An Assay: Next Generation Automated Cyber Defense Mechanism against Advanced Phishing Attacks and Campaigns Using Threat Hunting and SOAR Capabilities

Abstract

We are in the new era of cyber security, now a day’s, a lot of companies and organizations are facing issues against cybercriminals. They are getting more sophisticated attacks creatively and 50-60% of those attacks and incidents are coming through Phishing. Phishing is a type of attack that involves sending an email or making a similar attempt to obtain information from the recipient. To detect these attacks one of solution is Threat Hunting. This whole process takes tedious manual effort and time. To avoid manual intervention and vast time effort we have implemented a framework using different threat hunting approaches conducting an in-depth analysis of phishing emails, integrating with Security Information Event Management (SIEM) and Security Orchestration Automation Response (SOAR) tools and Automated Threat Intel Detection using Internal & External feeds. Here, we combine both automated workflows and Human Investigation to identify advanced persistent attacks. The experiments conducted ascertain that the proposed model can identify 80-90% of threats against any organization and generate accurate metrics & reports