BRIDGE: BRIDGing the gap bEtween CTI production and consumption

Abstract

Security for businesses and organizations is essential to protect operational activities, trust relationship with clients and financial viability. Increased interest for research concerning cybersecurity issues has been shown recently, while at the same time professionals of this sector are employed to ensure safety. In turn, the efficacy and performance of both the researchers and professionals rely on the information provided by Cyber Threat Intelligence infrastructures. Automation of procedures regarding the collection, harmonization and processing of information is of utmost importance for Cyber Threat Intelligence, in order to effectively relay to the community data concerning newly emerged threats. Nevertheless, the process regarding the transfer of knowledge between Cyber Threat Intelligence and cybersecurity specialists is based on frameworks and procedures that are not in line with the needs and standards of modern times, being performed through obsolete methods and manual labor. In this paper, we propose BRIDGE, the first tool that streamlines the flow of intelligence between Cyber Threat Intelligence and cybersecurity professionals, by taking advantage of the Structured Threat Information eXpression standard, utilizing blockchain technology and automatically converting the intelligence needed in the form that researchers and other professionals require. Our experimental results demonstrate the efficiency of BRIDGE in terms of swiftness and performance improvement compared to the mainstream approach.