A. V. Ivanov, Ivan V. Nikroshkin, Igor A. Ognev, Maksim A. Kiselev
{"title":"Application of the Blue Team expertise tools in the process of monitoring information systems on the example of the TI platform (Threat Intelligence)","authors":"A. V. Ivanov, Ivan V. Nikroshkin, Igor A. Ognev, Maksim A. Kiselev","doi":"10.17212/2782-2230-2023-2-34-51","DOIUrl":null,"url":null,"abstract":"The purpose of this scientific study is to analyze the possibilities of increasing the effectiveness of protection against cyber threats through the use of Blue Team expert systems. The paper provides an overview of various Blue Team expert systems, including advanced detection and response (XDR) systems, information security incident response platforms (IRPs), incident management, automation and response (SOAR) systems, as well as cyber intelligence systems for threat analysis (TI). Threat Intelligence processes are analyzed, including the collection, analysis and interpretation of information about cyber threats. Particular attention is paid to the cyber intelligence platform for threat analysis – TI MISP, including the analysis of the data model of this platform. An example of working with the CVE-2022-26134 vulnerability is provided, demonstrating the effectiveness of using the TI MISP platform to identify threats and take measures to prevent them. At the end of the work, conclusions were drawn about the advantages and disadvantages of using a cyber intelligence platform for threat analysis. In this regard, the use of Blue Team expert systems, including the TI platform, in the process of monitoring information systems can significantly increase the efficiency of identifying computer incidents and provide more reliable protection of information infrastructure, despite their shortcomings.","PeriodicalId":207311,"journal":{"name":"Digital Technology Security","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-06-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Digital Technology Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17212/2782-2230-2023-2-34-51","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
The purpose of this scientific study is to analyze the possibilities of increasing the effectiveness of protection against cyber threats through the use of Blue Team expert systems. The paper provides an overview of various Blue Team expert systems, including advanced detection and response (XDR) systems, information security incident response platforms (IRPs), incident management, automation and response (SOAR) systems, as well as cyber intelligence systems for threat analysis (TI). Threat Intelligence processes are analyzed, including the collection, analysis and interpretation of information about cyber threats. Particular attention is paid to the cyber intelligence platform for threat analysis – TI MISP, including the analysis of the data model of this platform. An example of working with the CVE-2022-26134 vulnerability is provided, demonstrating the effectiveness of using the TI MISP platform to identify threats and take measures to prevent them. At the end of the work, conclusions were drawn about the advantages and disadvantages of using a cyber intelligence platform for threat analysis. In this regard, the use of Blue Team expert systems, including the TI platform, in the process of monitoring information systems can significantly increase the efficiency of identifying computer incidents and provide more reliable protection of information infrastructure, despite their shortcomings.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
