Analysis paralysis occurs when you overthink and underwork. — Orrin Woodward So, you’re playing with Synapse (or it’s commercial version), it’s outstanding, you’ve sorted through lifting, creating data, maybe even added some Power Ups. Chances are, you’ve learned and started seeing the genius between the idea of nodes (which represent facts) and tags (which can be used to represent countless things, but notably assessments). You’ve probably even created a few....
Like everyone else I’ve been following the tragic war in Ukraine and mourning the loss of life and humanitarian crisis. Professionally as an analyst in the threat intelligence and computer network defense world I’ve been considering what this war and spillover means for defending networks, especially as organizations like CISA keep putting out bulletins regarding threats of Russian nexus adversaries. In situations with this level of uncertainty it’s entirely natural that our intelligence customers, whether that’s the most junior SOC analyst or executive like the CISO, keep asking what it means, what we can do, where the threats are, etc....
If you care about intelligence analysis and management tools (and I presume you do) you’ve hopefully heard about the Vertex Project’s Synapse intelligence… thing. Synapse starts as a little abstract, but once you understand you’ll see it’s a powerful intelligence workbench and data fusion system. I’m here to say it’s actually far easier than you think, worth the time you’ll put in, and ultimately you’ll find yourself doing far more accurate, fast, and comprehensive analysis....
Special Thanks to Ryan Kovar for the photo & delicious dinner. This is going to be one of those highly metaphor-driven posts I’ve done before (like using Hamilton in Waiting vs Passivity in DFIR). Bail out now or prepare to discuss where threat intel and American BBQ run into each other! What you call something matters in sharing it with others and framing intelligence programs. And lunch orders…...
Here’s a familiar scenario: A new threat is being whispered about. Maybe your office has someone with special access of some kind and they’re being a bit more secret squirrely than usual. The mailing lists you’re on are a buzz about a new piece of malware or vendor code name. You keep hearing about a paid only report that tells all. APT 46: EMPEROR PENGUIN is coming! When your boss asks about EMPEROR PENGUIN you have to say you don’t know much… but you’ve heard they’re very good, very advanced, well funded, with great opsec… obviously a serious threat aimed at hard targets (which your organization obviously is)....