CORDIS

EU research results

CORDIS

Proactive Risk Management through Improved Cyber Situational Awareness

Fact Sheet

Reporting

Results

Objective

PROTECTIVE is designed to improve an organisations ongoing awareness of the risk posed to its business by cyber security attacks. PROTECTIVE makes two key contributions to achieve this enhanced situational awareness. Firstly it increases the computer security incident response team’s (CSIRT) threat awareness through improved security monitoring and increased sharing of threat intelligence between organisations within a community. Secondly it ranks critical alerts based on the potential damage the attack can inflict on the threatened assets and hence to the organisations business. High impact alerts that target important hosts will have a higher priority than other alerts. Through the combination of these two measures organisations are better prepared to handle incoming attacks, malware outbreaks and other security problems and to guide the development of the prevention and remediation processes.
The PROTECTIVE system is designed to provide solutions for public domain CSIRTs and SME’s who both have needs outside the mainstream of cyber security solution provision. Public CSIRTs needs arise in part because commercial tools do not address their unique requirements. This has created a shortfall, clearly articulated by ENISA, of tools with the required analytical and visualisation capabilities to enable public CSIRTs provide optimised services to their constituency. SME’s also are vulnerable to cybercrime as they have limited resources to protect themselves and often a limited understanding of what needs to be done. Two pilots will be conducted to evaluate and validate the PROTECTIVE outcomes with CSIRTs from 3 National Research and Educational Networks (NRENs) and with SMEs via a managed security service provider (MSSP).
The PROTECTIVE consortium is constituted of 3 NRENs, 3 academic and four commercial partners from 8 countries so as to maximise the technical and commercial impact of the outputs and the dissemination and uptake of the results.

Programme(s)

H2020-EU.3.7. - Secure societies - Protecting freedom and security of Europe and its citizens

Topic(s)

DS-04-2015 - Information driven Cyber Security Management

Call for proposal

H2020-DS-2015-1

See other projects for this call

Funding Scheme

IA - Innovation action

Coordinator

ATHLONE INSTITUTE OF TECHNOLOGY

Address

Dublin Road
Athlone

Ireland

Activity type

Higher or Secondary Education Establishments

EU Contribution

€ 755 937,50

Website

Contact the organisation

Participants (9)

Sort alphabetically

Sort by EU Contribution

Expand all

SYNYO GmbH

Austria

EU Contribution

€ 395 193,75

INSTYTUT CHEMII BIOORGANICZNEJ POLSKIEJ AKADEMII NAUK

Poland

EU Contribution

€ 584 000

CLEAN COMMUNICATIONS LIMITED

Ireland

EU Contribution

€ 287 218,75

TECHNISCHE UNIVERSITAT DARMSTADT

Germany

EU Contribution

€ 590 870

Agentia de Administrare a Retelei Nationale de Informatica Pentru Educatie si Cercetare

Romania

EU Contribution

€ 176 562,50

GMV SOLUCIONES GLOBALES INTERNET SAU

Spain

EU Contribution

€ 393 465,63

CESNET ZAJMOVE SDRUZENI PRAVNICKYCH OSOB

Czechia

EU Contribution

€ 211 562,50

ITTI SP ZOO

Poland

EU Contribution

€ 167 825

THE CHANCELLOR, MASTERS AND SCHOLARS OF THE UNIVERSITY OF OXFORD

United Kingdom

EU Contribution

€ 597 961,25

Project information

PROTECTIVE

Grant agreement ID: 700071

Project website

Status

Ongoing project

Start date

1 September 2016
End date

31 August 2019

Funded under:

H2020-EU.3.7.

Overall budget:

€ 4 693 612,50
EU contribution

€ 4 160 596,88

Coordinated by:

ATHLONE INSTITUTE OF TECHNOLOGY

Ireland

Periodic Reporting for period 1 - PROTECTIVE (Proactive Risk Management through Improved Cyber Situational Awareness)

Reporting period: 2016-09-01 to 2017-08-31

Summary of the context and overall objectives of the project

It seems nowadays that every time we read the paper or scan a news site that some new computer security incident (“cybercrime”) has taken place. No one is safe: individuals, small and large businesses and even governments are targeted.

