Target Prediction - Cyber City Map

# Target Prediction [[Target Prediction]] is an [[Adversary Research]] capability in Cybersecurity, that combines attack surface, exploit insights, persona catalog and dwell insights to develop an attack maps for the purpose of predicting where adversaries are most likely to attack. These predictions help drive prioritization of security testing, control development, and security findings. ## Map ``` mermaid  graph TD Top[[Cybersecurity]] --- A[[Adversary Research]] A --- A.1[[Persona Management]] A --- A.2[[Dwell Analytics]] A --- A.3[[Exploit Management]] A --- A.4[[Target Prediction]] A --- A.5[[Adversary Intelligence]] %% Class Definitions %% ===================== class Top,A,A.1,A.2,A.2,A.3,A.4,A.5,A.6,B,B.1,B.2,B.3,B.4,B.5,C,C.1,C.2,C.3,C.4,D,D.1,D.2,D.3,D.4,D.5,E,E.1,E.2,E.3,E.4,E.5,E.6 internal-link,font-color:white; class Top cssClassL0; classDef cssClassL0 fill:black,stroke:black,stroke-width:4px,font-size:15px,font-color:white; class A,B,C,D,E cssClassL1; classDef cssClassL1 fill:darkblue,stroke:darkblue,stroke-width:4px,font-size:15px,font-color:white; class A.1,A.2,A.3,A.5,A.6,B.1,B.2,B.3,B.4,B.5,C.1,C.2,C.3,C.4,D.1,D.2,D.3,D.4,D.5,E.1,E.2,E.3,E.4,E.5,E.6 cssClassL2; classDef cssClassL2 fill:blue,stroke:blue,stroke-width:4px,font-size:15px,font-color:white; class A.4 cssClassCurrent; classDef cssClassCurrent fill:#2f9503,stroke:#2f9503,stroke-width:4px,font-size:15px,font-color:white; ``` ## Definition >[!success] Definition >Target prediction is the analysis of an organizations assets, vulnerabilities, adversary interest, and the objectives of their adversaries to develop an attack map for the purposes of predicting where an adversary is most likely to attack. # Goals >[!cm-goal] Goal 1 >**Asset and Vulnerability Analysis** - as part of the analysis of an organizations assets you should map potential vulnerabilities to assets to help identify where adversaries will look to achieve their objective. >[!cm-goal] Goal 2 >**Persona Based Attack Maps** - complete catalog of attack maps that cover an organizations assets and specific to their adversary personas. # Scope The scope of Target Prediction covers all assets in an organization and should cover all adversary personas an how they may abuse those assets. # Process ```mermaid flowchart LR A1[Persona Catalog] --> B1[1. Understand Adversary Objectives] B1 --> C1[2. Map Objectives to Opportunity Assets] B2[Attack Surface Data] --> C1 C1 --> D[3. Map Opportunity Assets to Vulnerability Insights] C2[Vulnerability Insights] --> D D --> E[5. Map Dwell To Opportunities] E --> F[Share High Likelihood and Dwell Assets] ``` # Metrics >[!cm-metric] Metric: % coverage of attack surface by attack maps >[!cm-metric] Metric: % coverage of adversaries represented in attack maps >[!cm-metric] Metric: Average Expected Dwell >[!cm-metric] Metric: Crown Jewel Targets vs. Total Targets # Inspiration & Resources + https://www.issquaredinc.com/insights/resources/blogs/identify-the-behavior-of-cyber-adversaries + https://www.mitre.org/sites/default/files/publications/characterizing-effects-cyber-adversary-13-4173.pdf + https://blog.bfore.ai/using-predictive-ai-to-protect-against-holiday-phishing-scams-and-other-brand-threats # [Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.