Presentation is loading. Please wait.

Presentation is loading. Please wait.

Proactive Risk Management through Improved Situational Awareness

Published byMolly Mathews Modified over 6 years ago

Similar presentations

Presentation on theme: "Proactive Risk Management through Improved Situational Awareness"— Presentation transcript:

1 Proactive Risk Management through Improved Situational Awareness
PROTECTIVE Overview Proactive Risk Management through Improved Situational Awareness This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

2 Key Facts H2020 Proposal submitted under DS “Information Driven Cyber Security” 36 month duration 10 partners 3 academic partners 4 SME partners 3 Network partners 8 countries Ireland, UK, Poland, Austria, Germany, Spain, Czech Republic, Romania This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

3 Consortium Partners This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

4 PROTECTIVE – