I’m excited to see that they’re Re-introducing the Cyentia Research Library, with cool (new?) features like an RSS feed. There are over 1,000 corporate research reports with data that companies paid to collect, massage, and release in a way they felt would be helpful to the rest of the world.
The Cyentia Library lets us see what people are doing in terms of research and data. We can get an understanding of what the industry thinks is important or at least visible, and what we write about in consistent ways.
And as I look at the topic map, I note some things. There’s topics for ‘misconfiguration,’ and ‘human error’ but not ‘vulnerability exploitation’ or even the ever-popular ‘hacking’ as a cause of breach. There’s no ‘feature abuse’ or ‘account takeover.’ My longstanding interest in how attackers get access is underserved. There’s no category for attack vector or root cause or kill chain analyses. There are ‘criminal group,’ ‘extortion,’ ‘financial gain,’ ‘larceny and loss,’ ‘ransomware’ and ‘threat actor.’
To be clear: I mean no criticism of Cyentia for exposing these things. I am grateful for their work, and how it shines a light on where we are.
When I comment that “how attackers get access” is underserved, what I mean is that its insufficiently well addressed in 2000 reports to have emerged or been noticed by the NLP and manual analyses.