<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.3 20210610//EN" "JATS-journalpublishing1-3.dtd">
<article article-type="research-article" dtd-version="1.3" xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xml:lang="ru"><front><journal-meta><journal-id journal-id-type="publisher-id">kaz29</journal-id><journal-title-group><journal-title xml:lang="ru">Вестник Казахстанско-Британского технического университета</journal-title><trans-title-group xml:lang="en"><trans-title>Herald of the Kazakh-British Technical University</trans-title></trans-title-group></journal-title-group><issn pub-type="ppub">1998-6688</issn><issn pub-type="epub">2959-8109</issn><publisher><publisher-name>Казахстанско-Британский Технический Университет</publisher-name></publisher></journal-meta><article-meta><article-id custom-type="elpub" pub-id-type="custom">kaz29-166</article-id><article-categories><subj-group subj-group-type="heading"><subject>Research Article</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="ru"><subject>ФИЗИКО-МАТЕМАТИЧЕСКИЕ И ТЕХНИЧЕСКИЕ НАУКИ</subject></subj-group><subj-group subj-group-type="section-heading" xml:lang="en"><subject>PHYSICAL, MATHEMATICAL AND TECHNICAL SCIENCES</subject></subj-group></article-categories><title-group><article-title>КЛЮЧЕВЫЕ ЗАДАЧИ, ИНСТРУМЕНТЫ И ВЫЗОВЫ В РАЗВЕДКЕ КИБЕРУГРОЗ</article-title><trans-title-group xml:lang="en"><trans-title>KEY TASKS, TOOLS AND CHALLENGES IN THREAT INTELLIGENCE</trans-title></trans-title-group></title-group><contrib-group><contrib contrib-type="author" corresp="yes"><name-alternatives><name name-style="eastern" xml:lang="ru"><surname>Кусманова</surname><given-names>А. М.</given-names></name><name name-style="western" xml:lang="en"><surname>Kusmanova</surname><given-names>A. M.</given-names></name></name-alternatives><bio xml:lang="ru"><p>магистрант</p></bio><xref ref-type="aff" rid="aff-1"/></contrib></contrib-group><aff-alternatives id="aff-1"><aff xml:lang="ru">АО "КБТУ"<country>Казахстан</country></aff></aff-alternatives><pub-date pub-type="collection"><year>2020</year></pub-date><pub-date pub-type="epub"><day>08</day><month>11</month><year>2021</year></pub-date><volume>17</volume><issue>2</issue><fpage>175</fpage><lpage>181</lpage><permissions><copyright-statement>Copyright &amp;#x00A9; Кусманова А.М., 2021</copyright-statement><copyright-year>2021</copyright-year><copyright-holder xml:lang="ru">Кусманова А.М.</copyright-holder><copyright-holder xml:lang="en">Kusmanova A.M.</copyright-holder><license xml:lang="ru" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>Данная работа распространяется под лицензией Creative Commons Attribution 4.0.</license-p></license><license xml:lang="en" license-type="creative-commons-attribution" xlink:href="https://creativecommons.org/licenses/by/4.0/" xlink:type="simple"><license-p>This work is licensed under a Creative Commons Attribution 4.0 License.</license-p></license></permissions><self-uri xlink:href="https://vestnik.kbtu.edu.kz/jour/article/view/166">https://vestnik.kbtu.edu.kz/jour/article/view/166</self-uri><abstract><p>Спамы, вирусы и шпионские программы – это риски, которые они подвергают себя пользователям, пользуясь услугами Интернета. Угрозы в данное время намного сложнее, чем были раньше. Они более устойчивы к средствам, которые применяются для борьбы с ними. Угрозы XXI века обладают такими свойствами, как динамичность и способность к трансформации. Часто они выполняются с использованием уязвимостей нулевого дня - неразрешенных уязвимостей или уязвимостей, для которых еще не разработан механизм защиты. Такие атаки часто проходят незамеченными многими средствами защиты, IPS, антивирусами и брандмауэрами. На рынке критически не хватает не только ресурсов, которые могут справиться со всеми инцидентами, но и всей системы, благодаря которой можно было бы реагировать на них на ранних стадиях кибератаки – в идеале до самой атаки, а также для накопления распределенных знаний об угрозах, обмениваться полученными данными, расследовать причины угроз и незамедлительно реагировать на них. Для более быстрого сбора информации о возможных угрозах следует стремиться делиться данными из широкого круга источников. В то же время важно, чтобы эта информация была стандартизирована, то есть стандарты и протоколы для передачи и предоставления данных должны быть определены заранее. Возможность обнаружения, анализа и защиты от таких угроз в условиях, близких к реальному времени, невозможна без использования анализа угроз. В данной статье рассматриваются основные определения, инструменты в технологии анализа киберугроз. Кроме того, как эта технология может помочь снизить риск кибербезопасности. Аналитика угроз может помочь предотвратить много проблем, повторяющихся в информационных системах.