NORMA eResearch @NCI Library

Assessing the importance of modern security tools and frameworks to help detect and defend against Cozy bear

O'Brien, Niall (2022) Assessing the importance of modern security tools and frameworks to help detect and defend against Cozy bear. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
PDF (Master of Science)
Download (4MB) | Preview
[thumbnail of Configuration manual]
PDF (Configuration manual)
Download (1MB) | Preview


Modern security tools and frameworks provide an important layer of security for computer systems and networks. Threat hunting and defensive tools are setup to help detect and prevent attacks, to alert those tasked with defending systems of possible intrusions on their network. Nation state Cyber threat actors continue to evolve in targeting individuals, organizations, and governments worldwide in 2022. The knock-on effect of this is a huge market for security vendors to push their products to entice organisations to try and stay one step ahead of the bad guys. Choosing the right tools is the challenge all organisations face today.

In this study, this author assessed an array of modern security tools and frameworks to help give network defenders a clearer path on how to defend against a malicious hacking group known as Cozy bear, aka APT29. A nation state backed Cyber group, to understand it’s key identifiers in relation to attacks that have been seen in the wild in recent years. The innovative aim of this research is to show that through the collective use of threat hunting tools such as Velociraptor and Hayabusa, a defensive tool called Snort in alignment with the security frameworks Mitre Attack and Cyber Kill chain, that it is possible to defend against Cozy bear. The final piece is related to clause 9.1 of the ISO27001 framework, monitoring and measuring, to show how we can satisfy this clause with the use of the tools used in this paper.

Results produced in this paper will aim to show Cozy bear can be kept at bay through a combination of security tools and frameworks.

Further research needs to be carried out into the use of the tools and frameworks outlined in this paper. A one shoe fits all, security tool combined with a framework that prevents or detects an attack such as Cozy bear would make network defenders jobs easier.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Nation State; Cozy bear; APT29; Velociraptor; Hayabusa; Mitre Attack; Cyber Kill Chain; ISO27001
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 22 Dec 2022 13:46
Last Modified: 22 Dec 2022 13:46

Actions (login required)

View Item View Item