Analyse threats

Threat analysis refers to identifying potential adversaries and their intentions and capabilities:

  • Who is the adversary?

  • What are the adversary’s goals?

  • What tactics, techniques, and procedures does the adversary use?

  • What critical information has the adversary obtained, if any?

The task of the red team is to emulate an actual attack so that the blue team discovers its shortcomings (if any) and becomes better prepared to face incoming threats. The blue team’s main objective is to ensure the security of the organisation’s network and systems. The intentions of the blue team are to keep the red team out of their network. The blue team is considered our adversary as we have conflicting objectives. The blue team’s capabilities might not always be known at the beginning.

Malicious third-party players may have different intentions and capabilities and pose a threat as well. This party can be someone with humble capabilities scanning the systems randomly looking for low-hanging fruit, or it can be a skilled adversary targeting the client systems. The intentions and the capabilities of this third party make them an adversary too.

threat = adversary + intent + capability