{"id":597712,"date":"2023-06-27T19:59:47","date_gmt":"2023-06-28T02:59:47","guid":{"rendered":"https:\/\/www.esri.com\/about\/newsroom\/?post_type=arcnews&p=597712"},"modified":"2023-06-22T17:39:37","modified_gmt":"2023-06-23T00:39:37","slug":"arcgis-allsource-helps-mitigate-cybersecurity-threats","status":"publish","type":"arcnews","link":"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats","title":{"rendered":"ArcGIS AllSource Helps Mitigate Cybersecurity Threats"},"author":5752,"featured_media":0,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"sync_status":"","episode_type":"","audio_file":"","transcript_file":"","podmotor_file_id":"","podmotor_episode_id":"","castos_file_data":"","cover_image":"","cover_image_id":"","duration":"","filesize":"","filesize_raw":"","date_recorded":"","explicit":"","block":"","itunes_episode_number":"","itunes_title":"","itunes_season_number":"","itunes_episode_type":"","_links_to":"","_links_to_target":""},"categories":[483442,10432,285372],"tags":[478052,474842,241,192792,134012],"arcnews_issues":[485612],"class_list":["post-597712","arcnews","type-arcnews","status-publish","format-standard","hentry","category-arcgis-allsource","category-arcgis-enterprise","category-cybersecurity","tag-arcgis-knowledge","tag-cyberattacks","tag-gis","tag-relationship","tag-security","arcnews_issues-summer-2023","arcnews_sections-esri-technology"],"acf":{"short_description":"Find out how AllSource can be used in all phases of the cybersecurity cycle, from understanding a threat to analyzing and acting on it.","pdf":{"host_remotely":false,"file":"","file_url":""},"flexible_content":[{"acf_fc_layout":"content","content":"The annual cost of cybercrime is expected to exceed $8 trillion by the end of this year, according to research company Cyber Ventures. To mitigate the consequences of cybersecurity attacks, cybersecurity teams continually evaluate and develop creative methods for response and preparedness. Advances in surveillance, detection, and analysis can serve as a force multiplier for the many outnumbered, task-saturated crews that are charged with protecting software and technology.\r\n\r\nArcGIS AllSource, Esri\u2019s new intelligence software, facilitates investigative, geospatial, and link analysis. AllSource can be used in all phases of the cyber threat intelligence cycle, from developing an understanding of the threat and collecting, processing, and analyzing data to disseminating the results and gathering feedback. AllSource enables users to leverage the advanced analytics of ArcGIS Enterprise along with ArcGIS Knowledge to identify threat vectors and deploy mitigation strategies that protect an organization\u2019s cyberinfrastructure.\r\n\r\nTake a tour of the six steps that cybersecurity teams typically use to find and study adversaries\u2019 tactics, techniques, and procedures. Using a right-to-left override attack\u2014which tricks people into clicking malicious text files\u2014as an example, find out how AllSource helps put defense strategies in place and evolves with the complexity of each threat."},{"acf_fc_layout":"image","image":596782,"image_position":"center","orientation":"horizontal","hyperlink":""},{"acf_fc_layout":"content","content":"
    \r\n \t
  1. \r\n

    Determine Appropriate Actions to Take<\/h2>\r\n

    All stakeholders within an organization must be able to gain a clear and specific understanding of the potential impacts of a cybersecurity compromise, as well as their role in preventing one. AllSource can serve as the starting point from which a cybersecurity program grows by allowing analysts to, first, record the attack methods, known attackers, and organizational infrastructure that should all be prioritized.<\/p>\r\n

    It is essential to identify what an organization needs to protect, such as networks, physical assets, customer data, and trade secrets. From there, the organization\u2019s cybersecurity team can develop and implement a threat intelligence strategy. This ensures that all team members understand the organization\u2019s key priorities and allows them to mount a highly responsive defense in reacting to or preventing an attack.<\/p>\r\n<\/li>\r\n \t

  2. \r\n

    Collect Data on Threats<\/h2>\r\n

    When cybersecurity analysts detect activity based around a certain threat vector\u2014the way an adversary can breach or infiltrate a network or system\u2014they can use AllSource to investigate the threat and set in motion a series of steps to preemptively mitigate an attack.<\/p>\r\n

