Keywords: cyber intelligence, information security incident monitoring and response center, cyber intelligence platform, cyber-intelligence data management system
Cyber Threat Intelligence Data Management System
UDC 004.056
DOI: 10.26102/2310-6018/2021.32.1.020
The problem of increasing the efficiency of information dissemination about new threats is considered. Traditional methods of information security incident information exchange are practically not scalable and, as the number of incidents increases, they no longer cope with their task. The workload on the specialists involved in monitoring the state of the information system increases significantly, and the efficiency of their work decreases. The aim of the study is to increase the efficiency of the center for monitoring and responding to information security incidents by deploying a software platform for managing cyber intelligence data. The object of research is a center for monitoring and responding to information security incidents, the subject of research is a cyber-intelligence data management system. The approaches to the implementation of cyber intelligence as part of the center for monitoring and responding to information security incidents have been analyzed, an overview of the functionality of existing solutions has been made, and a plan for deploying a cyber-intelligence platform as part of the center for monitoring and responding to information security incidents has been developed. The main stages of deployment include preparatory work, installation, configuration and testing of the platform. The efficiency of the center for monitoring and responding to information security incidents after the implementation of the platform increased by 41.7%, and the maturity level increased from “initial” to “basic”
1. Petrenko S.A., Petrenko A.S. Concept of early detection and prevention of computer attack. Materials of the All-Russian Scientific and Practical Conference «Information Systems and Technologies in Modeling and Control». 2016:82-86.
2. What tasks should the corporate center for monitoring and responding to information security incidents (SOC) solve. Available at: https://rvision.pro/en/blog-posts/kakie-zadachi-dolzhen-reshat-korporativnyj-tsentr-monitoringa-i-reagirovaniya-na-intsidenty-informatsionnoj-bezopasnosti-soc/ (accessed 17.12.2020).
3. Aksenenko Yu.I., Vasilenko V.V., Sidak A.A. Methodologic approach for constructing complex systems of monitoring and response on information security incidents. Strategicheskaja stabil'nost'. 2018;1:64-67.
4. Mishurin A.O. Perspektivnye napravlenija razvitija tehnologij dlja centrov monitoringa i reagirovanija na incidenty informacionnoj bezopasnosti. Sbornik II Mezhvuzovskoj nauchno-prakticheskoj konferencii “Informacionnaja bezopasnost': sovremennaja teorija i praktika”. 2019:89-93.
5. Barmin S.V. et al. Automation and visualization of the processes pursued by security operation centers and response to is incidents. Zaŝita informacii. Inside. 2019;4:44-51.
6. Korolev V.I. Process model for monitoring and response information security incidents. Sbornik statej po materialam III Mezhdunarodnoj nauchno-prakticheskoj konferencii “Informacionnaja bezopasnost': vchera, segodnja, zavtra”. 2020:18-25.
7. Adadurov S.E. el al. Response to information security incidents in microprocessor systems of railway automatics and telemehanics. Dvojnye tehnologii. 2018;2:76-81.
8. GOST R ISO / IEC 27001 Information technology (IT). Security methods and means. Information security management systems. Requirements.
9. Security Threat Intelligence Products and Services Reviews and Ratings. Available at: https://www.gartner.com/reviews/market/security-threat-intelligence-services/vendors (accessed 17.12.2020).
10. Threat Intelligence: What is it, How Can it Protect You from Today’s Advanced Cyber-Attacks? Available at: https://www.gartner.com/imagesrv/media-products/pdf/webroot/issue1_webroot.pdf (accessed 17.12.2020).
11. Tumanov D., Abramov E. Razrabotka sistemy analiza i verifikacii indikatorov komprometacii (IoC). The XII International Conference on Security of Information and Networks. 2019:54-57.
12. Melnikov I. Threat Intelligence Platforms Market Brief. Available at: https://www.volgablob.ru/blog/?p=1842 (accessed 17.12.2020).
13. Efremov R. Automation of cyber intelligence processes based on Threat Intelligence Platform (TIP) solutions. Available at: https://www.anti-malware.ru/practice/methods/threat-intelligence-platform (accessed 17.12.2020).
14. Ahmed F. et al. Centralized Log Management Using Elasticsearch, Logstash and Kibana. 2020 International Conference on Information Science and Communication Technology (ICISCT). IEEE. 2020:1-7.
15. Malhotra A., Rawat L., Kumar L. MINI SECURITY OPERATIONS CENTER USING ELK. International Research Journal of Modernization in Engineering Technology and Science. 2020;02(11):461-466.
16. Srivastava A., Miller D. Elasticsearch 7 Quick Start Guide: Get up and running with the distributed search and analytics capabilities of Elasticsearch. Packt Publishing Ltd, 2019.
17. Fetisov A.A. et al. Sbor i obrabotka log fajlov v makete kompleksa povedencheskogo analiza trafika seti. Sostojanie i perspektivy razvitija sovremennoj nauki po napravleniju «Informacionnaja bezopasnost». 2020:54-58.
18. Wagner C. et al. Misp: The design and implementation of a collaborative threat intelligence sharing platform. Proceedings of the 2016 ACM on Workshop on Information Sharing and Collaborative Security. 2016:49-56.
19. MISP Hardware Sizer (calculator). Available at: https://www.misp-project.org/MISP-sizer/ (accessed 17.12.2020).
20. White G.B. The community cyber security maturity model. 2011 IEEE international conference on technologies for homeland security (HST). IEEE. 2011:173-178.
21. Caralli R.A., Allen J.H., White D.W. CERT Resilience Management Model-CERT-RMM: A Maturity Model for Managing Operational Resilience. Addison-Wesley Educational Publishers Inc. 2016.
22. Team C.P. CMMI for Development, version 1.2. 2006.
23. Denis M. Aachen, Aaron Clause, Richard Turner CMMI: Integrated Approach to Process Improvement. Practical Introduction to the Model. M: «MFK». 2005.
Keywords: cyber intelligence, information security incident monitoring and response center, cyber intelligence platform, cyber-intelligence data management system
For citation: Vulfin A.M. Cyber Threat Intelligence Data Management System. Modeling, Optimization and Information Technology. 2021;9(1). URL: https://moitvivt.ru/ru/journal/pdf?id=925 DOI: 10.26102/2310-6018/2021.32.1.020 (In Russ).
Published 31.03.2021