Enriching Threat Intelligence Platforms Capabilities

Mario Faiella; Gustavo Gonzalez-Granadillo; Ibéria Medeiros; Rui Azevedo; Susana Gonzalez-Zarzosa

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

Enriching Threat Intelligence Platforms Capabilities

Topics: Management of Computing Security; Risk Assessment; Security Management; Security Metrics and Measurement

In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications SECRYPT - Volume 1, 37-48, 2019 , Prague, Czech Republic

Authors: Mario Faiella ¹ ; Gustavo Gonzalez-Granadillo ¹ ; Ibéria Medeiros ² ; Rui Azevedo ² and Susana Gonzalez-Zarzosa ¹

Affiliations: ¹ Atos Research & Innovation, Cybersecurity Laboratory and Spain ; ² LASIGE, Faculty of Sciences, University of Lisboa and Portugal

Keyword(s): Threat Intelligence Platforms, Open Source Intelligence (OSINT), Data Enrichment, MISP, Threat Score.

Related Ontology Subjects/Areas/Topics: Data and Application Security and Privacy ; Information and Systems Security ; Information Assurance ; Management of Computing Security ; Risk Assessment ; Security in Information Systems ; Security Management ; Security Metrics and Measurement

Abstract: One of the weakest points in actual security detection and monitoring systems is the data retrieval from Open Source Intelligence (OSINT), as well as how this kind of information should be processed and normalized, considering their unstructured nature. This cybersecurity related information (e.g., Indicator of Compromise - IoC) is obtained from diverse and different sources and collected by Threat Intelligence Platforms (TIPs). In order to improve its quality, such information should be correlated with real-time data coming from the monitored infrastructure, before being further analyzed and shared. In this way, it could be prioritized, allowing a faster incident detection and response. This paper presents an Enriched Threat Intelligence Platform as a way to extend import, quality assessment processes, and information sharing capabilities in current TIPs. The platform receives structured cyber threat information from multiple sources, and performs the correlation among them with bot h static and dynamic data coming from the monitored infrastructure. This allows the evaluation of a threat score through heuristic-based analysis, used for enriching the information received from OSINT and other sources. The final result, expressed in a well defined format, is sent to external entities, which is further used for monitoring and detecting incidents (e.g., SIEMs), or for more in-depth analysis, and shared with trusted organizations. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 18.224.63.87

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Faiella, M.; Gonzalez-Granadillo, G.; Medeiros, I.; Azevedo, R. and Gonzalez-Zarzosa, S. (2019). Enriching Threat Intelligence Platforms Capabilities. In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - SECRYPT; ISBN 978-989-758-378-0; ISSN 2184-3236, SciTePress, pages 37-48. DOI: 10.5220/0007830400370048

@conference{secrypt19,
author={Mario Faiella. and Gustavo Gonzalez{-}Granadillo. and Ibéria Medeiros. and Rui Azevedo. and Susana Gonzalez{-}Zarzosa.},
title={Enriching Threat Intelligence Platforms Capabilities},
booktitle={Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - SECRYPT},
year={2019},
pages={37-48},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0007830400370048},
isbn={978-989-758-378-0},
issn={2184-3236},
}

TY - CONF

JO - Proceedings of the 16th International Joint Conference on e-Business and Telecommunications - SECRYPT
TI - Enriching Threat Intelligence Platforms Capabilities
SN - 978-989-758-378-0
IS - 2184-3236
AU - Faiella, M.
AU - Gonzalez-Granadillo, G.
AU - Medeiros, I.
AU - Azevedo, R.
AU - Gonzalez-Zarzosa, S.
PY - 2019
SP - 37
EP - 48
DO - 10.5220/0007830400370048
PB - SciTePress