The growing frequency of cyberattacks invokes the need to develop and implement more efficient security strategies. Traditional preventive security measures are not able to counter incident threats effectively. These traditional approaches are usually based on heuristic, default or periodic signature rules that cannot efficiently prevent and repel more dynamic modern attacks. Threat hunting (TH) is gaining popularity because it helps to uncover the presence of attacker tactics, techniques and procedures (TTPs) within an environment that has not already been discovered by existing technologies. Threat hunting and threat intelligence are two distinct security disciplines, but they have the capacity to be complimentary. Hence, using cyber threat intelligence (CTI) to reinforce the traditional cybersecurity strategies by generating indicators of compromise (IoCs) feeds of the recent emerging cyberattacks can help the organisation mitigate the attacks more effectively and efficiently.
The primary aim of this paper is to design an approach that, based on cyber threat intelligence, will improve the cybersecurity defence strategies adopted by organisations. This goal will be achieved through the presentation of an architecture that collects threat information and feeds to security tools. This proposed architecture contains four main components: data aggregation, normalisation and enrichment, integration with the security operation centre (SOC) tools and real-time monitoring of security information and event management (SIEM).
After developing and implementing this architecture, we have conducted tests using Malware Information Sharing Platform (MISP) as a CTI platform to collect the threat information regarding the indicators and the Tactics, Techniques and Procedures (TTPs) of the known attack (Muddy Water threat actor). Subsequent tests were also conducted on emerging cyberattacks (SVBMv3 vulnerability and Covid19 themed cyberattacks campaign). The results obtained provide a defence of the in-depth approach of cybersecurity, which mitigates cyberattacks by efficiently using threat intelligence capabilities for emerging cyberattacks and when threat actors are targeting organisations, using the IoCs collected and the tactics, techniques and procedures.