Skip to main content
European Commission logo
English English
CORDIS - EU research results
CORDIS
CORDIS Web 30th anniversary CORDIS Web 30th anniversary

Practical Autonomous Cyberhealth for resilient SMEs & Microenterprises

Periodic Reporting for period 2 - PALANTIR (Practical Autonomous Cyberhealth for resilient SMEs & Microenterprises)

Reporting period: 2022-03-01 to 2023-08-31

PALANTIR has created a technical framework that delivers next-generation, cost-effective Security-as-a-Service (SecaaS) to SMEs and MEs, utilizing advanced technologies:
1) Network Function Virtualisation, Security Orchestration, and Remote Attestation contribute to affordable SecaaS. PALANTIR offers three delivery methods: Cloud SecaaS, resembling hosted Managed Security Services; Lightweight SecaaS, a standalone device situated at the client's premises; and Edge SecaaS, based on the Multi-Access Edge Computing paradigm. This modular approach grants a range of choices for clients.
2) Embracing Distributed collection, Machine Learning, and Policy-based remediation leads to enhanced threat intelligence and live sharing. Anonymised data and high-level policies relay through clients, enabling rapid local translation into security measures, ensuring immediate protection from emerging threats.
3) The system integrates multi-attribute risk assessment with a unique Service Catalogue to ensure clients are matched with fitting, budget-compliant solutions. The catalogue expands access to numerous service developers.
The framework's effectiveness is validated through three use cases, illustrating PALANTIR's real-world applicability. PALANTIR fosters a value chain among stakeholders for a resilient service ecosystem. Key players in cybersecurity and AI capitalize on the Service Catalogue. Communication Service Providers (CSPs) adopt the PALANTIR provider role, integrating the platform. SMEs/MEs, the primary SecaaS clients, acquire services, while GDPR-compliant data safeguards individuals.
PALANTIR is transforming how SMEs, MEs, and the public engage with services, moving from observers to contributors. They achieve this without excessive resources for infrastructure. PALANTIR is a cost-effective SecaaS platform, increasing cybersecurity awareness amidst threats. It does so through collaboration between organizations, service providers, and infrastructure entities. The project's use cases highlight security demands and service delivery methods.
WP2 focused on three primary activities: (i) gathering technical, business, and legal requirements which led to the interim design of the PALANTIR platform, (ii) detailing the three Use Cases, and (iii) conducting preliminary security risk assessments for SMEs/MEs, culminating in a risk assessment framework. By M20, WP2 honed in on architecture adjustments and security enhancements. Notably, deliverables D2.3 and D2.4 marked the completion of the phase.
WP3 was dedicated to (i) provisioning and overseeing Security-as-a-Service (SecaaS) within a structured setup, and (ii) implementing a Risk Assessment Framework. Later stages improved available security services and evolved the Risk Assessment Framework. The significant highlight was the submission of deliverable D3.2 which highlighted design decisions and enhanced threat monitoring capabilities.
WP4 created the technical specification for threat management components, achieving a foundational subset. Between M19 to M30, the efforts were on finalizing specifications, complementing components, and integration across PALANTIR projects. This phase had advancements like the cybersecurity dashboard and an expanded incident response service. Despite initial plans to conclude WP4 at M31, it shifted to M34. The final emphasis lay on consolidating technical aspects, notably the attestation engine.
WP5 revolved around the creation and rollout of the Hybrid Threat Intelligence component, leveraging Machine Learning and Deep Learning. Pursuing this, WP5 emphasized its second release. This phase amplified data analytics modules, integrated Anomaly Detection, and added Threat Classification modules. The notable progress was in enhancing the design and features of the Hybrid Threat Intelligence component, accentuating multi-tenancy support.
WP6 concentrated on integrating components from WP3, WP4, and WP5, ensuring functional testing and performance verification. Between M19-M30, coordination for integration and validation was paramount. PALANTIR's deployment across various pilot sites gathered invaluable feedback which directed necessary modifications. The subsequent focus remained on the integration, validation, and preparing for multiple use-case pilots, with constructive feedback looped back to WP3/4/5.
WP7 campaigned the project's visibility through publications, conferences, and collaborations with standardization entities. The output included 9 journal publications, 16 workshop and conference features, and 8 distinct online event presentations. PALANTIR's contribution to standardization bodies, including the ETSI ZSM group and IETF, was noteworthy. On the commercial front, nine components stood out as Key Exploitable Results, with a techno-economic analysis validating PALANTIR platform's potential.
The PALANTIR framework aims to surpass existing cybersecurity and GDPR solutions, tailored for SMEs and MEs. Unlike traditional tools, PALANTIR offers a risk assessment framework with a multi-vendor Service Catalogue. This ensures businesses understand vulnerabilities and access diverse solutions.
A key feature is PALANTIR's multi-modal machine learning with a hybrid ML-NFV approach. This technique improves attack detection, surpassing current models. Real-time threat intelligence sharing with anonymization ensures data protection and swift threat response. By the conclusion of the PALANTIR project has delivered:
1. Advanced Cyber Resilience: Businesses, especially SMEs and MEs, will have at their disposal a comprehensive risk assessment tool. This will enable them to make informed decisions regarding cybersecurity investments, backed by a clear cost/benefit forecast.
2. Plug-n-Play Protection: The introduction of Lightweight SecaaS promises a seamless cybersecurity experience, enabling businesses to deploy ready-to-use solutions without extensive setup processes.
3. Enhanced Threat Intelligence: PALANTIR aims to be at the forefront of threat detection. Through its enhanced threat intelligence capabilities, businesses will have early warnings about novel attacks, ensuring they are always a step ahead.
4. Attestation Mechanism: One of the features to be fully realized is the attestation mechanism. This will help identify and counteract malware infiltrations effectively.
Potential Impacts:
1. Enhanced Digital Single Market Cyber Resilience: PALANTIR's offerings are set to bolster the overall cybersecurity infrastructure of the digital single market.
2. Shared Responsibility in the Digital Economy: By empowering various stakeholders, from SMEs and MEs to everyday citizens, PALANTIR fosters a sense of collective responsibility
3. Mitigated Economic Damage: The economic repercussions of cyber-attacks and privacy breaches can be debilitating. With PALANTIR's three-tiered protection system, the economic fallout from such threats will be considerably mitigated.
4. Trustworthy Digital Environment in the EU: By engaging a wide range of digital economy actors, PALANTIR is poised to usher in a trustworthy digital environment in the EU.
PALANTIR addresses the documented societal needs for secure and confidential communications. The developed solutions can help SMEs to increase their cyber security and thus increase their trust and reputation leading to increased sustainability and growth.
PALANTIR Conceptual high level architecture