    During a right-to-left override attack, analysts can import data into AllSource and make connections to sources such as the MITRE ATT&CK framework, an openly accessible knowledge base of cyberattack tactics and techniques. They can then layer in threat information and operational data and use the link analysis tools, graphs, and timelines in AllSource to see patterns in the attack and gain insight into the situation.<\/p>\r\n<\/li>\r\n \t

  3. \r\n

    Process the Threat Data<\/h2>\r\n

    Once data sources are mapped and information flows into AllSource, it is typically necessary to normalize the data for use within the enterprise.<\/p>\r\n

    The MITRE ATT&CK dataset, for instance, offers many ways to access the data, including as a JavaScript Object Notation (JSON) file, a Python library, or a Microsoft Excel workbook. The tools available in AllSource help analysts prepare and clean the data so that it\u2019s easier for others to use.<\/p>\r\n

    Say the MITRE ATT&CK dataset is downloaded as an Excel workbook. An analyst would import each sheet into a mobile geodatabase within AllSource to ensure that all the field types are correct and allow for a more robust analytical experience. Using the Convert Time Field tool, for instance, the analyst could change many field types to a date field (or a text or numeric field). This would give the organization clean, usable MITRE ATT&CK data in a mobile geodatabase that can be shared or set as a local copy.<\/p>\r\n<\/li>\r\n \t

  4. \r\n

    Analyze and Present the Data<\/h2>\r\n

    With the data prepared for use, analysts can leverage the advanced analysis functionality provided by the back-end ArcGIS Knowledge Server site deployed within ArcGIS Enterprise to get a deeper understanding of the threat vector\u2014in this case, the right-to-left override.<\/p>\r\n

    An analyst would drill down further into the data to discern the number, cadence, and location of similar attacks that have been reported\u2014both within the organization and from other organizations\u2014over a specified period. Expanding the resultant knowledge graph from the MITRE ATT&CK dataset within AllSource, the analyst could detect a handful of organizations that are prone to this kind of attack. The analyst could then pinpoint particular threat vectors and see that Entity 1 tends to use these threat vectors. If the analyst selects Entity 1 within the knowledge graph, they could see that it is a terror organization.<\/p>\r\n

    Through the relationships that are established in the knowledge graph, it would appear that Entity 1 is known to employ additional threat vectors in its attacks. Using AllSource, the analyst could identify such attacks and determine the best steps to take to mitigate them. Seeing that Entity 1 matched well with the description of activities found in open-source intelligence collections, the analyst could also make recommendations with a marked level of confidence for how to allay the effects of such an attack and bolster their organization\u2019s security posture.<\/p>\r\n<\/li>\r\n \t

  5. \r\n

    Disseminate Analysis Results<\/h2>\r\n

    Once all the relevant data has been analyzed, analysts can generate reports directly within AllSource with recommended mitigation actions that show the way forward. This gives stakeholders and decision-makers the full scope of the operational landscape in which the cybersecurity team is operating.<\/p>\r\n

    Analysts can also easily share critical information with other analysts as feature services, web maps, layouts, reports, and layer and project packages. This gives them access to the source data, allowing anyone working on a team or across shifts to conduct their own research and continue threat mitigation or response efforts. It enables cybersecurity teams to set mitigation actions and take additional measures to prevent or insulate their organization\u2019s architecture from follow-on attacks.<\/p>\r\n<\/li>\r\n \t