Computer emergency response teams (CERTs) monitor computer networks to attempt to detect these attacks due to the huge volume of alerts. They need ways to distinguish critical security alerts that pose the greatest risk to their business. This obliges them increasingly to look outwards to other organisations as well as inwards – i.e. to their own organisation - to acquire and process the threat intelligence (TI) needed to develop such a proactive detection capability
The PROTECTIVE project aims to provide CERTs with the tools required to improve their level of cyber situational awareness (CSA) . It will do this by developing a framework to categorise and rank critical alerts based on the potential damage the attack can inflict on the organisations business. This framework will gather and integrate relevant information including computers criticality and vulnerability exposure to enable automated event prioritisation. High impact alerts that target or affect important computers will have a higher priority than other events.

PROTECTIVE will improve proactive detection through enhanced security monitoring based on the use of Big-Data analytics for the collection, correlation, prioritisation and visualisation of data from multiple sources. It will promote sharing of threat intelligence between organisations that operate in the same sector and who often have similar missions

PROTECTIVE will apply these enhancements to both public CERTs and Small to Medium Enterprise (SME) communities. As such the PROTECTIVE system will be targeted in the first instance at the National Research and Educational Network (NREN) CERT community during the project for evaluation and validation.. Alert correlation, automated prioritisation and visualisation have been identified as essential needs to address -- all of these are within the scope of PROTECTIVE. PROTECTIVE will develop a CSA platform that will integrate existing toolsets with bespoke developed components to provide comprehensive tool support for the above identified needs. A successfully developed PROTECTIVE system will thus have an immediate and clear impact in the public CERT community.
In order to verify the effectiveness of the PROTECTIVE approach and pipeline the project will conduct two experimental evaluation pilots during the course of the project involving both NREN members and the SME community. The evaluation will focus primarily on the NREN CERT community. This is motivated in large part by demand from the public domain including CERT communities such as national and NREN CERTSs. Our initial market assessment indicates that threat intelligence sharing is a more feasible project output to explore for the SME community. The SME pilot will therefore consider which aspects of threat intelligence are likely to be most useful for that community. Specific evaluation criteria will be defined for each pilot, with help from stakeholders, to assess the effectiveness of the deployment
The operation of the PROTECTIVE system in the NREN ecosystem is shown in the diagram below. It shows the TI sharing between NREN's and the details of a PROTECTIVE monitoring node in each NREN constituency.

Work performed from the beginning of the project to the end of the period covered by the report and main results achieved so far

Progress beyond the state of the art and expected potential impact (including the socio-economic impact and the wider societal implications of the project so far)

This image describes the overall PROTECTIVE ecosystem

Project information

PROTECTIVE

Grant agreement ID: 700071

Project website

Status

Ongoing project

Start date

1 September 2016
End date

31 August 2019

Funded under:

H2020-EU.3.7.

Overall budget:

€ 4 693 612,50
EU contribution

€ 4 160 596,88

Coordinated by:

ATHLONE INSTITUTE OF TECHNOLOGY

Deliverables

Documents, reports (9)

Specification of Context Awareness Model

This artefact contains the specification of the mission and constituency modeling approach and initial models. It is formulated as a report

PROTECTIVE Framework specification

This report specifies the design of the PROTECTIVE framework and describes the tools and technologies selected to form the base of the framework. It also specifies internal information exchange formats and any special frameworks services that will be needed

Threat intelligence sharing state-of-the-art and requirements

This artefact contains an in-depth SOTA analysis of TI sharing and TI communities. Furthermore, it provides the necessary specification of the PROTECTIVE XChange to be used in WP2. It is formulated as a report.

