The innovation done in SMESEC focuses in two different areas: on the one hand the innovations done in the tools provided by the partners and on the other hand the SMESEC Framework.
Regarding the tools, in the first year of the project we have performed an analysis of the current status of the market according to each technology of the tools. The areas we have identified are: encryption, business continuity/disaster recovery, data loss prevention, governance, risk management and compliance, security information and event management, intrusion detection and prevention systems, distributed DDoS, web application firewall, application security testing, secure web gateway, unified service gateway, endpoint detection and response, endpoint protection platforms, deception technology, cloud access security brokers, user entity behaviour analytics, software-defined security, and identity and access management. We are aware other areas exist also in the market but, due to the large list of areas of cybersecurity and their application, we preferred to focus in the ones we can support/improve in the project. Once we identified these areas we performed an analysis of the state of the art of different solutions that exist in the market in these areas. The analysis allowed us to identify gaps in the market both from the cybersecurity and functional point of view. This was the basis for studying how better we can fulfil the needs of SMEs in these areas. Once this was finished, all partners started studying how they will improve/extend/refine their tools in order to allow better functionalities and performance for SMEs. We compiled the information and updated the graph of solutions with our planned solutions. This have been very helpful to understand how SMESEC will contribute and improve the cybersecurity areas identified at the initial phase of the project. The study, process and results are described in D2.1.
The other pillar of innovation SMESEC brings is in the SMESEC Framework. The framework aims to provide a platform that provides many different cybersecurity tools for protecting, enhancing and creating businesses for SMEs. It was very important to know how we could achieve this for any type of SME, bearing in mind their constraints. They are very critical and need to be taken into account for the architecture and development, as they have an impact on it (e.g. as-a-service or on-premises tools, integration between the tools, deployment in devices, alarms and recommendations for cybersecurity, etc.). In order to identify how to have a better impact and innovation in the project we started analysing the pilots of the project in terms of functionality, user experience, etc. This was extended with the information of innovation and impact of the tools we are doing in the project, so both elements were aligned. Therefore, the areas we plan to focus for the SMESEC Framework are: simplicity (decrease usual complexity of cybersecurity tools), protection (offer protection similar or better than existing solutions in the market), cost-effectiveness (cost of the tools, functionalities and framework must be keep as low as possible, probably studying different strategies for its use), training and awareness (apart from technical aspects, SMESEC must offer also training and awareness strategies, material and courses to complement the cybersecurity solutions of the project), and interconnection (provide a good communication and interconnection of tools, both for existing ones and also have the possibility for adding new ones not included in the project). More information about innovation of the SMESEC Framework can be found in D3.1
