How to enable efficient threat hunting
Authors
Date
2024Access restrictions
The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyväskylä University Library (https://kirjasto.jyu.fi/en/workspaces/facilities/facilities#autotoc-item-autotoc-2).
Copyright
© The Author(s)
Tässä pro gradu -tutkielmassa keskitytään siihen, kuinka mahdollistetaan tehokas kyberuhkien metsästys. Aihetta on tärkeää tutkia, sillä uhkien metsästys on varsin uusi aihe, eikä koko prosessista ole tehty juurikaan tutkimuksia. Monet aiemmista tutkimuksista ovat keskittyneet pääasiassa tutkimusalueisiin, kuten uhkamallinnukseen, uhkien havaitsemiseen ja kybertapahtumiin vastaamiseen, ja vain muutamia tutkimuksia on tehty kyberuhkien metsästys -viitekehyksistä. Tutkielma suoritettiin laadullisena kirjallisuuskatsauksena, jota seurasi viitekehyksen kehittäminen käyttäen Design Science Research Methodology -prosessia. Kirjallisuuskatsausta käytettiin perustana viitekehyksen kehittämiselle. Tämän jälkeen kehitettyä viitekehystä esiteltiin kolmelle kyberturvallisuuden ammattilaiselle arviointia varten. Arviointi suoritettiin semistrukturoiduilla haastatteluilla. Kehitetyssä viitekehyksessä on kolme erilaista aloituspistettä, riippuen siitä, mihin metsästys perustuu. Jos metsästys perustuu IoC:ihin, erillistä hypoteesia ei kehitetä, koska tutkinnan pitäisi olla kevyempi verrattuna tutkintaan, joka perustuu TTP:ihin tai haavoittuvuusraportteihin. Palautetta annetaan, jos metsästys hylätään, tai kun metsästys on suoritettu loppuun riippumatta siitä, löydettiinkö metsästyksen tuloksena jotakin. Haastattelujen perusteella tämän viitekehyksen käyttö mahdollistaa tehokkaan uhkien metsästyksen, erityisesti kun sitä käytetään jatkuvana prosessina. Tämä kehys mahdollistaa tiimien yhteistyön ja palautteen antamisen tavalla, jota on helppo ottaa käyttää SOC:n päivittäisissä toiminnoissa.
...
This master’s thesis focuses on how to enable efficient threat hunting. Subject is important to research, because threat hunting is a new subject and not much studies have been made about the whole process. Many of the previous studies have focused primarily on research areas like threat modeling, threat detection and incident response, and there are only few studies made about threat hunt-ing frameworks. Thesis was done with qualitative literature review followed by developing the framework with Design Science Research Methodology pro-cess. Literature review was used as a base for the development of threat hunt-ing framework. Then the developed framework was presented for three cyber security professionals for review. Reviewing was done with semi-structured interviews. The threat hunting framework developed has three different start-ing points, based what the hunt is based on. If the hunting is based on the IoCs, separate hypothesis will not be developed, as the search should be lighter compared to a search which is based on TTPs or vulnerability reports. Feed-back will be given if the hunt is being rejected, or when the hunt has been com-pleted no matter if something was found as a result of the hunt. Based on the interviews, using this framework allows efficiency in threat hunting, especially when it is being used as a conctinuos process. This framework allows teams to collaborate and give feedback in a way that is easy to use as a part of daily activities in SOC.
...
Metadata
Show full item recordCollections
- Pro gradu -tutkielmat [29556]
License
Related items
Showing items with similar title or keywords.
-
Host culture acceptance, religiosity, and the threat of Muslim immigration: An integrated threat analysis in Spain
Croucher, Stephen; Galy-Badenas, Flora; Routsalainen, Maria (Immigrant Institute, 2014)Abstract. This study explores the in tricate relationship s between a dominant group’s fear of an immigrant group, religiosity, and the dominant culture’s perception of if an immigrant group is moti vated to culturally ... -
Exaggerated sensitivity to threat and reduced medial prefrontal engagement during threat generalization in reactive aggressive adolescents
Wang, Yizhen; Becker, Benjamin; Wang, Jinxia; Wang, Yuanyuan; Zhang, Liangyou; Mei, Ying; Li, Hong; Lei, Yi (Elsevier, 2024)Aggressive adolescents tend to exhibit abnormal fear acquisition and extinction, and reactive aggressive adolescents are often more anxious. However, the relationship between fear generalization and reactive aggression ... -
Russian Strategic Culture in Cyberspace: Theory of Strategic Culture – a tool to Explain Russia´s Cyber Threat Perception and Response to Cyber Threats
Kari, Martti J. (Jyväskylän yliopisto, 2019)A limited amount of information has been published about the cyber threat scenarios of the Russian Federation. However, official Russian documents contain enough information to build a description of the Russian cyber ... -
Cost-efficiency assessments of marine monitoring methods lack rigor : a systematic mapping of literature and an end-user view on optimal cost-efficiency analysis
Hyvärinen, Heini; Skyttä, Annaliina; Jernberg, Susanna; Meissner, Kristian; Kuosa, Harri; Uusitalo, Laura (Springer, 2021)Global deterioration of marine ecosystems, together with increasing pressure to use them, has created a demand for new, more efficient and cost-efficient monitoring tools that enable assessing changes in the status of ... -
Transforming Wli Waterfalls into Ecotourism Adaptation Activity: The Threat of Climate Change.
Kyei-Mensah, Conrad (Open Science Centre, University of Jyväskylä, 2018)Wli waterfall, an ecotourism attraction, provides livelihood opportunities to many of the community members. Apart from human activities, climate change is expected to exacerbate stress on the waterfall in delivering ...