Threat attribution is nothing new in cyber threat intelligence. Market leaders like Fireye, Mandiant, and Crowdstrike do excellent work identifying the unique fingerprints of various threat actor groups and attributing new threats to those groups. Seclytics’ Augur PDR takes threat attribution one step further. Augur’s predictive intelligence works by identifying and grouping threat infrastructure being set up by APTs and threat actor groups ahead of any attacks. Augur enhances this data by cross-referencing its predictive infrastructure data with available threat attribution data to create a much more complete picture of what groups will attack, where they will attack from, and what form their attacks might take. ‍

‍

Threat Attribution – How and Why
‍In layman's terms, threat attribution is typically done by identifying tactics, techniques, and procedures (TTPs) used by attackers to develop a unique fingerprint that identifies a group’s activities. Threat actors commonly try to disguise their attacks or mislead researchers, so it is important to dig deeper than surface indicators. According to a recent article in The Journal of Cyber Security Technology, “tools and TTPs are high-fidelity indicators since it is hard for a Threat Actor to change tools and even harder to change behavior.”

Threat attribution is crucially important to detect attacks as early as possible and to understand how attacks will proceed and the likely scope. According to a recent blog post on threat attribution automation from Microsoft, “How an attack proceeds depends on the attacker’s goals and the set of tactics, techniques, and procedures (TTPs) that they utilize to achieve these goals. Hence, quickly associating observed behaviors and characteristics to threat actors provides important insights that can empower organizations to better respond to attacks.”

Another recent post on Dark Reading makes the same conclusion. “Failing to attribute a threat to the right adversary properly can have moderate to more serious consequences. Chasing down the wrong perpetrator can result in wasted resources, not to mention being blinded to the more pressing danger.”‍

‍

How Augur Extends Threat Attribution
‍Augur extends the reach of traditional threat attribution by correlating available threat attribution data with its own unique predictive data on attack infrastructure. When the two datasets are combined, a much more complete picture of the threat landscape emerges. After analyzing attack attribution data in parallel with Augur’s threat actor infrastructure profiles, the platform uses machine learning to connect the dots between current attacks and all the attack infrastructure associated with these threat actors. Broken down to its simplest level, Augur’s threat attribution capabilities add a valuable layer of protection by allowing your organization to attribute attacks more quickly, accurately, and completely. ‍

‍

Leveraging Advanced Threat Attribution to Take Action – PDR
‍Augur’s PDR (Predictive Extended Detection & Response) capabilities mean that the platform can orchestrate and automate your response to these emerging threats, taking pressure off your SOC and reducing overall risk. Augur’s highly accurate predictions (less than 0.01% false positives) and wide range of system integrations allow Augur to create automated blocklists that can be integrated across your firewalls, EDR, Web proxies, email, DNS, and Cloud to automate enforcement. You can also manage all your enforcement integrations within Augur’s powerful dashboard. Augur also provides advanced enrichment data and context to support your threat hunters when they need to look more deeply into a threat.

‍