Learn More
Complimentary Dark Web Risk Reports

Immediately improve visibility of your organisations dark web exposure with our Dark Web Risk Report, zero obligation and free of charge. It only takes 60 seconds to request a report.

Linkedin-in

The Pyramid of Pain: Attack Disruption

In our last blog we investigated why traditional SOC methods are too slow and what good should look like through Attack Disruption. In this blog we are going to delve more into why Attack Disruption is so effective by making you a harder target through the analysis of the The Pyramid of Pain.

The Pyramid of Pain 

This is a diagram we’re sure you’ve come across, The Pyramid of Pain.  

Pyramid infographic showing the 6 stages of the pyramid of pain from the base Trivial - Easy - Simple - Annoying - Challenging - Tough
Pyramid of Pain Infographic.

The Pyramid of Pain is a conceptual model showcasing the different levels of difficulty and expense that an attacker might face when trying to avoid being detected and sustaining their attack in the realm of cyber security defences. 

This pyramid arrangement classifies various indicators and characteristics associated with cyber threats. At the base are the simpler and less costly elements to alter, such as hash values, IP addresses, and domain names. As you move up the pyramid, you encounter more intricate and expensive aspects to change, such as Tactics, Techniques, and Procedures (TTPs), as outlined in the MITRE ATT&CK framework. 

Utilising Attack Disruption puts your cyber security operations at the peak of this pyramid. Making the time and monitory effort required by a threat actor to go undetected in your environment much higher and as a result making your business a much less desirable target.  

But this diagram predominantly focusses on detection indicator which are just one of many components that form part of an effective Threat Detection & Response operation. So, what are the other core components and does this model apply to them? 

Threat Detection & Disruption Maturity Model 

What we have created here is a Threat Detection & Attack Disruption maturity model. 

Threat Detection & Attack Disruption maturity model. All stages described in the blog article.
Threat Detection & Disruption Maturity Model

As you can see, we have taken the Trivial to Tough rankings from the pyramid of pain, which are the column headings. Additionally, there are four other areas, on top of detection indicators, that we can use to assess how hard of a target a business is to a threat actor:  

  • Detection Surface/Coverage:

The reach of IT assets upon which we can detect attacker activity. 

It’s important to recognise that sophisticated detection indicators will not be as effective if only deployed to a small proportion of your total attack surface. Therefore, the next row applies the same ranking to the breadth, scale and sophistication of log analysis. Ranging from basic device log aggregation to full-on correlated behavioural analytics, traffic analysis and cyber deception. 

  • Attack Disruption:

The measure of how quickly an attack can be contained. 

At the challenging and tough end of this scale this relies on how assertively the built in automation capabilities of the more sophisticated SOC tools are activated. 

  • Secure Score, posture & ASR:

The indicator of our strong your company cyber posture and hygiene is. 

For those organisations that have Microsoft365 defender, Secure Score is a simple means to get a view on how well hardened the configuration of your environment is. Other posture maturity models and attack surface reduction scoring methodologies are available. To be a challenging target you want to be aiming at an equivalent Secure Score of greater than 65% 

  • Testing & Simulations:

How regularly a company tests the effectiveness of their current cyber operations.  

The final row in this table is Testing & Simulations. This is crucial to being able to answer the question of how quickly can you detect and disrupt attacker activity. 

Without validating that your detection rules will fire when expected and measuring how long it takes to contain threats, you can’t be sure that your initial SOC implementation is still functioning as expected. 

Attackers evolve their tactics, infrastructures expand and contract, users change roles and move data. So, this needs to be a regular activity to ensure operational effectiveness. 

All businesses should be operating in the Challenging and Tough columns, and this is where Attack Disruption allows you to operate.  

Make your business a poor investment for cyber criminals 

To sum it up, most threat actors are also running a business. They want the highest return on their investment possible, therefore they will focus their efforts on the easy wins. The businesses operating in the Trivial to Annoying columns will be the first on their target list.   

Move your business into the Challenging/Tough columns to make it harder for threat actors to target you.

Interested in how e2e-assure can enhance your cybersecurity with Attack Disruption? Contact our team. Our experts can provide more details about our services and arrange a demo to showcase Attack Disruption in action.

Related Posts

Risk, Regulation & Robots: Key Takeaways from the British Legal Tech Forum

The British Legal Tech Forum brought together some of the brightest minds in cyber security, legal tech, and regulatory compliance to discuss the ever-evolving risks

Read Article

Top 5 Dark Web Monitoring Benefits to UK Enterprises

Dark web monitoring benefits enterprise organisations by giving visibility of otherwise is a hidden cyber criminal activity on the dark web. Many organisations don’t realise

Read Article
Download Now

Latest Report: Future Proofing AI Adoption

In our latest independent research we surveyed 500 cyber risk owners and 1000 employees, to truly understand future internal threats for businesses in 2025. Read now to gain valuable insights on workforce disconnect and the threats from AI adoption.

Our Services
Navigation
Contact
Connect with us
Linkedin-in
Proud supporters of
sasig logo
Socitm partner badge 2025
© e2e-assure Ltd, 2024. Registered in England and Wales – Company number 08732893