Skip to main content

Practical Autonomous Cyberhealth for resilient SMEs & Microenterprises

Periodic Reporting for period 1 - PALANTIR (Practical Autonomous Cyberhealth for resilient SMEs & Microenterprises)

Reporting period: 2020-09-01 to 2022-02-28

PALANTIR creates a technical framework enabling the provision of next-generation, cost-effective Security-as-a-Service (SecaaS) services to SMEs and MEs, by leveraging and improving novel technologies such as:
1)Network Function Virtualisation, Security Orchestration and Remote Attestation, to create low cost Security-as-a-Service (SecaaS): Three delivery modes are foreseen for PALANTIR. Cloud SecaaS follow in the model of hosted Managed Security Services, Lightweight SecaaS are deployed in a standalone device at the premises of the client following the model of Customer Premises Equipment (CPE), and Edge SecaaS are hosted at the network edge following the paradigm of Multi-Access Edge Computing. The variety of delivery modes provides variety of choice to the SecaaS clients.
2)Distributed collection, Machine Learning and Policy-based remediation to create improved threat intelligence with live threat sharing: Anonymised threat data and high-level remediation policies can propagate through SecaaS clients. High-level policies can be translated locally to actionable security rules for each client, providing near-instantaneous protection from a newly discovered threat.
3)Multi-attribute risk assessment, cost/benefit forecasts and a novel Service Catalogue to link risk assessment with the service market and ensure that clients are matched with appropriate solutions within their budget and tailor-made to their needs. The Service Catalogue democratizes access to multiple service developers.
The project’s technology framework will be validated through a set of three use cases which cover a broad set of deployment models, enabling thus a full real-life evaluation of the PALANTIR results.
PALANTIR envisions a value chain among its stakeholders, in order to create a sustainable ecosystem of services. Stakeholders in the cybersecurity, analytics, artificial intelligence etc. areas undertake the role of Service Developer and monetise their products through the Service Catalogue. Communication Service Providers (CSPs, such as telcos, internet service providers, cloud providers, platform manufacturers), cybersecurity companies etc. can undertake the role of PALANTIR providers and deploy the entire platform in their infrastructure. SecaaS clients SMEs/MEs purchase services from the PALANTIR providers. Finally, the GDPR data subjects are natural persons that are protected by the PALANTIR SecaaS.
The activities of WP2 during the first reporting period mainly focused on the following blocks: i) the requirements elicitation (technical, business, legal) from different stakeholders and subject matter experts which led to the interim high-level design of the PALANTIR platform, ii) the detailed definition of the three Use Cases accompanied with technical details regarding their workflows, actors and hosting infrastructure, and iii) the preliminary assessment of the most relevant security risks for SMEs/MEs which comprise the main PALANTIR stakeholders and the formulation of a risk assessment framework. The WP3 activities conducted during the period include: i) the provision and lifecycle management of security services, orchestrated and instantiated as Security-as-a-Service (SecaaS) solutions in a clustered infrastructure and ii) the implementation of a Risk Assessment Framework to assist in determining the most appropriate security services to implement. WP4 activity has mainly consisted in the (i) the technical specification of components involved in the threat management and sharing, and (ii) the development and evaluation of a first subset of components. WP5 activities were mainly focused on the design and implementation of the first release of all the components related to the Hybrid Threat Intelligence component, whose main objective is complementing the protection provided by the Security Capabilities (SCs) part of the Secure Services Ecosystem with advanced analytics mechanisms based on Machine Learning (ML) and Deep Learning (DL) and providing automatically generated remediations to address the detected threats.
WP6 addresses the integration of all the PALANTIR components created in WP3/4/5, the functional testing (including penetration testing against known attacks), the performance verification and evaluation. WP7 has provided the dissemination and communication plan, as well as the exploitation plan detailing the activities to be conducted throughout the course of the project, aiming to achieve maximum visibility within research community. The consortium produced publications in journals and conferences and participated in workshops to promote the outputs of the project and contributed to standardisation bodies.
PALANTIR offers a variety of SecaaS delivery modes (cloud/light/edge) allowing clients not only to select the level of protection that best fits their needs but also the level of information they would like to communicate to/receive from other SecaaS users. The utilization of hybrid threat identification methods on heterogeneous data sources, coupled with automated notification and remediation features is expected to result in a holistic cybersecurity approach; the automated analysis of potential malware and intrusions in one point on the network, will provide not only technical threat indicators but also useful high-level recommendations and actual mitigation measures that can be proactively propagated to other points on the network using a variety of anonymization processes. PALANTIR makes improvements to multiple technologies based on the premise that it needs to focus across the value chain and not only on the SecaaS client, to ensure actual, sustainable cost reduction. This holistic approach is necessary to drive down costs for cybersecurity.
The project foresees to have a significant impact in the follow areas per stakeholder:
•Citizens and SME/MEs are in the forefront of interest: PALANTIR delivers a holistic risk-based analysis framework, multiple types of SecaaS to choose from, and a “one-stop-shop” Catalogue. The deployed SecaaS are the first tier of protection from cyber-attacks. A significant innovation is the introduction of the Lightweight SecaaS that reduce the complexity to a truly plug-n-play device. This enabled SME/MEs and private citizens to deploy advanced protections in their home or business network instead of installing multiple products on separate devices. Detection at the SecaaS level is the first tier of protection provided by PALANTIR.
•In the case of PALANTIR providers, capital and operational expenditures are expected to be reduced as PALANTIR tackles many of the gaps in SecaaS as well as the unnecessary complexity of state-of-the-art CPEs. This makes SecaaS sustainable in larger scales and is expected to drive down the subscription costs for SecaaS clients. CSPs can now count on Trust and attestation, SecaaS optimisation etc. to create highly reliable, carrier-grade services. Furthermore, the introduction of MEC-based services allows CSPs to deploy protections in large scales to greatly support societal resilience against cyber-attacks. The creation of the service catalogue, SecaaS billing models, as well as the reduction of capex/opex costs provides incentives to the CSPs to adopt PALANTIR technologies and deploy cyber security in larger scales than ever before.
•In the case of security service developers, they are provided with access to a Service Catalogue that allows them to monetise their products.
PALANTIR Conceptual high level architecture