A shared cyber threat intelligence solution for smes

Max van Haastrecht*, Guy Golpur, Gilad Tzismadia, Rolan Kab, Cristian Priboi, Dumitru David, Adrian Răcătăian, Matthieu Brinkhuis, Marco Spruit

*Corresponding author for this work

    Research output: Contribution to journalArticleAcademicpeer-review

    Abstract

    Small-and medium-sized enterprises (SMEs) frequently experience cyberattacks, but often do not have the means to counter these attacks. Therefore, cybersecurity researchers and practitioners need to aid SMEs in their defence against cyber threats. Research has shown that SMEs require solutions that are automated and adapted to their context. In recent years, we have seen a surge in initiatives to share cyber threat intelligence (CTI) to improve collective cybersecurity resilience. Shared CTI has the potential to answer the SME call for automated and adaptable solutions. Sadly, as we demonstrate in this paper, current shared intelligence approaches scarcely address SME needs. We must investigate how shared CTI can be used to improve SME cybersecurity resilience. In this paper, we tackle this challenge using a systematic review to discover current state-of-the-art approaches to using shared CTI. We find that threat intelligence sharing platforms such as MISP have the potential to address SME needs, provided that the shared intelligence is turned into actionable insights. Based on this observation, we developed a prototype application that processes MISP data automatically, prioritises cybersecurity threats for SMEs, and provides SMEs with actionable recommendations tailored to their context. Subsequent evaluations in operational environments will help to improve our application, such that SMEs are enabled to thwart cyberattacks in future.

    Original languageEnglish
    Article number2913
    Pages (from-to)1-21
    JournalElectronics (Switzerland)
    Volume10
    Issue number23
    DOIs
    Publication statusPublished - 1 Dec 2021

    Keywords

    • Cyber threat intelligence
    • Cybersecurity
    • Information sharing
    • MISP
    • SME

    Fingerprint

    Dive into the research topics of 'A shared cyber threat intelligence solution for smes'. Together they form a unique fingerprint.

    Cite this