  6. \r\n

    Get Feedback<\/h2>\r\n

    To ensure that an organization\u2019s security posture evolves with an ongoing threat and takes new ones into consideration, cybersecurity teams continually analyze the efficacy of their responses to attacks, as well as their efforts to prevent them and lessen their severity when they do happen. In a postaction session, stakeholders can use AllSource to capture critical insight and adjust mitigation steps accordingly to make certain that any new requirements in defensive tactics are captured and cataloged.<\/p>\r\n<\/li>\r\n<\/ol>"},{"acf_fc_layout":"content","content":"The sheer volume of data that\u2019s available to support cyber threat intelligence operations can be overwhelming. AllSource helps cybersecurity teams make sense of that data by extracting pointed intelligence from it and bringing context to suspicious activities.\r\n\r\nLearn more about ArcGIS AllSource<\/a>. Current Esri users may also contact their Esri representatives."}],"references":null},"yoast_head":"\nArcGIS AllSource Helps Mitigate Cybersecurity Threats | Summer 2023 | ArcNews<\/title>\n<meta name=\"description\" content=\"Find out how AllSource can be used in all phases of the cybersecurity cycle, from understanding a threat to analyzing and acting on it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ArcGIS AllSource Helps Mitigate Cybersecurity Threats\" \/>\n<meta property=\"og:description\" content=\"Find out how AllSource can be used in all phases of the cybersecurity cycle, from understanding a threat to analyzing and acting on it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats\" \/>\n<meta property=\"og:site_name\" content=\"Esri\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2023\/06\/arcnews-banner-arcgisallsource-wide.jpg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:description\" content=\"Find out how AllSource can be used in all phases of the cybersecurity cycle, from understanding a threat to analyzing and acting on it.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2023\/06\/arcnews-banner-arcgisallsource-wide.jpg\" \/>\n<meta name=\"twitter:site\" content=\"@Esri\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\n\t \"@context\": \"https:\/\/schema.org\",\n\t \"@graph\": [\n\t {\n\t \"@type\": \"WebPage\",\n\t \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats\",\n\t \"url\": \"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats\",\n\t \"name\": \"ArcGIS AllSource Helps Mitigate Cybersecurity Threats | Summer 2023 | ArcNews\",\n\t \"isPartOf\": {\n\t \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/#website\"\n\t },\n\t \"datePublished\": \"2023-06-28T02:59:47+00:00\",\n\t \"description\": \"Find out how AllSource can be used in all phases of the cybersecurity cycle, from understanding a threat to analyzing and acting on it.\",\n\t \"breadcrumb\": {\n\t \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats#breadcrumb\"\n\t },\n\t \"inLanguage\": \"en-US\",\n\t \"potentialAction\": [\n\t {\n\t \"@type\": \"ReadAction\",\n\t \"target\": [\n\t \"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats\"\n\t ]\n\t }\n\t ]\n\t },\n\t {\n\t \"@type\": \"BreadcrumbList\",\n\t \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats#breadcrumb\",\n\t \"itemListElement\": [\n\t {\n\t \"@type\": \"ListItem\",\n\t \"position\": 1,\n\t \"name\": \"Home\",\n\t \"item\": \"https:\/\/www.esri.com\/about\/newsroom\"\n\t },\n\t {\n\t \"@type\": \"ListItem\",\n\t \"position\": 2,\n\t \"name\": \"ArcNews Articles\",\n\t \"item\": \"https:\/\/www.esri.com\/about\/newsroom\/arcnews\"\n\t },\n\t {\n\t \"@type\": \"ListItem\",\n\t \"position\": 3,\n\t \"name\": \"ArcGIS AllSource Helps Mitigate Cybersecurity Threats\"\n\t }\n\t ]\n\t },\n\t {\n\t \"@type\": \"WebSite\",\n\t \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/#website\",\n\t \"url\": \"https:\/\/www.esri.com\/about\/newsroom\/\",\n\t \"name\": \"Esri\",\n\t \"description\": \"Esri Newsroom\",\n\t \"potentialAction\": [\n\t {\n\t \"@type\": \"SearchAction\",\n\t \"target\": {\n\t \"@type\": \"EntryPoint\",\n\t \"urlTemplate\": \"https:\/\/www.esri.com\/about\/newsroom\/?s={search_term_string}\"\n\t },\n\t \"query-input\": {\n\t \"@type\": \"PropertyValueSpecification\",\n\t \"valueRequired\": true,\n\t \"valueName\": \"search_term_string\"\n\t }\n\t }\n\t ],\n\t \"inLanguage\": \"en-US\"\n\t },\n\t {\n\t \"@type\": \"Person\",\n\t \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/#\/schema\/person\/41c803b2ea8734c36f9c4e9586d1449d\",\n\t \"name\": \"Amy Ambard\",\n\t \"image\": {\n\t \"@type\": \"ImageObject\",\n\t \"inLanguage\": \"en-US\",\n\t \"@id\": \"https:\/\/www.esri.com\/about\/newsroom\/#\/schema\/person\/image\/\",\n\t \"url\": \"https:\/\/secure.gravatar.com\/avatar\/f356480172f8ad0bc8d72b855e84171c52f1944c7c7779f3e425d73bf3efa3c7?s=96&d=blank&r=g\",\n\t \"contentUrl\": \"https:\/\/secure.gravatar.com\/avatar\/f356480172f8ad0bc8d72b855e84171c52f1944c7c7779f3e425d73bf3efa3c7?s=96&d=blank&r=g\",\n\t \"caption\": \"Amy Ambard\"\n\t },\n\t \"url\": \"\"\n\t }\n\t ]\n\t}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ArcGIS AllSource Helps Mitigate Cybersecurity Threats | Summer 2023 | ArcNews","description":"Find out how AllSource can be used in all phases of the cybersecurity cycle, from understanding a threat to analyzing and acting on it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats","og_locale":"en_US","og_type":"article","og_title":"ArcGIS AllSource Helps Mitigate Cybersecurity Threats","og_description":"Find out how AllSource can be used in all phases of the cybersecurity cycle, from understanding a threat to analyzing and acting on it.","og_url":"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats","og_site_name":"Esri","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","og_image":[{"url":"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2023\/06\/arcnews-banner-arcgisallsource-wide.jpg","type":"","width":"","height":""}],"twitter_card":"summary_large_image","twitter_description":"Find out how AllSource can be used in all phases of the cybersecurity cycle, from understanding a threat to analyzing and acting on it.","twitter_image":"https:\/\/www.esri.com\/about\/newsroom\/app\/uploads\/2023\/06\/arcnews-banner-arcgisallsource-wide.jpg","twitter_site":"@Esri","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats","url":"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats","name":"ArcGIS AllSource Helps Mitigate Cybersecurity Threats | Summer 2023 | ArcNews","isPartOf":{"@id":"https:\/\/www.esri.com\/about\/newsroom\/#website"},"datePublished":"2023-06-28T02:59:47+00:00","description":"Find out how AllSource can be used in all phases of the cybersecurity cycle, from understanding a threat to analyzing and acting on it.","breadcrumb":{"@id":"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/about\/newsroom\/arcnews\/arcgis-allsource-helps-mitigate-cybersecurity-threats#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/about\/newsroom"},{"@type":"ListItem","position":2,"name":"ArcNews Articles","item":"https:\/\/www.esri.com\/about\/newsroom\/arcnews"},{"@type":"ListItem","position":3,"name":"ArcGIS AllSource Helps Mitigate Cybersecurity Threats"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/about\/newsroom\/#website","url":"https:\/\/www.esri.com\/about\/newsroom\/","name":"Esri","description":"Esri Newsroom","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/about\/newsroom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.esri.com\/about\/newsroom\/#\/schema\/person\/41c803b2ea8734c36f9c4e9586d1449d","name":"Amy Ambard","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/about\/newsroom\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f356480172f8ad0bc8d72b855e84171c52f1944c7c7779f3e425d73bf3efa3c7?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f356480172f8ad0bc8d72b855e84171c52f1944c7c7779f3e425d73bf3efa3c7?s=96&d=blank&r=g","caption":"Amy Ambard"},"url":""}]}},"sort_order":"6","_links":{"self":[{"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/arcnews\/597712","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/arcnews"}],"about":[{"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/types\/arcnews"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/users\/5752"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/arcnews\/597712\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/media?parent=597712"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/categories?post=597712"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/tags?post=597712"},{"taxonomy":"arcnews_issues","embeddable":true,"href":"https:\/\/www.esri.com\/about\/newsroom\/wp-json\/wp\/v2\/arcnews_issues?post=597712"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}