From Threat Data to Actionable Intelligence: An Exploratory Analysis of the Intelligence Cycle Implementation in Cyber Threat Intelligence Sharing Platforms
Clemens Sauerwein, D. Fischer, Milena Rubsamen, Guido Rosenberger, D. Stelzer, R. Breu
{"title":"From Threat Data to Actionable Intelligence: An Exploratory Analysis of the Intelligence Cycle Implementation in Cyber Threat Intelligence Sharing Platforms","authors":"Clemens Sauerwein, D. Fischer, Milena Rubsamen, Guido Rosenberger, D. Stelzer, R. Breu","doi":"10.1145/3465481.3470048","DOIUrl":null,"url":null,"abstract":"In the last couple of years, organizations have demonstrated an increasing willingness to share data, information and intelligence regarding emerging threats to collectively protect against today’s sophisticated cyber attacks. Accordingly, several vendors started to implement software solutions that facilitate this exchange and appear under the name cyber threat intelligence sharing platforms. However, recent investigations have shown that these platforms differ significantly in their functional scope and often only provide threat data instead of the promised actionable intelligence. Moreover, it is unclear to what extent the platforms implement the expected intelligence cycle processes. In order to close this gap, we investigate the state-of-the-art in scientific literature and analyze the functional scope of nine threat intelligence sharing platforms with respect to the intelligence cycle. Our study provides a comprehensive list of software functions that should be implemented by cyber threat intelligence sharing platforms in order to support the intelligence cycle to generate actionable threat intelligence.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"5 ","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3470048","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 6
Abstract
In the last couple of years, organizations have demonstrated an increasing willingness to share data, information and intelligence regarding emerging threats to collectively protect against today’s sophisticated cyber attacks. Accordingly, several vendors started to implement software solutions that facilitate this exchange and appear under the name cyber threat intelligence sharing platforms. However, recent investigations have shown that these platforms differ significantly in their functional scope and often only provide threat data instead of the promised actionable intelligence. Moreover, it is unclear to what extent the platforms implement the expected intelligence cycle processes. In order to close this gap, we investigate the state-of-the-art in scientific literature and analyze the functional scope of nine threat intelligence sharing platforms with respect to the intelligence cycle. Our study provides a comprehensive list of software functions that should be implemented by cyber threat intelligence sharing platforms in order to support the intelligence cycle to generate actionable threat intelligence.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
