Threat Intelligence Framework for Vulnerability Identification and Patch Management for Virtual Environment

Virtualization has become the way of working for the organization in the 21st century. Everything connected to the cloud and workforce moves to virtual machines, and network data is generated exponentially, so make the threats to networks. With attacks getting sophisticated day-to-day cyber security teams must implement new techniques to keep attackers from stealing confidential information from the organizations. Developing patches for these attacks for virtual machine environments is difficult as the attack can happen in any form, and prioritizing patch development is a difficult task with limited information. Threat intelligence is one technique that gives security teams an edge to identify an attack in its root stage by gathering information from different sources. But threat intelligence is usually obtained in an unstructured manner from public sources such as security blogs, mailings, and organization-specific services. Threat intelligence integrated with internally collected network data can identify stressed areas in the network, attacks that usually go unnoticed. Threat intelligence also provides information about attacks, vulnerabilities, and procedures to avoid getting exploited in different organizations. In this paper, we propose a theoretical model for identifying vulnerabilities using internal and external threat intelligence and prioritization of patches based on the impact and sensitivity of the exposed data.