The Application of Analytics in Cyber Threat Intelligence
Mentor Information
Clinton Daniel (Muma College of Business)
Description
As society ventures deeper into a technologically dependent realm, the need for cybersecurity continues to increase. The rapid increase in cyber threats calls for a streamlined efficient process that put potential targets one step ahead of threat actors. While cybersecurity continues to evolve, there is still room for improvement within the methods executed throughout the threat detection process. The evolution of cybersecurity has inspired the creation of security operation centers (SOCs) that are primarily put in place to monitor, prevent, and investigate active threats within an organization. Due to the significant amount of information collected and generated by the SOC it is often difficult to thoroughly examine all the data without any human error. In addition to this, it often slows the process of turning information into intelligence necessary to make important discoveries. Certain patterns, trends, and common methods can be difficult to spot and digest on a surface level. To combat this weakness and capitalize on information available, the application of analytics within cyber threat intelligence provides promising results with the right techniques. This thesis explores the application of analytics in cyber threat intelligence through a comprehensive case study of a security operations center and the data collected. This thesis will also seek to identify opportunities where data analytics can be implemented, determine how data analytics can be applied, and conclude on the comparative advantage if enforced.
The Application of Analytics in Cyber Threat Intelligence
As society ventures deeper into a technologically dependent realm, the need for cybersecurity continues to increase. The rapid increase in cyber threats calls for a streamlined efficient process that put potential targets one step ahead of threat actors. While cybersecurity continues to evolve, there is still room for improvement within the methods executed throughout the threat detection process. The evolution of cybersecurity has inspired the creation of security operation centers (SOCs) that are primarily put in place to monitor, prevent, and investigate active threats within an organization. Due to the significant amount of information collected and generated by the SOC it is often difficult to thoroughly examine all the data without any human error. In addition to this, it often slows the process of turning information into intelligence necessary to make important discoveries. Certain patterns, trends, and common methods can be difficult to spot and digest on a surface level. To combat this weakness and capitalize on information available, the application of analytics within cyber threat intelligence provides promising results with the right techniques. This thesis explores the application of analytics in cyber threat intelligence through a comprehensive case study of a security operations center and the data collected. This thesis will also seek to identify opportunities where data analytics can be implemented, determine how data analytics can be applied, and conclude on the comparative advantage if enforced.