3. Cyber-Threat Intelligence

By P. Koloveas, University of the Peloponnese | T. Chantzios, University of the Peloponnese | C. Tryfonopoulos, University of the Peloponnese | S. Skiadopoulos, University of the Peloponnese

Downloaded: 685 times

Published: 15 Mar 2022

© 2022 P. Koloveas | T. Chantzios | C. Tryfonopoulos | S. Skiadopoulos

Abstract

In today’s world, technology has become ever-present and more accessible than ever via a plethora of different devices and platforms ranging from company servers and commodity PCs to mobile phones and wearables, used for interacting with and interconnecting a wide range of stakeholders such as households, organizations and critical infrastructures. The volume and variety of the different operating systems, the device particularities, the various usage domains and the accessibilityready nature of the platforms creates a vast and complex threat landscape that is difficult to contain. Trying to stay on top of these evolving cyber-threats has become an increasingly difficult task, and timeliness in the delivery of relevant cyber-threat related information is essential for appropriate protection and mitigation. Such information is typically leveraged from collected data, and includes zero-day vulnerabilities and exploits, indicators (system artifacts or observables associated with an attack), security alerts, threat intelligence reports, as well as recommended security tool configurations, and is often referred to as Cyber-Threat Intelligence (CTI) and entails the collection, analysis, leveraging, management and sharing of huge volumes of data. In this chapter, we outline INTIME, a system that incorporates and extends current tools and techniques from the CTI life-cycle by providing a holistic view in the Cyber-Threat Intelligence process. Through this process the reader will be able to (i) identify a number of modern tools and technologies related to the CTI life-cycle mentioned above, (ii) detect issues and research challenges that are involved in the design of key technologies for pre-reconnaissance Cyber-Threat Intelligence, and (iii) plan follow-up activities that will allow the adoption of the latest advances in the field.