Attack prediction and threat feeds
We have already discussed, in Chapter 3, Carrying Out Adversary Emulation with CTI, how CTI is supposed to help focus our efforts on what really matters, on what is likely to hit us. Attack prediction could be seen as part of a CTI practice. It follows the same mindset and should allow predicting what attacks we are going to face in the coming days or weeks.
Threat feeds are also a part of CTI. This is the tactical part of CTI that deals with IOC in the lower part of the Pyramid of Pain. Threat feeds can help add context to events.
Both topics will be covered in the next sections.
Prediction
We discussed prevention, hunting, and detection, so then what about prediction? This may look unrealistic but if implemented correctly, a prediction strategy could be an invaluable asset to anticipate incoming attacks and better understand our attackers' profiles. This part could represent itself as a dedicated book, but here, we tried to present...