One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8406512 |
| Date de publication | 2023-11-06 11:00:00 (vue: 2023-11-06 12:08:57) |
| Titre | Appliquer une approche basée sur l'intelligence à la cybersécurité;SIEM et Dark Web Survering Applying an intelligence-based approach to Cybersecurity; SIEM and dark web monitoring |
| Texte | “History repeatedly has demonstrated that inferior forces can win when leaders are armed with accurate intelligence.” – Central Intelligence Agency; Intelligence in War In the ever-changing landscape of global cybersecurity, the boundaries between traditional military intelligence and cybersecurity are increasingly blurred. At the heart of this convergence lies the science of intelligence analysis—a process fundamental to both realms. Equally important is the recognition of target indicators, which serve as harbingers of impending activities, whether on a battlefield or within the complex circuits of cyberspace. For the modern organization, Security Information and Event Management (SIEM) systems serve as the nexus where the ancient art of intelligence gathering meets the contemporary needs of cybersecurity. This fusion is further enriched by dark web monitoring, a relatively new frontier in information gathering that equips analysts with a fuller understanding of the threat landscape in the darker recesses of the Internet where cybercriminals do their bidding. Traditionally, military intelligence has been the linchpin of strategic and tactical decision-making. It involves complex processes for data collection, analysis, and interpretation. In short, it turns ubiquitous data into actionable intelligence. The types of data used in intelligence analysis range from intercepted radio communications, satellite images, and even information gathered from troops on the ground. Analysts and applications sift through this plethora of information to extract actionable insights, scrutinizing for target indicators—clues that signal the enemy\'s intent or location. For instance, an unusual accumulation of vehicles in a remote area could indicate the staging of troops, thereby serving as a target indicator. Recognizing such cues is crucial for informed decision-making. Likewise, in cybersecurity, intelligence analysis serves as the backbone of protective strategies. Here, data collection is continuous and automated, thanks to SIEM systems and security correlation engines. These systems aggregate logs from various network endpoints, generating alerts based on defined rules that flag anomalies or known indicators of compromise. Just as military analysts look for signs like troop movement or weapons stockpiling, cybersecurity analysts review SIEM logs for target indicators such as repeated failed login attempts or abnormal data transfers, which might indicate a cyber-attack. The enrichment of SIEM data sets through dark web monitoring brings a novel depth to cybersecurity. For the uninitiated, the dark web serves as a haven for cybercriminals, offering a marketplace for anything from hacking tools to stolen data. This space is often the first point of compromise, where stolen data may appear for sale or where impending cyber-attacks might be discussed. Dark web monitoring involves the tracking of these criminal forums and marketplaces for specific keywords, threats, or data sets related to an organization. Information gleaned from the dark web provides that extra layer of intelligence, allowing for a more proactive cybersecurity posture. For example, a company might discover on the dark web that its stolen user credentials or company client lists are being sold. This type of information is a specific target indication that a company has experienced a data breach at some level. The parallels between military intelligence and cybersecurity are not merely conceptual; they have practical implications. Military operations often employ real-ti |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | “history abnormal accumulation accuracy accurate actionable activities additionally adds advanced advantage advent age agency; aggregate alerts allowing allows analysis analysis—a analysts analytics ancient anomalies anticipation anything anywhere apart appear applications applying approach are area armed art at&t at&t’s attack attacks attempts augmenting automated backbone based battlefield battleground been being benefit between bidding blurred both boundaries breach brings can central centralized centuries challenges challenging changing circuits client collection combining communications companies company complex compromise conceptual; configured contemporary contexts continue continuous convergence correlation could credentials criminal crucial cues cyber cybercriminals cybersecurity cybersecurity; cyberspace dark darker data decision decisions defense defined demonstrated depth designed devising digital discover discussed diverse domain element employ enables enabling endpoints enemy engines enriched enrichment equally equips essentially even event events ever evolving example experienced extra extract factor failed field fields finds first flag forces forged forums from frontier fuller fundamental further fusion future gathered gathering generally generate generated generating glass gleaned global ground hacking harbingers hardware has have haven heart help here hubs identify images impending implement implications important increasingly indicate indication indicator indicators indicators—clues industry inferior information informed infrastructures insights instance integration intelligence intent intercepted internet interpretation interrelated involves its just key keywords known landscape layer leaders leading level lies like likewise linchpin lists location login logs look make makers making management manifold marketplace marketplaces may mechanisms meet meets merely might military modern monitoring more most movement navigate needs network new nexus not novel number offer offering often old operational operations organization organizations other outcomes pain parallels physical plethora point pool posed posture power practical preparation proactive process processes products protective provides providing quick radio range rapid rather reactive real realms recesses recognition recognizing refined related relatively remote repeated repeatedly reports resilient review robust rules sale satellite science scrutinizing security serve serves serving sets short siem sift signal signs similar single situational software sold solution solutions some space specific speed staging stand steroids stockpiling stolen strategic strategies strategy successful successfully such summary synergetic system systems tactical target testament tested than thanks them thereby these threat threats through time time—often today’s tools tracking traditional traditionally transfers troop troops turns type types ubiquitous understanding uninitiated unique unusual upon used user usm various vehicles vein war ways weapons web well when where whether which will win within yet |
| Tags | Data Breach Tool Threat |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.