SANS Brings Forth RITA for Threat Intelligence

By CIOReview | Thursday, December 24, 2015
777
1201
243

FREMONT, CA: In the rapidly growing world of technological advancements, the concern for security has also risen. In order to advance the security solutions, SANS has introduced Real Intelligence Threat Analysis (RITA) to help companies hunt for attackers by extending traditional signature analysis to blacklisted IP address and accounts that have a number of logins on multiple systems.

Cyberthreat intelligence provides the ability to recognize and act upon attacks and vulnerabilities in a timely manner. It identifies the various indicators of attacks as they progress and respond to it. It enables administrators to detect attacks and take actions during every stage of the attack.

RITA will fuel the process of hunt teaming- a process where organizations set up a team to search for threats on a network and find ways to detect attacks. RITA will create a framework allowing users to continuously add modules to it according to their needs.

RITA can export data to the desktop and visualize it via Kibana. If the current module is running then it will show all accounts logged in to it, which helps in detecting lateral movement. It will load the data into Kibana for visualization