Towards a Sophisticated SIEM Marketplace for Blockchain-based Threat Intelligence and Security-as-a-Service

In spite the current cyberthreat landscape, 68% of SMEs&MEs have no systematic approach for ensuring cybersecurity, 60% of them who were victims of cyber attacks did not recover and thus shut down within 6 months and less than 3% have cyber insurance. In addition to possible risk of business loss for SMEs&MEs organisations, the SMEs&MEs segment often provides services for large and governmental enterprises and organisations bringing high economical, international and social impact in EC and EU.
The vision of PUZZLE is to design and implement a novel, highly usable cybersecurity, privacy and data protection management framework offered as a collection of security services of a marketplace targeted at SMEs&MEs.
SMEs&MEs have to be strengthened with seamless processes and toolkits to easily configure, deploy and collect insights and personalised recommendations for dimensioning their infrastructure along with proven practices, incoming events and potential breaches with the ability to choose the optimal cybersecurity solutions targeted to their purposes for protecting their corporate assets and operations.
The main objectives of PUZZLE are:
-to design and implement a state-of-the-art highly usable cybersecurity, privacy and data protection management framework targeted at SMEs&MEs and cybersecurity providers
-to facilitate the collection, processing and exchange of data and knowledge sharing among SMEs&MEs with regards to cyber threats and vulnerabilities
-to provide a set of cybersecurity functional primitives as a service, made available through a marketplace
-to automatically infer optimal deployment plans and support their enforcement based on a policy-based recommendation service and deployment manager through the PUZZLE Marketplace
-to increase the level of cybersecurity situation awareness and preparedness of SMEs&MEs, through the provision of a set of tools in the PUZZLE Marketplace and dashboard
-to prove the applicability, usability, effectiveness and value of the PUZZLE concepts, models and mechanisms in industrial, real-life infrastructures, services and applications

During the first 18 months of the project, significant progress towards addressing the main objectives of the PUZZLE has been recorded. The main activities and results for that period are:
-Technical and functional requirements determination as well as security, privacy requirements of PUZZLE services for advanced assurance and protection
-Definition of usage scenarios, PUZZLE framework development and services to be applied to the PUZZLE Pilots
-Design and conceptualisation of the overall Marketplace offerings to determine multiple services which meet these requirements
-Definition of the properties needed for attestation of ICT devices and networks during the design and runtime phases
-Identification of holistic security and adversarial models for the overall cyber security marketplace
-Risk assessment and conflict identification at design/configuration and run-time phases with regards to the threats and vulnerabilities of each SME/ME asset
-Definition of dynamic trusted consent mechanisms via smart contracts for capturing the sharing of cyber threat-related information and intelligence via the PUZZLE SIX module
-Development of the edge trust assurance service for providing security guarantees during services deployment and operation
-Specification and implementation of a set of virtual functions for provision of network security management services
-Design and implementation a set of cybersecurity analytics services considering edge and cloud-analytics
-Definition and development of the architecture and operational model of the collective threat intelligence and blockchain-based service for the secure exchange of cybersecurity data
-Design and implementation of the PUZZLE cybersecurity services marketplace to support a set of functionalities
-Design and develop a set of mechanisms for providing recommendations for the optimal set and the configuration of the cybersecurity services that have to be deployed
-Implement a set of agents supporting resource management activities as well as real-time performance and health monitoring of the provided services and applications
-Provision of a set of insights related to events based on the application of CEP mechanisms
-Detailed definition of the technical integrated endpoints and proactive planning of the integration

An overview of the progress beyond the state of the art made so far along with the expected results until the end of the project as well as their potential impact is presented below:
-Advanced Cybersecurity Analytics Service (ACAS): The benefit of the ACAS architecture is its flexibility, as both the different features and Deep Learning models can be easily added to the structure and integrated into the final solution. Additional experiments will be performed utilizing different datasets to train the existing Deep Learning model, whereas it will be extended by considering different types of attacks and multi class labels.
-Data Models for Cyber Security and Information Exchange Services: An upper-level model based on the interlinking of concepts that exist in current data models was defined in the context of PUZZLE framework. Such a data model represented cybersecurity threats, vulnerabilities and risks and will be used as the main model for information harmonization activities of the data collected by the set of SMEs&MEs.
- Complex Event Processing and Cyber Ranges: By the propose Complex Event Processing mechanism, it is feasible to process events on-line, as they are generated and introduce context as the temporal and causal relations between events. Then, event correlation based on event patterns permits to specify what to detect, instead of how to detect by increasing detection rate, reducing false alarms, and detecting large-scale attack patterns at an early stage.
-Collective and Interactive Data Visualizations: A novel collaborative and cross-platform visual and correlation analytics, personalized end user centric data reusable visualization tools and services supporting all steps of cybersecurity analysis through appropriate interactive visualizations were developed, including both generic components and components tailored for specific security and digital forensics applications.
-Multi Dependency Cyber Physical Risk Assessment & Policy-based Services Deployment: A universal risk analysis and assessment methodology for edge-to-cloud SMEs&MEs protection in multi dependent environments were developed to ensure advanced protection by integrating heterogeneous component-level risk analysis and deploying policy-based cybersecurity services according to their personalized needs.
- Trust Assurance Services: A novel lightweight collective and distributed attestation mechanisms were designed for the bulk attestation of the edge devices and the SME/ME infrastructure assets. Thus, remote services can get assurance of the integrity of a remote platform and, furthermore, detect and blacklist compromised devices.
PUZZLE bring SMEs&MEs in the foreground with the dual role of being the consumers and the producers of the shared data and the services at the same time, while the outcomes from the analysis, insights, events extraction and predictions for future incidents will be made available anonymously for fare, reusable and collaborative know-how, exchange of experience and best practices.