Cyber Threat Intelligence

Let us start this story by answering a simple question. "what is CTI (Cyber Threat Intelligence)?"
CTI stands for “Cyber Threat Intelligence”, the method/knowledge to effectively counteract against cyber threat based on various information including vulnerabilities and cyber attack history. CTI collects, analyzes and uses the attack information either inside or outside the organization to preemptively protect it against APT (Advanced Persistent Threat).

However, it is almost impossible for CTI (Cyber Threat Intelligence) systems built upon relational databases to immediately counter APT. The basic data structure of relational database is a ‘table,’ a very inefficient way of analyzing highly connected data. As a consequence, it is a very inefficient way of analyzing complex patterns of cyber attacks within a proper time. Therefore, previous CTI systems were not able to analyze patterns, detect signs and take necessary actions, proactively.

Challenge
It was 2013 that a historical cyber terrorism hit Korea. It infected a total of 32,000 servers in major media outlets, financial institutions, and enterprises with a malicious code, resulting in direct and indirect damage worth KRW 882.3 billion ($ 787.5 million). However, the worse thing was that the systems of Korean public institutions and corporations were unable to effectively counteract the evolving cyber attacks. Now that attacks here means APT (Advanced Persistent Threat), modulation and multiple-sourced attacks. Particularly, organizations relied on CTI systems built upon relational databases, which are too slow to process and analyze heavily connected data because of their table data structure nature. That is the reason previous systems were vulnerable. In fact, they have trouble in offering satisfactory analytic performance and fast visualization of complex attack patterns.

Eventually, one of the Korean government agencies has decided to adopt Bitnine’s AgensGraph to break through these obstacles.

Solution
This agency embraced a new CTI environment of which the CTI system is based on graph database (AgensGraph). This system analyzes attack patterns, discovers similarities between attacks, and defines and manages cyber attack groups. No matter how complex the patterns are, they are seen through within a second, and the information about the source and the pattern of the attack comes right into the agency’s hands, enabling him to act preemptively. Furthermore, an intelligent system with Deep Learning algorithms learns that information, and it predicts future attacks and rings the alarm by catching unidentified attack signals.

Benefits
Therefore, the CTI system built on Bitnine's AgensGraph steps forward to the level that had been unreachable for a long time. AgensGraph associates structured and unstructured data to provide more aidful analysis results, and detects attack patterns and the relationships between attacks on the spot, bringing up the true “prevention” against cyber attacks. Thus, AgensGraph empowers a CTI system to overcome its limitation once it was unavoidable because of low performance rooted in its relational database nature, a fundamental shackles that locked up existing CTI systems in “reactive” measures, and even to enable an intelligent countermeasure against the signs of attacks that are previously known to no one.