Authors:
Thanasis Chantzios
1
;
Paris Koloveas
1
;
Spiros Skiadopoulos
1
;
Nikos Kolokotronis
1
;
Christos Tryfonopoulos
1
;
Vasiliki-Georgia Bilali
2
and
Dimitris Kavallieros
2
Affiliations:
1
Department of Informatics and Telecommunications, University of the Peloponnese, Tripolis and Greece
;
2
KEMEA Center for Security Studies, Ministry of Citizen Protection, Athens and Greece
Keyword(s):
Cyber-threat, Intelligence, Sharing.
Related
Ontology
Subjects/Areas/Topics:
Data Engineering
;
Databases and Data Security
;
Databases and Information Systems Integration
;
Enterprise Information Systems
;
Large Scale Databases
;
WWW and Databases
Abstract:
Cyber-threat intelligence (CTI) is any information that can help an organization identify, assess, monitor, and respond to cyber-threats. It relates to all cyber components of an organization such as networks, computers, and other types of information technology. In the recent years, due to the major increase of cyber-threats, CTI sharing is becoming increasingly important both as a subject of research and as a concept of providing additional security to organizations. However, selecting the proper tools and platforms for CTI sharing, is a challenging task, that pertains to a variety of aspects. In this paper, we start by overviewing the CTI procedure (threat types, categories, sources and the general CTI life-cycle). Then, we present a set of seven high-level CTI plaftorm recommendations that can be used to evaluate a platform and subsequently we survey six state-of-the-art cyber-threat intelligence platforms. Finally, we compare and evaluate the six aforementioned platforms by mean
s of the earlier proposed recommendations.
(More)