Elevate your Threat Detections using the Almighty Pyramid of Pain

Hey friend, welcome back!

Today we will be taking a look at “The Pyramid of Pain” and how you can make bad guys cry.

The pyramid is an illustration that shows how some IOCs (Indicators of Compromise) are more difficult for an adversary to change than others. Its creator, David J Bianco, claims that denying the adversary certain indicators causes them a greater loss (more pain) than denying them others. Because of this, a defender should aim to target the indicators that cause a greater loss to the adversary. This loss is the time it would take an adversary to reproduce the IOC. The pyramid has become a cornerstone of many Cyber Threat Intelligence (CTI) teams and platforms, with its use guiding many security architects in their deployment of security solutions.

To understand the pyramid, and why it is so important, we must first consider what an IOC is and how they are used by defenders.

According to CrowdStrike an IOC is “a piece of digital forensics that suggests that an endpoint or network may have been breached” and these clues can aid a security professional in determining if the malicious activity has occurred. A defender will use IOCs in three ways:

• They will use an IOC to determine if an endpoint or network has been…