Published July 13, 2023 | Version v1
Conference paper Open

A Model for Automated Cybersecurity Threat Remediation and Sharing

Description

This paper presents an approach to the automatic remediation of threats reported by Cyber Threat Intelligence. Remediation strategies, named Recipes, are expressed in a close-to-natural language for easy validation. Thanks to the developed models, they are interpreted, contextualized, and then translated into CACAO Security playbooks, a standard format ready for automatic enforcement, without human intervention. The presented approach also allows sharing of remediation procedures on threat-sharing platforms (e.g. MISP) which improves the overall security posture. The effectiveness of the approach has been tested in the context of two EC-funded projects.

Files

Paper_remediation.pdf

Files (123.8 kB)

Name Size Download all
md5:01b610e9f5ce5bdc95d46b953cc1e247
123.8 kB Preview Download

Additional details

Funding

PALANTIR – Practical Autonomous Cyberhealth for resilient SMEs & Microenterprises 883335
European Commission
FISHY – A coordinated framework for cyber resilient supply chain systems over complex ICT infrastructures 952644
European Commission