Software Engineering Institute

Cyber threat management within an organization should include an automated cycle that leverages timely threat intelligence with both automated netflow correlation and packet-based signature detection. Automated netflow inspection can recognize interactions with resources that threat intelligence reports as malicious, alerting analysts as appropriate. Automated signature detection in network packet analysis should identify any new resources participating in malicious activity and inform netflow inspection. Automated techniques for spotting both known malicious behaviors and unknown anomalous patterns should alert analysts to investigate the identified activity. As new behavior patterns, signatures, and participating resources are discovered, these generate feedback into automated detection models.