THE GIBSEN METHODOLOGY
A New Way to See Cyber Incidents

THE GIBSEN METHODOLOGY

Framework Mapping
Framework Mapping
(MITRE, Mandiant, Lockheed)
TTP Identification &
Visualization
TTP Identification & Visualization
(APT Blocking Characteristics)
Remediation Actions
Remediation Actions
(Eliminate Latent Risks)
Incident Timeline
Incident Timeline
(Eliminate Latent Risks)
Attack Planes
Attack Planes
Cloud (Compute/Memory), Networks (Internal/External), Host (Memory/Storage)
Security Artifacts
Security Artifacts
(Alerts, Processes, Files, Emails, Ports, Endpoints, IoT)

Our threat hunters and incident response teams created the GIBSEN (Graphical Information Base for Security Event Notation) methodology to simplify and standardize how incidents are described, reported, and used for training. Our cyber teams have worked with the NSA, US Cyber Command, and F2000 cyberteams, and everyone had a different model and method of organizing and representing what occurred during a cyber incident.

GIBSEN templates, artifacts, and structures leverage collaborative graphics tools like Miro and Draw.io to centralize and accelerate incident documentation and reporting. Just as MITRE ATT&CK and NIST helped standardize threats, GIBSEN will provide a shared language and methodology for your team to standardize incident reporting and resolution. The GIBSEN Methodology maps the incident reports into popular reporting models, including:

THE GIBSEN METHODOLOGY

The GIBSEN Methodology will give your team a standard investigation method, reporting language, and operational model to quickly and accurately. Each node in a GIBSEN diagram documents a specific artifact category, the technical details, forensic logs, and analyst commentary required to respond to and report cyber incidents. This allows you to create top-level executive views and drill down to forensics-level evidence for the most detailed analysis. GIBSEN diagrams enable you to quickly identify and remediate causal events or patterns to create TTPs (Tools, Techniques, and Processes) to prevent entire families of attacks, not just individual IOCs.
  1. Cyber Linga Franca - GIBSEN will create a common language and reference model for cyber incidents requiring response, remediation, and reporting. This standard model will enable teams to work faster and reduce response times.
  2. Training Tools - GIBSEN diagrams are valuable training tools for internal, MSSP, and supply chain partners' SecOps teams. They are concise and actionable tools for sharing threat intelligence and training people and systems.
  3. Auditable Evidence - Auditors and cyber insurers need evidence of care of duty, remediation, and procedural updates to sign off on compliance, manage cyber insurance requirements, and provide governance reporting.
  4. TTP Rules - GIBSEN diagrams provide the information required to create TTP (Tools, Techniques, and Processes) to protect against families or attacks versus individual IOCs (Incidents of Compromise).
  5. Governance Reporting - At the end of the day, every organization has multiple forms of governance reporting required, and the GIBSEN methodology provides a thorough, concise, and easy-to-understand way to produce reports and map them to leading threat frameworks such as MITRE, Mandiant, and Lockheed.

GET THE LATEST NEWS

Sign up for the Arbitr ThreatOps feed with your business email.

CONTACT US