Distinction between Threat and Assault
In the realm of computer network security, two types of threats – structured and unstructured – pose significant challenges to organizations. These threats differ in their approach, detection methods, and the strategies used to counter them.
Structured threats are based on predefined, repeatable methods and known indicators of compromise (IOCs). They rely on established threat intelligence, signatures, or detectable patterns within the network or systems. Structured threat hunting often focuses on specific events, users, or devices known to be at risk due to recent vulnerabilities or contextual changes. This systematic approach prioritizes detection based on existing frameworks and historical data.
On the other hand, unstructured threats are less predictable and not constrained by known patterns. Unstructured threat hunting is more exploratory and intuition-driven, relying heavily on analysts’ experience and observations of unusual activities such as abnormal login attempts, irregular data flows, or subtle fluctuations in system performance. This form of hunting is valuable for detecting novel or emerging threats that have not yet been formally documented or identified by automated systems.
The distinction between structured and unstructured threats highlights that structured threats relate to identifiable, known attack patterns, while unstructured threats require a more flexible, creative analysis to detect the unknown or emerging threats.
Unstructured data, such as text, images, multimedia, increases the complexity of threats because it lacks a fixed format and is harder to secure with traditional tools, thus expanding the attack surface and resilience of unstructured threats.
Effective management of structured and unstructured threats requires a combination of systematic monitoring with adaptive, intuition-driven investigations. External threats originate from individuals or organizations working outside the company with unauthorized access to the computer systems and network, while internal threats occur due to authorized network access.
Attacks can be classified as active and passive. Active attacks attempt to change, damage, or control the system, while passive attacks quietly listen or watch to gather information without changing anything. Examples of attacks include Denial of Service, System Access Attacks, Viruses, Worms, Trojan horses, Spyware, Phishing, Botnets, Ransomware, and Breaches.
It's essential to remember that a threat is a warning or possibility of danger, while an attack is when that danger actually happens. Reconnaissance, the first step in most attacks, involves hackers quietly gathering information about a system or network to find weak spots they can later exploit.
In conclusion, understanding the nature of structured and unstructured threats is crucial for maintaining robust network security. By recognising the differences between these threats and employing appropriate strategies, organisations can better protect themselves against potential security breaches.
A trie can be utilized in cybersecurity to efficiently store indicators of compromise (IOCs) and signatures related to structured threats, thereby improving the detection of known attack patterns.
Data-and-cloud-computing technologies can play a vital role in streamlining the process of unstructured threat hunting by automating the analysis of large volumes of unstructured data, potentially identifying novel or emerging threats.
