A carregar...
Publicação
RoboPHISH2: RPA e Crowdvoting na Deteção e Mitigação de Ataques de Phishing
| Nome: | Descrição: | Tamanho: | Formato: | |
|---|---|---|---|---|
| 4.43 MB | Adobe PDF |
Autores
Orientador(es)
Resumo(s)
O e-mail é um elemento central à experiência online e uma poderosa ferramenta na
comunicação das organizações. Na Altice Portugal, todos os dias existem ataques de phishing e
spam que tentam invadir a rede interna. Através da implementação de tecnologias de RPA
(Robotic Process Automation), SIEM (Security Information and Event Management) e SOAR
(Security Orchestration, Automation, and Response), em conjunto tantas outras, estão
estabelecidas interações e soluções que permitem proteger os recursos tecnológicos e humanos
da empresa, formando a iniciativa PHISHFighting!. Uma das soluções desenvolvidas, o
RoboPHISH, apresenta já bons resultados e também uma oportunidade de vir a melhorar todo o
sistema de deteção de ataques cibernéticos, tornando-o mais robusto, desde que um e-mail tenta
entrar na rede interna da Altice Portugal até ao acesso à Internet. O RoboPHISH recorre a uma
abordagem de gaming com um algoritmo de inteligência de Crowdvoting. Neste projeto esse
algoritmo foi melhorado de forma a integrar de uma forma dinâmica a importância relativa da
votação de cada colaborador, considerando a sua proficiência e o histórico mais recente,
resultando num algoritmo adaptativo.
O resultado desde projeto permitiu melhorar significativamente todo o sistema de
proteção, dado o novo algoritmo dinâmico, e uma interação mais otimizada entre as diferentes
ferramentas utilizadas, com a integração de novas plataformas. Ainda, este projeto permitiu
projetar uma interação conceptual e adaptação das ferramentas de RPA e SOAR de playbooks
que interagem com o sistema RoboPHISH para utilizar as suas funcionalidades. Por fim, todas
melhorias do sistema RoboPHISH permitiram melhorar a eficácia e eficiência de toda a iniciativa
PHISHFighting!.
The e-mail has become an essential, yet a mandatory tool, during the online experience, despite being a powerful tool to all organizations. Every day, in Altice Portugal, there are a diverse range of phishing and spam attacks towards the company’s private network. Through the implementation of Robotic Process Automation, Security Information and Event Management and Security Orchestration, Automation, and Response technologies, we can establish different and unique interactions, as well as new solutions, that when paired with technologies already implemented, can produce a protective environment to protect all technological and human assets of the company, forming the PHISHFighting! initiative. One successfully designed solution, the RoboPHISH system, though it already revealed remarkable results, an opportunity to enhance the implemented system surfaced, making it more effective against cyber-attacks since the e-mail is inbound to the Altice Portugal private network until an attempt to access the Internet. Having a gaming approach concept in mind, an innovative algorithm was developed in this project, recurring to the Crowdvoting intelligence. In this project the algorithm was improved in a dynamic way that takes into consideration the relative importance of each employee votes, focusing on its proficiency and most recent history, becoming an adaptative algorithm. The results of this project allowed to enhance the overall security system, given the new dynamic algorithm and the integration of new platforms, having an optimized interaction with the system. Also, this project allowed to design a conceptual playbook that supports the interaction between the RPA and SOAR platforms, making use of the RoboPHISH available functionalities. At last, all the enhancements done to the RoboPHISH system conceded an improvement to the efficacy and efficiency of the entire PHISHFighting! initiative.
The e-mail has become an essential, yet a mandatory tool, during the online experience, despite being a powerful tool to all organizations. Every day, in Altice Portugal, there are a diverse range of phishing and spam attacks towards the company’s private network. Through the implementation of Robotic Process Automation, Security Information and Event Management and Security Orchestration, Automation, and Response technologies, we can establish different and unique interactions, as well as new solutions, that when paired with technologies already implemented, can produce a protective environment to protect all technological and human assets of the company, forming the PHISHFighting! initiative. One successfully designed solution, the RoboPHISH system, though it already revealed remarkable results, an opportunity to enhance the implemented system surfaced, making it more effective against cyber-attacks since the e-mail is inbound to the Altice Portugal private network until an attempt to access the Internet. Having a gaming approach concept in mind, an innovative algorithm was developed in this project, recurring to the Crowdvoting intelligence. In this project the algorithm was improved in a dynamic way that takes into consideration the relative importance of each employee votes, focusing on its proficiency and most recent history, becoming an adaptative algorithm. The results of this project allowed to enhance the overall security system, given the new dynamic algorithm and the integration of new platforms, having an optimized interaction with the system. Also, this project allowed to design a conceptual playbook that supports the interaction between the RPA and SOAR platforms, making use of the RoboPHISH available functionalities. At last, all the enhancements done to the RoboPHISH system conceded an improvement to the efficacy and efficiency of the entire PHISHFighting! initiative.
Descrição
Trabalho de projeto de mestrado, Informática, Universidade de Lisboa, Faculdade de Ciências, 2022
Palavras-chave
phishing Cibersegurança RPA SOAR Crowdvoting Trabalhos de projeto de mestrado - 2022