Lead Image © kreminska, 123RF.com

Lead Image © kreminska, 123RF.com

Open source forensics for adaptive detection of threats on CRITIS networks

Dinos in the Matrix

Article from ADMIN 80/2024
By , By
The open source tool Velociraptor is at the heart of a solution that automatically detects cyber threats in industrial environments, offering a defensive strategy and protecting critical infrastructures.

Cyberspace is a highly dynamic place: New attack vectors are constantly coming to light, such as the infiltration of supply chains that back up software products (e.g., the SolarWinds incident) or the theft of a master key for Microsoft cloud services. Critical infrastructures (CRITIS) also need to face up to these threats. Almost inevitably an IT failure will be attributed sooner or later to a cyberattack. For example, the district of Anhalt-Bitterfeld (Germany) was unable to pay out social benefits to 157,000 citizens in 2021 after a cyberattack and had to stop most of its work for two and a half weeks. This incident prompted regulators to intervene and prescribe certifications (e.g., ISO 27001 [1]) and IT baseline protection methods.

Adapting to Risk

In this article, we look at an adaptive approach that dynamically aligns CRITIS defense with the threat situation by combining information from cyber threat intelligence (CTI) with methods from adaptive live forensics. In this way, attacks can be detected quickly and security measures initiated at short notice.

For the examples in this article, we use the MITRE ATT&CK knowledge base [2] for CTI and the open source Velociraptor digital forensics and incident response (DFIR) platform [3] in a lab environment. Velociraptor provides a more detailed and improved view of the status of the system's monitored endpoints. The framework comes with a list of artifacts pre-installed that are configured centrally and executed on the endpoints. Individual queries can also be created with the native Velociraptor Query Language (VQL).

Various areas of today's networks have critical infrastructures. Operational technologies (OTs) are used in production, for example, where sensors and

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=