Automating Insider Threat monitoring and detection

Advanced persistent threat (APT) groups, as well as those sponsored by a nation-state, often aim to gain undetected access to a network and then remain silently persistent, establish a backdoor, and steal data, as opposed to causing damage. APT groups use different tactics, techniques, and procedures (TTPs) at various stages of cyberattacks. The continuous and ongoing threats and attacks imposed by APT groups create a need for continual and collaborative assessments of defensive measures. So APTs drive the need for purple teaming. Purple teaming is a collaborative approach to cybersecurity that brings together Red and Blue teams to test and improve an organization’s security posture. By emulating adversaries’ tactics, the Red team makes the blue team better at defense. To create an optimized and continuous security workflow, the purple teaming processes must be automated. In the Red team phase, there are several tools that can be used to emulate attacks and its possible to interact with all parts of the tools through the core REST API to make the process automatic.

Faculty Supervisor:

Ali Dehghantanha

Student:

Partner:

GlassHouse Systems

Discipline:

Computer science

Sector:

Manufacturing; Professional, scientific and technical services

University:

University of Guelph

Program: