Network detection and reaction : case study: proof of concept for Vectra implementation
Nurmi, Tommi (2021)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2021121024944
https://urn.fi/URN:NBN:fi:amk-2021121024944
Tiivistelmä
Network threats today are very critical issues in every industry where there are digital services. All systems use ICT services. As a result, network attacks target every device connected to the network. This thesis provides an idea of how a network-based monitoring and response system adds value to threat mapping and prevention.
In my thesis work, I also go through how different knowledge security models work as part of a system that makes devices, people, and processes work together. As a result of new observation tools and machine learning, anomalies can be searched in the data to reveal anomalous events that contradict the behavioral pattern.
Visibility is no longer the only thing that can guarantee environmental safety. With the help of machine learning and the development of tool software, it is possible to detect very sophisticated intrusion patterns. However, this requires extensive expertise and familiarity with the possibilities of the tools. Therefore, this requires concentration and dedication. Processes need to be strongly involved when things do go as planned. Risk management must also be part of the process of keeping a company afloat.
In my work, I want to point out why it is good to gather online information also into threat mapping. To get the right picture, the network is the surest source of information that can be used to see patterns of behavior on how an attacker reaches an object.
In my thesis work, I also go through how different knowledge security models work as part of a system that makes devices, people, and processes work together. As a result of new observation tools and machine learning, anomalies can be searched in the data to reveal anomalous events that contradict the behavioral pattern.
Visibility is no longer the only thing that can guarantee environmental safety. With the help of machine learning and the development of tool software, it is possible to detect very sophisticated intrusion patterns. However, this requires extensive expertise and familiarity with the possibilities of the tools. Therefore, this requires concentration and dedication. Processes need to be strongly involved when things do go as planned. Risk management must also be part of the process of keeping a company afloat.
In my work, I want to point out why it is good to gather online information also into threat mapping. To get the right picture, the network is the surest source of information that can be used to see patterns of behavior on how an attacker reaches an object.