The concept of “The Pyramid of Pain” was first introduced by David J. Bianco in 2013. Today, most security professionals are familiar with it as a construct for describing the usefulness and relative ease of acquiring threat data and intelligence.
Toward the bottom of the pyramid are indicators that are easier to obtain and work with – hash values, IP addresses and domain names. As you move up the pyramid, campaigns, adversaries and tactics, techniques and procedures (TTPs) come into play. Their value to you, as a security professional, increases dramatically, but these insights are also harder to obtain and use effectively without doing some groundwork. To gather the data and intelligence you need to fully detect and respond to threats, you need the ability to scale up and down the pyramid. With a platform that spans the entire journey you can aggregate internal and external threat and event data every step of the way, analyze and understand its relevance to you, and use it to strengthen your security posture.