We adore recommendation systems. And we love to recommend you articles about recommendation systems…
To prevent the spread of malware, it is important to identify which devices in the network are infected or immediately threatened. However, the increasing number and heterogeneity of devices in today's networks make it challenging for incident handlers to maintain situational awareness.
This article proposes a nex recommendation system intended to take advantage of a known context in the triage operations that a SOC must perform. The system aims to prioritize devices to be examined based on their similarity and proximity to an infected device! Here the input data is network monitoring data. Although this data requires a lot of pre-processing, it should have more than enough context to properly prioritise the candidates.
The funny thing about this recommendation system is that all the knowledge used to rate the candidates is stored in a graphical database that links all the information about the situation.
But unfortunately, this article only presents the idea and concept of this system. It does not present any real implementation or evaluation. Maybe that's the next step, we'll stay tuned for the next article!