Biblio
Filters: Author is Chandel, Sonali [Clear All Filters]
.
2019. Threat Intelligence Sharing Community: A Countermeasure Against Advanced Persistent Threat. 2019 IEEE Conference on Multimedia Information Processing and Retrieval (MIPR). :353—359.
Advanced Persistent Threat (APT) having focused target along with advanced and persistent attacking skills under great concealment is a new trend followed for cyber-attacks. Threat intelligence helps in detecting and preventing APT by collecting a host of data and analyzing malicious behavior through efficient data sharing and guaranteeing the safety and quality of information exchange. For better protection, controlled access to intelligence information and a grading standard to revise the criteria in diagnosis for a security breach is needed. This paper analyses a threat intelligence sharing community model and proposes an improvement to increase the efficiency of sharing by rethinking the size and composition of a sharing community. Based on various external environment variables, it filters the low-quality shared intelligence by grading the trust level of a community member and the quality of a piece of intelligence. We hope that this research can fill in some security gaps to help organizations make a better decision in handling the ever-increasing and continually changing cyber-attacks.
.
2019. Endpoint Protection: Measuring the Effectiveness of Remediation Technologies and Methodologies for Insider Threat. 2019 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC). :81–89.
With the increase in the incidences of data leakage, enterprises have started to realize that the endpoints (especially mobile devices) used by their employees are the primary cause of data breach in most of the cases. Data shows that employee training, which aims to promote the awareness of protecting the sensitive data of the organization is not very useful. Besides, popular third-party cloud services make it even more difficult for employees to keep the secrets of their workplace safer. This pressing issue has caused the emergence of a significant market for various software products that provide endpoint data protection for these organizations. Our study will discuss some methods and technologies that deal with traditional, negative endpoint protection: Endpoint protection platform (EPP), and another new, positive endpoint protection: Endpoint detection and response (EDR). The comparison and evaluation between EPP and EDR in mechanism and effectiveness will also be shown. The study also aims to analyze the merits, faults, and key features that an excellent protection software should have. The objective of this paper is to assist small-scale and big-scale companies to improve their understanding of insider threats in such rapidly developing cyberspace, which is full of potential risks and attacks. This will also help the companies to have better control over their employee's endpoint to be able to avoid any future data leaks. It will also help negligent users to comprehend how serious is the problem that they are faced with, and how they should be careful in handling their privacy when they are surfing the Internet while being connected to the company's network. This paper aims to contribute to further research on endpoint detection and protection or some similar topics by trying to predict the future of protection products.