Affordable Incident Response Using Cloud-Based Open-Source Data Pipelines with Integrated Threat Intelligence Platforms
Keywords:
Incident Response, Cybersecurity, Cloud-based Solutions, NoSQL Databases, Threat Intelligence Platforms, Machine Learning, Automation, Open-source Solutions, SIEM, Security Orchestration, Artificial Intelligence, Serverless Architectures, Cyber Threats, Data Analytics, and Response (SOAR)Abstract
The incident response landscape has undergone significant transformations in recent years, driven by the escalating complexity and sophistication of cyber threats. This paper explores the evolution of incident response from static relational databases to dynamic, cloud-based solutions and NoSQL databases, and examines the role of threat intelligence platforms, machine learning, and automation in enhancing the speed and accuracy of incident response efforts. The paper also discusses the benefits and limitations of cloud-based and open-source solutions and highlights the importance of integrating various technologies and systems to create a comprehensive incident response strategy. The future of incident response is characterized by increased automation, integration, and innovation, and organizations must prioritize incident response and invest in the technologies and strategies that will enable them to detect, respond to, and mitigate cyber threats effectively.
Downloads
References
Bejtlich, R. (2013). The practice of network security monitoring: understanding incident detection and response. No Starch Press.
Cahill, P. (2018, October 18). IBM QRadar: The Intelligent SIEM - IBM Nordic Blog. IBM Nordic Blog. https://www.ibm.com/blogs/nordic-msp/ibm-qradar-the-intelligent-siem/
Casey, E. (2011). Digital evidence and computer crime: Forensic science, computers, and the internet. Academic press.
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide. Computer Security Incident Handling Guide, 2(2). https://doi.org/10.6028/nist.sp.800-61r2
Dionísio, N. R. M. (2018). Improving cyberthreat discovery in open source intelligence using deep learning techniques (Doctoral dissertation).
Fetjah, L., Karim Benzidane, Hassan El Alloussi, Othman El Warrak, Said Jai-Andaloussi, & Abderrahim Sekkaki. (2016). Toward a Big Data Architecture for Security Events Analytic. https://doi.org/10.1109/cscloud.2016.53
Gartner. (2016, April 7). How to Plan and Execute Modern Security Incident Response. Retrieved from https://www.gartner.com/en/documents/3277828
Kavanagh, K. M., Rochford, O., & Bussa, T. (2015). Magic quadrant for security information and event management. Gartner Group Research Note.
Liska, A., & Gallo, T. (2016). Ransomware: Defending against digital extortion. " O'Reilly Media, Inc.".
Naseer, H. (2018). A Framework of Dynamic Cybersecurity Incident Response to Improve Incident Response Agility (Doctoral dissertation, PhD Dissertation (Melbourne: School of Computing and Information System, The University of Melbourne).
Netflix Technology Blog. (2017, August 21). A Brief History of Open Source from the Netflix Cloud Security Team. Medium; Netflix TechBlog. https://netflixtechblog.com/a-brief-history-of-open-source-from-the-netflix-cloud-security-team-412b5d4f1e0c
Robb, D. (2018, October 5). Splunk Enterprise Security Review: SIEM Features & Pricing. ESecurity Planet. https://www.esecurityplanet.com/products/splunk-enterprise-security-es/
Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, tyw001–tyw001. https://doi.org/10.1093/cybsec/tyw001
Schmidt, K., Phillips, C., & Chuvakin, A. (2012). Logging and log management: the authoritative guide to understanding the concepts surrounding logging and log management. Newnes.
Suh-Lee, C. (2016). Mining Unstructured Log Messages for Security Threat Detection. Digital Scholarship@UNLV. https://digitalscholarship.unlv.edu/thesesdissertations/2749/
Summit Route - Iterative Defense Architecture. (2015). Summitroute.com. https://summitroute.com/blog/2015/06/13/iterative_defense_architecture/
Thompson, E. C. (2018). The Significance of Incident Response. Apress EBooks, 1–10. https://doi.org/10.1007/978-1-4842-3870-7_1
Zeljka Zorz. (2015, May 6). Netflix open sources FIDO, its automated incident response tool - Help Net Security. Help Net Security. https://www.helpnetsecurity.com/2015/05/06/netflix-open-sources-fido-its-automated-incident-response-tool/
Darktrace. (2019, September 9). Darktrace launches Enterprise Immune System Version 4. Darktrace. https://darktrace.com/news/darktrace-launches-enterprise-immune-system-version-4
Downloads
Published
How to Cite
Issue
Section
License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.