The Problem
Cyber attacks have become a common occurrence. As a result, preventing cyber attacks has become a critical function for businesses. But to prevent or thwart an attacks, cyber defence specialists need to first understand it.
Cyber attacks are extremely complex and require detailed investigations to unravel. Typically, incident response analysts need to gather information for a wide variety of sources (terminal console, document, web-pages), consolidate all this body of evidence in ways it can be investigated further, and document their work along the way.
Investing the attack per se is also extremely challenging given the inherent nature of the problem. To understand the sequence of events, the script used, the parts of the systems affected or the types of exploit deployed, analysts need to map and navigate a lot of different interconnected information.
Cyber attacks are extremely complex and require detailed investigations to unravel. Typically, incident response analysts need to gather information for a wide variety of sources (terminal console, document, web-pages), consolidate all this body of evidence in ways it can be investigated further, and document their work along the way.
Investing the attack per se is also extremely challenging given the inherent nature of the problem. To understand the sequence of events, the script used, the parts of the systems affected or the types of exploit deployed, analysts need to map and navigate a lot of different interconnected information.
The Solution
Using reKnowledge, cyber defence specialists can customise their knowledge base to their particular needs. By customising the system ontology, the experts can define what information to capture for the various node classes and connection types.
reKnowledge analytical workbench makes capturing information very easy. Researchers can build nodes and connections as they are doing their research. Not only, will the information be structured, it is also immediately shared across the whole team.
With their body of evidence stored in reKnowledge, analysts can then visualise their whole system as well as the sequence of events and identify potential vulnerabilities.
reKnowledge analytical workbench makes capturing information very easy. Researchers can build nodes and connections as they are doing their research. Not only, will the information be structured, it is also immediately shared across the whole team.
With their body of evidence stored in reKnowledge, analysts can then visualise their whole system as well as the sequence of events and identify potential vulnerabilities.
Use cases
Find out how the Cyber Defence Team of a global retail company used reKnowledge to investigate cyber attacks here