the point of origin to more specific groups until a branch results in a single species. From hierarchical systems, we can derive parent-child, associative, and equivalence relationships that semantically link concepts. Hierarchical systems are only useful when looking at relationships from a single “lens” or organizing principle. A practical example is a family tree. Faceted taxonomies, on the other hand, separate facets or attributes and group relevant taxonomies under them. This type of taxonomy allows very detailed feature combinations. A practical example can be applied to the facets of dresses. While a general category of dresses may sit in the center of the model, different facets, including sleeve length, general length, color, fabric, and size, may derive from this category to produce other relevant facets.

Cybersecurity vendors currently use a mix of hierarchical and faceted taxonomies. They use faceted taxonomies during their evidence gathering processes. The confluence of factors in a hierarchical taxonomy serves as the basis for naming their threat actors. After naming a threat actor, they use hierarchical taxonomies to study a single threat actor. Several systems are already in place to guide intelligence teams on their discovery journey: The Cyber ​​Kill Channel (Lockheed Martin): frames the logic of collecting information and evidence The intrusion analysis diamond model (US Department of Defense): serves as an intelligence-gathering methodology MITER ATT&CK framework (MITER): serves the TTP and technical mapping of attacks Combined, these systems can be beneficial for mapping evidence into a faceted taxonomy, of which I’ve drawn a high-level example below:

There is room for improvement in my model. This model is intended to serve as an evidence framework from which vendors and threat analysts can organize their conclusions. Please revise and/or enrich this template with your own comments. A way forward Most providers use a binomial naming system that only includes the motivation and origin of the threat actor. The naming structure that I propose is an enriched version of this binomial system. My proposed taxonomy has full utility and no filler words, which lacks economy. I also suggest that the system take into account the threat actor’s degree of impact, global reach, and level of activity.

Threat Intelligence end users care about the origin, reason, proximity and potential of any threat to their organization. In the model above, I’m maintaining the origin and motivation aspects of the binomial naming structure that most vendors have, although I urge that a unique code apply to origin and motivation. I refuse to reinvent the wheel because taxonomy revisions create legacy issues. Once tracking systems have categorized and labeled threat actor data for tracking, changes to taxonomy structures (aside from adding terms) without rendering existing nodes in the systems make threat actors harder to find. Modifying existing data is a huge headache. For pre-existing tagged threat actors, a formalized and unified system would only need a thesaurus data structure applied to establish an associative relationship or equivalence relationship between terms. This is the easiest way to get my proposed change implemented. With respect to the considerations I make in parentheses, these terms would be denoted by a one-letter abbreviation for the applicable grade of each consideration. The impact is the sum of the financial losses and damaged systems that the threat actor has accumulated. Reach allows end users to understand just how prolific these threat actors are on a global scale and helps researchers understand the limits or limited concentration of a threat actor for its face value. The activity level helps end users understand if a threat actor has been removed for disbanding, joining another force, or just sporadically active. Farewell words It is time to foster a collaborative and ethical spirit on attribution that serves the discipline of cybersecurity in a more mature, refined, and useful way. To the sellers: the value is not in the facade but in the usefulness of your discovery(s).

Sources 1/ https://Google.com/ 2/ https://www.infosecurity-magazine.com/blogs/naming-threat-actors-attribution/ The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos