|
Content Assessment: Countering Threat Actors? Using Social Network Analysis for Cyber Threat Intelligence (CCDCOE)
Information - 93%
Insight - 94%
Relevance - 92%
Objectivity - 91%
Authority - 94%
93%
Excellent
A short percentage-based assessment of the qualitative benefit of the report from the NATO CCDCOE on cyber threat intelligence.
Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.
To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.
Background Note: Shared for the non-commercial educational benefit of cybersecurity, information governance, and eDiscovery professionals, this recently published research report from the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) explores the use of social network analysis for cyber threat intelligence and may be useful for cyber and legal discovery professionals seeking to better understand the cyber threats they face.
Publication from CCDCOE*
Using Social Network Analysis for Cyber Threat Intelligence
By Vasileios Anastopoulos
Overview
Cyber threat intelligence assists organizations in understanding the threats they face and helps them make educated decisions on preparing their defenses. Sharing of threat intelligence and threat information is increasingly leveraged by organizations and enterprises, and various software solutions are already available, with the open-source malware information sharing platform (MISP) being a popular one. In this work, a methodology for the production of cyber threat intelligence using the threat information stored in MISP is proposed. The methodology leverages the discipline of social network analysis and the diamond model, a model used for intrusion analysis, to produce cyber threat intelligence. The workings of the proposed methodology are demonstrated with a case study on a production MISP instance of a real organization. The paper concludes with a discussion on the proposed methodology and possible directions for further research.
Using Social Network Analysis for Cyber Threat Intelligence - CCDCOE
Read the original publication.
*Shared with permission based on educational and non-commercial distribution.
Publication Source: NATO CCDCOE, 2022. Using Social Network Analysis for Cyber Threat Intelligence. [online] Tallinn: NATO CCDCOE Publications. Available at: <https://ccdcoe.org/uploads/2022/07/Research_paper.pdf> [Accessed 20 July 2022].
Additional Reading
- [Annual Update] International Cyber Law in Practice: Interactive Toolkit
- Defining Cyber Discovery? A Definition and Framework
Source: ComplexDiscovery