</p></abstract><trans-abstract xml:lang="en"><p>Spam, viruses, spyware are the risks that they expose themselves to users, using the services of the Internet. Modern threats of the Internet is much more complicated than those that were before. They are more resistant to remedies. Threats of the 21st century possess such properties as dynamism and transformability. Often they are carried out using zero-day vulnerabilities - unresolved vulnerabilities or vulnerabilities for which a defense mechanism has not yet been developed. Such attacks often pass unnoticed by many protection tools, IPS, antivirus Software and firewalls. The market critically lacks not only the resources that can handle all incidents, but also the overall system, thanks to which it would be possible to respond to them in the early stages of cyberattacks - ideally before operation, as well as to accumulate distributed knowledge about threats, exchange received data, investigate causes of threats and respond immediately to them. For faster accumulation of information about possible threats, one should strive to share useful data from a wide range of sources. At the same time, it is important that this information is standardized, that is, the standards and protocols for the transmission and provision of data defined in advance. The capability to detect, analyze, and defend against such threats in near real-time conditions is not possible without the employment of threat intelligence. This paper reviews the main definitions, instruments in Threat Intelligence technology. Moreover, how this technology may help to reduce cyber security risk. Threat Intelligence can help to prevent many problems recurring in information systems.</p></trans-abstract><kwd-group xml:lang="ru"><kwd>анализ киберугроз</kwd><kwd>кибербезопасность</kwd><kwd>безопасность</kwd><kwd>угроза</kwd></kwd-group><kwd-group xml:lang="en"><kwd>Threat Intelligence</kwd><kwd>Cybersecurity</kwd><kwd>security</kwd><kwd>threat</kwd></kwd-group></article-meta></front><back><ref-list><title>References</title><ref id="cit1"><label>1</label><citation-alternatives><mixed-citation xml:lang="ru">Definition from Technopedia. Available at: https://www.techopedia.com/definition/32367/threat-intelligence.</mixed-citation><mixed-citation xml:lang="en">Definition from Technopedia. Available at: https://www.techopedia.com/definition/32367/threat-intelligence.</mixed-citation></citation-alternatives></ref><ref id="cit2"><label>2</label><citation-alternatives><mixed-citation xml:lang="ru">Solutionary, Threat Intelligence Defined. Available at: https://dsimg.ubm-us.net/envelope/352683/369322/1421853880_solutionary_threat.pdf pp.5</mixed-citation><mixed-citation xml:lang="en">Solutionary, Threat Intelligence Defined. Available at: https://dsimg.ubm-us.net/envelope/352683/369322/1421853880_solutionary_threat.pdf pp.5</mixed-citation></citation-alternatives></ref><ref id="cit3"><label>3</label><citation-alternatives><mixed-citation xml:lang="ru">Crest Threat Intelligence Professionals, “What is Cyber Threat Intelligence and how is it used?”, 2019</mixed-citation><mixed-citation xml:lang="en">Crest Threat Intelligence Professionals, “What is Cyber Threat Intelligence and how is it used?”, 2019</mixed-citation></citation-alternatives></ref><ref id="cit4"><label>4</label><citation-alternatives><mixed-citation xml:lang="ru">BAE Systems Detica Unveils Detica CyberReveal. Available at: https://www.darkreading.com/risk/bae-systems-detica-unveils-detica-cyberreveal/d/d-id/1139672</mixed-citation><mixed-citation xml:lang="en">BAE Systems Detica Unveils Detica CyberReveal. Available at: https://www.darkreading.com/risk/bae-systems-detica-unveils-detica-cyberreveal/d/d-id/1139672</mixed-citation></citation-alternatives></ref><ref id="cit5"><label>5</label><citation-alternatives><mixed-citation xml:lang="ru">IBM, IBM i2 Enterprise Insight Analysis for Cyber Threat Hunting. Available at: https://www.ibm.com/downloads/cas/WZKLWGPB</mixed-citation><mixed-citation xml:lang="en">IBM, IBM i2 Enterprise Insight Analysis for Cyber Threat Hunting. Available at: https://www.ibm.com/downloads/cas/WZKLWGPB</mixed-citation></citation-alternatives></ref><ref id="cit6"><label>6</label><citation-alternatives><mixed-citation xml:lang="ru">Palantir, An End-to-End Cyber Intelligence Platform for Analysis &amp; Knowledge Management.Available at: https://www.palantir.com/wp-assets/wp-content/uploads/2013/11/Palantir-Solution-Overview-Cyber-long.pdf</mixed-citation><mixed-citation xml:lang="en">Palantir, An End-to-End Cyber Intelligence Platform for Analysis &amp; Knowledge Management.Available at: https://www.palantir.com/wp-assets/wp-content/uploads/2013/11/Palantir-Solution-Overview-Cyber-long.pdf</mixed-citation></citation-alternatives></ref><ref id="cit7"><label>7</label><citation-alternatives><mixed-citation xml:lang="ru">Groupsense, How to Use Maltego to Conduct Threat Research. Available at: https://www.groupsense.io/how-to-use-maltego-to-conduct-threat-research/</mixed-citation><mixed-citation xml:lang="en">Groupsense, How to Use Maltego to Conduct Threat Research. Available at: https://www.groupsense.io/how-to-use-maltego-to-conduct-threat-research/</mixed-citation></citation-alternatives></ref><ref id="cit8"><label>8</label><citation-alternatives><mixed-citation xml:lang="ru">SANS Institute InfoSec Reading Room “Who’s Using Cyberthreat Intelligence and How?”. Available at: https://www.sans.org/reading-room/whitepapers/analyst/ cyberthreat-intelligence-how-35767</mixed-citation><mixed-citation xml:lang="en">SANS Institute InfoSec Reading Room “Who’s Using Cyberthreat Intelligence and How?”. Available at: https://www.sans.org/reading-room/whitepapers/analyst/ cyberthreat-intelligence-how-35767</mixed-citation></citation-alternatives></ref></ref-list><fn-group><fn fn-type="conflict"><p>The authors declare that there are no conflicts of interest present.</p></fn></fn-group></back></article>
