In a dynamic landscape where cyber threats evolve rapidly, staying ahead with up-to-date cybersecurity tools presents a formidable challenge. The ELECTRON Threat Explorer (TE) automatically checks different sources to discover if any vulnerability has been found that could threaten the ELECTRON domain, particularly the EPES operators.
Employing a proactive methodology, the ELECTRON Threat Explorer harnesses crawlers and open APIs to meticulously scan diverse cybersecurity websites and databases. This approach ensures the extraction of the latest indicators of compromise and emerging threat patterns.
The first step in developing this component was to identify optimal vulnerability sources. Amidst the plethora of options, only select sources emerged as pioneers in promptly publishing vulnerabilities during the development phase. These included NVD (https://nvd.nist.gov/), CVECircl (https://www.circl.lu/), Rapid7 (https://www.rapid7.com/), OpenCVE (https://www.opencve.io/), among others.
These platforms meticulously document specifics about vulnerabilities, including unique identifiers, detailed descriptions, affected software and hardware versions, severity levels, and potential security ramifications. Each vulnerability is tagged with a unique identifier, often denoted by a CVE ID, serving as a standardised reference across the cybersecurity landscape.
Subsequently, two distinct approaches were evaluated for threat detection: Machine Learning and Keyword search. Despite the promise of Machine Learning, the lack of adequate datasets for training, coupled with higher resources and time needed to achieve the same result, led to the adoption of the Keyword search method as the preferred operational modality.
Once the vulnerabilities have been identified, as the latest step, the ELECTRON Threat Explorer update the ELECTRON SharePoint, a MISP Cluster that serves as a repository to collect, store and share information about possible cyber threats. MISP, which stands for ‘Malware Information Sharing Platform & Threat Sharing’, is an open-source threat intelligence platform offering excellent capabilities; the ELECTRON Threat Explorer comes into action to maintain the cluster.
Customizable configurations empower users to tailor the ELECTRON Threat Explorer’s operation according to specific parameters such as keywords and scanning intervals. However, the default configuration entails direct website scanning with a predefined list of critical keywords. This meticulous approach has facilitated the compilation of a comprehensive database encompassing nearly 600 vulnerabilities published or updated within the past three years.
In essence, the ELECTRON Threat Explorer is a significant leap forward in fortifying our cybersecurity ecosystem. By embracing timely threat intelligence, institutions arm themselves with the requisite tools to safeguard their digital assets amidst the ever-evolving landscape of cyber threats.