An Analysis of Attacker Activity through NDR, EDR, and NGFW Data
The proliferation of AI has lowered the barrier for attackers, expanding the threat landscape. This white paper analyzes attacker activity using data from network detection and response (NDR), endpoint detection and response (EDR), and next-generation firewall (NGFW) solutions.
The report examines common MITRE ATT&CK tactics and techniques in 2023, including command and control (C2) methods, remote access trojans, credential abuse, and PowerShell-based malicious activity. It also presents a case study on the Rhysida ransomware group, detailing their tactics and providing recommendations for combating ransomware.
Use these insights to improve threat detection and response.