Cyberattacks are a real and constant threat. The consequences for businesses and government can be serious, including interruption of services and theft of information. As the sophistication and frequency of attacks increase, so does the difficulty of securing computer systems against them. State-of-the-art security always comes at high cost. Furthermore, few people possess the necessary skills, adding to the costs. So, adoption of cybersecurity measures remains limited, especially among SMEs. The EU-funded SHIELD project provides a new solution. It enables telecommunications companies and internet service providers (ISPs) to offer cost-efficient, virtualised security services to SMEs and individuals, providing access to sophisticated cyberthreat detection and protection services. Software instead of hardware The project’s key innovation is to offer security services as software components, rather than as conventional hardware units (e.g. firewalls). This is based on a technical principle called Network Functions Virtualisation, or NFV, which allows dynamic deployment of the software into a network. SHIELD also allows users to purchase software-based security services from an online store as they would any other software. Users pay for the software by subscription, as they go. The system is unique, and there is no other that provides equivalent security protection at such a simple user level. During the course of the SHIELD project, the team created a technical framework allowing the deployment, verification and lifecycle management of advanced, software-based security services. “Our framework allows ISP customers to select the cybersecurity services they want from a graphical catalogue,” says Dr Georgios Gardikis, project coordinator, “deploy them in the network, integrate them with their existing internet connection, monitor the security incidents detected, and apply recommended mitigation actions.” Machine-learned threat detection Another key system component is a security analytics platform (the Data Analysis Remediation Engine, or DARE). Once installed, it collects network information in real time. While detecting already known threats, yet also learns to recognise new threats. Small businesses can utilise DARE alone in this way, without the rest of the system aimed at service providers. “Ransomware is a typical example of a cyberthreat that may propagate rapidly before its signature is added to antivirus software blacklists,” says Dr Gardikis. Ransomware encrypts a user’s files and demands a payment to decrypt them. “We tested the SHIELD system against the disastrous ‘wannacry’ ransomware, which it successfully recognised as an anomaly.” During testing, DARE suggested appropriate user action to neutralise the attack and prevent further propagation. A third element of the SHIELD system was the implementation of enablers for Trusted Computing, which is a technology developed to ensure a computer behaves in consistent and secure ways. These enablers verify the integrity of cybersecurity services and infrastructure. The developments also prevent malicious interventions and modifications. SHIELD researchers successfully demonstrated the complete system at various industry events. The technology is being distributed as pre-commercial versions for data network devices and security analytics platforms. Consortium partners expect to begin full commercialisation of certain components by the end of 2019. The project’s solutions are especially ideal for newer networks, including 5G. The developments offer effective and convenient security for SMEs, at low cost. The system makes cybersecurity available to SMEs that might otherwise not be able to afford it.
SHIELD, software, cybersecurity, internet, ransomware, threat detection, network functions virtualisation, trusted computing