Cybercriminals launched a wave of cyberattacks in the last years that were not only well-coordinated but also far more sophisticated than anything previously seen. Simple endpoint assaults evolved into multistage, complicated operations. Both small enterprises and large corporations are impacted by ransomware attacks. Indeed, cybercriminals were able to enter enterprise networks and significantly increased their danger level. Massive data breaches, pricey ransomware settlements, and a broad, brand-new, challenging threat landscape marked last years.
Thus, cyber-attacks can already have major consequences in our security landscape. For that reason, enterprises can enhance their defenses with fast, targeted, and contextual threat intelligence, reducing the risks that might harm their reputation and keeping them a step ahead of cybercriminals.
Taking to account the above challenges, one of the key functions of PUZZLE is to enable blockchain-based threat intelligence and information sharing concerning cyber-incidents and discovered vulnerabilities, which may be shared across various stakeholders, end users, and SME/MEs with Distributed Ledger Technology (DLT) infrastructure access.
Specifically, the data from Cyber Threat Intelligence (CTI) may be easily transferred to systems that are flexible and expandable, for effective communication between interested parties or collaborative groups. Based on the aforementioned, PUZZLE implements an approach to exchanging threat intelligence information by adapting the Structured Threat Information Expression (STIX) standard.
From technical perspective, the STIX Tool Services is developed, which is an application to transmute the Risk Assessment information that is provided by PUZZLE Security Orchestrator to STIX data format in order to be shared in SIX component, as highlighted in following Figure.