Towards augmented proactive cyberthreat intelligence

• In cyber crimes, attackers are becoming more inventive with their exploits and use more sophisticated techniques to bypass the deployed security system. These attacks are targeted and are commonly referred as Advanced Persistent Threats (APTs). The currently available techniques to tackle these attacks are mostly reactive and signature based. Security Information and Event Management (SIEM), a proactive approach is the best solution. However, the major problem with SIEM is tackling huge amount of data in real time that makes it a time consuming and tedious task for security analyst. The use of threat intelligence caters to such issue by prioritizing the level of threat. In this paper, we assign risk score and confidence value to each feed generated at our product “T-Eye platform”. On the basis of these values, we assign a severity score to each feed type. Severity score assigns a level to the threat means prioritize the threat. The results, we achieved for prioritizing the threat is more apparent and accurate. In addition, we optimize the rules of IBM-Q-Radar by using threat feeds generated at T-Eye platform. Furthermore, a huge amount of false positive alarms generated at IBM Q-Radar is reduced to a certain extent.

Nyckelord

Confidence

IBM Q-Radar

Risk score

Rules

Severity

T-Eye feeds

T-Eye platform

Artificial intelligence

Computer programming

Radar

Publikations- och innehållstyp

ref (ämneskategori)

art (ämneskategori)