|
|
Proposal and implementation of procedures for automated response of security incidents
Hons, Kamil ; Safonov, Yehor (referee) ; Martinásek, Zdeněk (advisor)
This diploma thesis deals with the development of proposals for procedures for dealing with security incidents, both from a theoretical and practical point of view. Three generic scenarios in the form of graphical diagrams, designed in Inkscape program, were created as a theoretical template for the automatic handling of security incidents. The first proposed scenario suggests a general procedure for dealing with an event in which an email attachment is marked as suspicious. The second scenario serves as a suggested procedure for handling an event, where an untrusted external IP address is suspected to be communicating with a local one. The third scenario then suggests an investigation procedure for events, where a suspicious file on a remote device needs to be investigated. Based on these created scenarios, a practical implementation of procedures for automized solving of security incidents was performed and documented in the Python programming language within the Splunk Phantom environment. As part of the documentation of the scenario implementation, two audiovisual demonstrations were created to illustrate the designed environment and the functionality of the implemented scenarios using programs such as OBS and Blender. The individual implementations are tested at the end of the thesis by running them automatically over events from a defined time range. The results are clearly analyzed in the form of tables to determine the success of these scenarios, which is based on checking how the analysis results differ from the original assumptions. Based on the analysis, the practical implementations of the scenarios have been modified to ensure that their output matches with the assumption. Thus, results are three proposed, tested and analyzed scenarios, which can further serve as a basis for specific implementations in a corporate information system. The actual implementation of the theoretical scenarios was carried out within a testing environment and the work includes a description of the communication and a setup of the environment. Finally, the results of the individual scenarios were described.
|
|
|
The Case Management Approach in the Design of a Knowledge Management System Used by CSIRT Teams
Tichý, Dušan ; Milan,, Boháček (referee) ; Sedlák, Petr (advisor)
Tématem této práce je využití case management přístupu při designu knowledge management systémů pro IR (skupiny reakce na incidenty) CSIRT týmů. Cílem práce je vysvětlit pojem case management, jak může být aplikován při podpoře rozhodování znalostních pracovníků skupiny reakce na incidenty a jaké benefity přináší toto použití case management přístupu organizaci z hlediska ekonomického a z hlediska znalostního kapitálu. Práce popisuje návrh informačního systému založeného na principech case managementu, návrh transformuje stávající procesy v procesy využívající knowledge management a pokročilou automatizaci. Návrh je demonstrovaný na prototypu, který prezentuje hlavní procesy a kroky znalostního pracovníka při řešení spear-phishing incidentu.
|
|
|
Beyond the Hype: A Comparative Case Study of the Impact of Artificial Intelligence and Machine Learning on Cybersecurity
De Blasi, Stefano ; Kilroy, Walt (advisor) ; Kaczmarski, Marcin (referee) ; Špelda, Petr (referee)
Artificial intelligence (AI) and machine learning (ML) are largely touted as the silver bullet for the shortcomings of cybersecurity. Driven by the latest achievements of machine learning in fields such as finance, healthcare, and commerce, security researchers and marketing strategists have ubiquitously employed AI and ML as buzzwords to rise the competitiveness of their products. This study aims at verifying the substance of such claims by assessing the extent of the impact of AI and ML products in the cybersecurity practice. To provide a reliable and valid assessment of this phenomenon, the researcher developed an original framework based on the comparison of three security disciplines: cyber threat intelligence, endpoint protection, and incident response. Each discipline is further analysed in terms of the improvements brought by artificial intelligence and machine learning products to the speed, accuracy, and innovation of their security operations. These results indicate that the impact of AI and ML products in cybersecurity is limited to environments characterised by vast amounts of healthy datasets and a partially limited range of options. On the other hand, the cyberspace is extremely variable and volatile and, thus, makes artificial intelligence and machine learning products severely...
|
|
|
Proposal and implementation of procedures for automated response of security incidents
Hons, Kamil ; Safonov, Yehor (referee) ; Martinásek, Zdeněk (advisor)
This diploma thesis deals with the development of proposals for procedures for dealing with security incidents, both from a theoretical and practical point of view. Three generic scenarios in the form of graphical diagrams, designed in Inkscape program, were created as a theoretical template for the automatic handling of security incidents. The first proposed scenario suggests a general procedure for dealing with an event in which an email attachment is marked as suspicious. The second scenario serves as a suggested procedure for handling an event, where an untrusted external IP address is suspected to be communicating with a local one. The third scenario then suggests an investigation procedure for events, where a suspicious file on a remote device needs to be investigated. Based on these created scenarios, a practical implementation of procedures for automized solving of security incidents was performed and documented in the Python programming language within the Splunk Phantom environment. As part of the documentation of the scenario implementation, two audiovisual demonstrations were created to illustrate the designed environment and the functionality of the implemented scenarios using programs such as OBS and Blender. The individual implementations are tested at the end of the thesis by running them automatically over events from a defined time range. The results are clearly analyzed in the form of tables to determine the success of these scenarios, which is based on checking how the analysis results differ from the original assumptions. Based on the analysis, the practical implementations of the scenarios have been modified to ensure that their output matches with the assumption. Thus, results are three proposed, tested and analyzed scenarios, which can further serve as a basis for specific implementations in a corporate information system. The actual implementation of the theoretical scenarios was carried out within a testing environment and the work includes a description of the communication and a setup of the environment. Finally, the results of the individual scenarios were described.
|
guest ::
