This paper presents an approach to the automatic remediation of threats reported by Cyber Threat Intelligence. Remediation strategies, named Recipes, are expressed in a close-to-natural language for easy validation. Thanks to the developed models, they are interpreted, contextualized, and then translated into CACAO Security playbooks, a standard format ready for automatic enforcement, without human intervention. The presented approach also allows sharing of remediation procedures on threat-sharing platforms (e.g. MISP) which improves the overall security posture. The effectiveness of the approach has been tested in the context of two EC-funded projects.
A model for automated cybersecurity threat remediation and sharing
Regano L.;
2023-01-01
Abstract
This paper presents an approach to the automatic remediation of threats reported by Cyber Threat Intelligence. Remediation strategies, named Recipes, are expressed in a close-to-natural language for easy validation. Thanks to the developed models, they are interpreted, contextualized, and then translated into CACAO Security playbooks, a standard format ready for automatic enforcement, without human intervention. The presented approach also allows sharing of remediation procedures on threat-sharing platforms (e.g. MISP) which improves the overall security posture. The effectiveness of the approach has been tested in the context of two EC-funded projects.
| File | Dimensione | Formato | |
|---|---|---|---|
|
A_Model_for_Automated_Cybersecurity_Threat_Remediation_and_Sharing.pdf
Solo gestori archivio
Descrizione: VoR
Tipologia:
versione editoriale (VoR)
Dimensione
184.86 kB
Formato
Adobe PDF
|
184.86 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
|
A_Model_for_Automated_Cybersecurity_Iris.pdf
accesso aperto
Descrizione: AAM
Tipologia:
versione post-print (AAM)
Dimensione
806.82 kB
Formato
Adobe PDF
|
806.82 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
