Affordable Incident Response Using Cloud-Based Open-Source Data Pipelines with Integrated Threat Intelligence Platforms

Authors

  • Vijay Kartik Sikha

Keywords:

Incident Response, Cybersecurity, Cloud-based Solutions, NoSQL Databases, Threat Intelligence Platforms, Machine Learning, Automation, Open-source Solutions, SIEM, Security Orchestration, Artificial Intelligence, Serverless Architectures, Cyber Threats, Data Analytics, and Response (SOAR)

Abstract

The incident response landscape has undergone significant transformations in recent years, driven by the escalating complexity and sophistication of cyber threats. This paper explores the evolution of incident response from static relational databases to dynamic, cloud-based solutions and NoSQL databases, and examines the role of threat intelligence platforms, machine learning, and automation in enhancing the speed and accuracy of incident response efforts. The paper also discusses the benefits and limitations of cloud-based and open-source solutions and highlights the importance of integrating various technologies and systems to create a comprehensive incident response strategy. The future of incident response is characterized by increased automation, integration, and innovation, and organizations must prioritize incident response and invest in the technologies and strategies that will enable them to detect, respond to, and mitigate cyber threats effectively.

Downloads

Download data is not yet available.

References

Bejtlich, R. (2013). The practice of network security monitoring: understanding incident detection and response. No Starch Press.

Cahill, P. (2018, October 18). IBM QRadar: The Intelligent SIEM - IBM Nordic Blog. IBM Nordic Blog. https://www.ibm.com/blogs/nordic-msp/ibm-qradar-the-intelligent-siem/

Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press.

Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide. Computer Security Incident Handling Guide, 2(2). https://doi.org/10.6028/nist.sp.800-61r2

Dionísio, N. R. M. (2018). Improving cyberthreat discovery in open source intelligence using deep learning techniques (Doctoral dissertation).

Fetjah, L., Karim Benzidane, Hassan El Alloussi, Othman El Warrak, Said Jai-Andaloussi, & Abderrahim Sekkaki. (2016). Toward a Big Data Architecture for Security Events Analytic. https://doi.org/10.1109/cscloud.2016.53

Gartner. (2016, April 7). How to Plan and Execute Modern Security Incident Response. Retrieved from https://www.gartner.com/en/documents/3277828

Kavanagh, K. M., Rochford, O., & Bussa, T. (2015). Magic quadrant for security information and event management. Gartner Group Research Note.

Liska, A., & Gallo, T. (2016). Ransomware: Defending against digital extortion. " O'Reilly Media, Inc.".

Naseer, H. (2018). A Framework of Dynamic Cybersecurity Incident Response to Improve Incident Response Agility (Doctoral dissertation, PhD Dissertation (Melbourne: School of Computing and Information System, The University of Melbourne).

Netflix Technology Blog. (2017, August 21). A Brief History of Open Source from the Netflix Cloud Security Team. Medium; Netflix TechBlog. https://netflixtechblog.com/a-brief-history-of-open-source-from-the-netflix-cloud-security-team-412b5d4f1e0c

Robb, D. (2018, October 5). Splunk Enterprise Security Review: SIEM Features & Pricing. ESecurity Planet. https://www.esecurityplanet.com/products/splunk-enterprise-security-es/

Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, tyw001–tyw001. https://doi.org/10.1093/cybsec/tyw001

Schmidt, K., Phillips, C., & Chuvakin, A. (2012). Logging and log management: the authoritative guide to understanding the concepts surrounding logging and log management. Newnes.

Suh-Lee, C. (2016). Mining Unstructured Log Messages for Security Threat Detection. Digital Scholarship@UNLV. https://digitalscholarship.unlv.edu/thesesdissertations/2749/

Summit Route - Iterative Defense Architecture. (2015). Summitroute.com. https://summitroute.com/blog/2015/06/13/iterative_defense_architecture/

Thompson, E. C. (2018). The Significance of Incident Response. Apress EBooks, 1–10. https://doi.org/10.1007/978-1-4842-3870-7_1

Zeljka Zorz. (2015, May 6). Netflix open sources FIDO, its automated incident response tool - Help Net Security. Help Net Security. https://www.helpnetsecurity.com/2015/05/06/netflix-open-sources-fido-its-automated-incident-response-tool/

Darktrace. (2019, September 9). Darktrace launches Enterprise Immune System Version 4. Darktrace. https://darktrace.com/news/darktrace-launches-enterprise-immune-system-version-4

Downloads

Published

25.12.2019

How to Cite

Vijay Kartik Sikha. (2019). Affordable Incident Response Using Cloud-Based Open-Source Data Pipelines with Integrated Threat Intelligence Platforms. International Journal of Intelligent Systems and Applications in Engineering, 7(4), 266–274. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/7129

Issue

Section

Research Article