What I do? 🙂
I am developing a system for the real-time detection of cyberattacks. From a programming perspective, this involves highly interesting data processing in real time. Incoming events, such as user logins or network communications, are divided into time windows by the system. These windows are synchronized and stored on an SSD disk for further analysis.
The detection mechanism relies on lookup lists containing potentially malicious IP addresses, file hashes, domain names, and other artifacts. These lists are continuously updated and contain hundreds of thousands of records. The data is provided by either internal feeds or third-party threat intelligence feeds and is further analyzed to enhance detection accuracy.
The outputs of individual analyses and detections are then combined into more complex correlations, revealing the specific techniques and tactics used in an attack. Once the system identifies suspicious activity, it can respond immediately – blocking the attacker and preventing further access to the network. The system also includes visualization of detection outputs and alert management to facilitate a swift response to security threats.