Pilots Evaluation Report v1

This deliverable will contain the results from the Pilot 1 with guidelines and updates for Pilot 2 .

Event correlation mechanisms report

This report will include the summary of meta-alert design and development of the event correlation mechanisms for various incoming data streams (T3.1 and T3.2). This report will serve as a basis for further work within WP3.

Updated Conceptual Model v2

The model developed in D2.2 will be further refined with feedback/experiences from Pilot 1 . This version of the model will delivered before the commencement of Pilot 2 to serve as an examplar to communicate how the PROTECTIVE system can be integrated into end-user, including SME MSSP, environments.

Updated Conceptual Model v1

The initial model described in D2.1 will be reified with feedback from the ongoing interaction with CSIRT end-users. This version of the model will be delivered before the commencement of Pilot 1 to serve as an examplar to communicate how the PROTECTIVE system can be integrated into end-user environments.

Requirements Capture, Specification, Architectural Design and Model

This deliverable contains a full requirements capture and specification outlined, including whole model and architectural design. An initial design of the workflow (including architecture and ) based on existing common practices and literature. It will also describe the specific and detailed measures to address data protection principles related to collection, storage, usage, retention and deletion of personal data.

Meta-alerts ranking and prioritisation mechanisms report

Here the overview of the undertaken research regarding decision support techniques: multi criteria decision analysis, preference learning and machine learning will be described with appropriate argumentation supporting selection.

Websites, patent fillings, videos etc. (1)

Other (4)

Context Awareness Platform v3

This is the final releases of the context awareness components for delivery to system integration. It provides support for Pilot 2.

CSA Visualisation v2

This is the second and final release of the CSA visualisation dashboard. It is aimed at Pilot 2.

Threat intelligence community v3

This contains the final release of the PROTECTIVE XChange. It provides the second version of TI Trust and TI Admin. It consists of software artefacts.

Correlation and Prioritisation Platform Component v3

This is the final release of the correlation and prioritisation components aimed at Pilot 2. It consists of software artefacts

Publications

Conference proceedings (2)

Towards Blockchain-Based Collaborative Intrusion Detection Systems

Author(s): Nikolaos Alexopoulos, Emmanouil Vasilomanolakis, Natalia Reka Ivanko, Max Mühlhäuser

Published in: International Conference on Critical Information Infrastructures Security, Issue 2017, 2017, Page(s) to appear

Towards Trust-Aware Collaborative Intrusion Detection: Challenges and Solutions

Author(s): Emmanouil Vasilomanolakis, Sheikh Mahbub Habib, Pavlos Milaszewicz, Rabee Sohail Malik, Max Mühlhäuser

Published in: IFIP WG 11.11 International Conference on Trust Management, Issue 2017, 2017, Page(s) 94-109

DOI: 10.1007/978-3-319-59171-1_8

Project information

PROTECTIVE

Grant agreement ID: 700071

Project website

Status

Ongoing project

Start date

1 September 2016
End date

31 August 2019

Funded under:

H2020-EU.3.7.

Overall budget:

€ 4 693 612,50
EU contribution

€ 4 160 596,88

Coordinated by:

ATHLONE INSTITUTE OF TECHNOLOGY

Project information

PROTECTIVE

Grant agreement ID: 700071

Project website

Status

Ongoing project

Start date

1 September 2016
End date

31 August 2019

Funded under:

H2020-EU.3.7.

Overall budget:

€ 4 693 612,50
EU contribution

€ 4 160 596,88

Coordinated by:

ATHLONE INSTITUTE OF TECHNOLOGY

Download

PDF

XML

Last update: 13 June 2019

Record number: 202674

CORDIS

Objective

Coordinator

Participants (9)

Project information

Periodic Reporting for period 1 - PROTECTIVE (Proactive Risk Management through Improved Cyber Situational Awareness)

Project information

Deliverables

Publications

Project information

Project information

Share this page

Download