QinetiQ : Reducing Installation Time for Open Source Threat Intelligence Platform
August 09, 2022 at 02:06 pm
Share
OpenCTI, an open source Threat Intelligence platform, does not currently support a publically released native cloud deployment strategy that adheres to typical cloud principles. This slows down installations and reduces the flexibility, extensibility and usability of the platform for organisations, forcing them to create their own deployment strategy - a time consuming and costly process.
Backed by the likes of the French National Cyber Security Agency (ANSSI), OpenCTI allows for the creation, ingestion and dissemination of threat information regarding a threat actor's current behaviours, ongoing campaigns against corporate entities and the monitoring of new malware, as well as vulnerabilities, of interest to us and our partners. Taken and analysed together, this data provides a "Threat Landscape" which can inform Cyber Defenders of current threats.
As part of our contributions, we are pleased to release an infrastructure as code (Terraform) deployment of OpenCTI into Amazon Web Services (AWS). This deployment will reduce installation overhead and, we hope, help to drive wider adoption and growth of this tool. The Terraform code can be found at https://github.com/QinetiQ-Cyber-Intelligence/OpenCTI-Terraform.
The platform allows for graphical visualisation along with the ability to perform correlation with other similar events. Content that is ingested from open source and paid threat feeds can be correlated with hand-curated work, providing an even more comprehensive view of threats faced.
With so many organisations and systems relying on the internet, networks and digital infrastructure to provide sometimes life-critical services, it's never been more important to understand the methods and intentions of those determined to disrupt or steal from those organisations. It's a great pleasure to contribute our knowledge and expertise to a freely accessible platform that will ultimately help make the world a safer and more predictable place for all.
If you would like more information about OpenCTI, please contact Luke Ager, Chief Technical Officer, who would be happy to help.
Attachments
Original Link
Original Document
Permalink
Disclaimer
QinetiQ Group plc published this content on 09 August 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 09 August 2022 13:05:04 UTC.
QinetiQ Group plc is a United Kingdom-based integrated global defense and security company. The Company operates through two segments: Europe, Middle East, and Australasia (EMEA) Services and Global Solutions. EMEA Services segment combines its facilities to provide capability generation and assurance, underpinned by long-term contracts. Global Products segment combines its technology-based products and services. The Company serves sectors, which include defense, financial services, marine, aviation and aerospace, government, space service, energy and utilities, law enforcement, and telecommunications. It manages and operates testing and evaluation capabilities for air, land, sea, and target systems. It also provides advisory and consulting services, cyber and digital resilience, innovation, mission data, mission led innovation, robotics and autonomous systems, sensors integration and interoperability, target systems test and evaluation, and training and rehearsal.