ATTACK PATH VISUALIZATION IN SECURITY OPERATIONS>
NS Focus Global – Jie Ji
A major method of attack path identification in present days is to create a network-side graph model to extract an attack event from network attributes, threat intelligence, device alerts, and vulnerabilities. Then attack detection rules, data mining algorithms, and association techniques are jointly used to derive the attack pattern before attack paths are inferred or predicted. Take the framework for automatic attack path identification in computer networks (APIN)[1] (see Figure 1) as an example. Visualizing attack paths in a multistep attack can effectively facilitate security operations. Doing so intelligently will reduce security operations costs, reshape the current cybersecurity operations model, and make security operations techniques and processes more automated and intelligent, enabling organizationsâ cybersecurity capabilities to stand the test of real-world attacks.
Link: https://nsfocusglobal.com/attack-path-visualization-in-security-operations/