Products & Services
RSS

What is the Diamond Model of Intrusion Analysis? Why Does It Matter?

5.30.2022TeamT5 Media Center
Share:

What is Diamond Model of Intrusion Analysis?

The Diamond Model of Intrusion Analysis is a model to describe cyber attacks. It contains 4 parts - adversary, infrastructure, capability, and target. It gives analysts a comprehensive view of cyber attacks.
  • Adversary: Where are attackers from? Who are the attackers? Who is the sponsor? Why attack? What is the activity timeline and planning?
  • Infrastructure: Infected computer(s), C2 domain names, location of C2 servers, C2 server types, mechanism and structure of C2, data management & control, and data leakage paths
  • Capability: What skills do the attackers have to do reconnaissance, deliver their attacks, attack exploits and vulnerabilities, deploy their remote-controlled malwares and backdoors, and develop their tools.
  • Target: Who is their target country/region, industry sector, individual, or data?

Why Does It Matter?

For various cyber attacks, the diamond model of intrusion analysis can help enterprise cybersecurity teams find system breaches and deal with them. By doing so, they can successfully achieve cybersecurity defense goals.
What_is_Diamond_Model_of_Intrusion_%20Analysis_pic_en.jpg
Diamond Model of Intrusion Analysis

*Image courtsey of Pixabay
5.30.2022TeamT5 Media Center
Share:

Related Post

Products & Services
5.23.2022

What is Cyber Threat Intelligence (CTI)? Why Does It Matter?

cyber threat intelligence, threat hunting, 威脅情資, 資安情資
Products & Services
6.13.2022

What is Cyber Kill Chain? Why Does It Matters?

threat hunting, cyber threat intelligence, 威脅情資, 資安情資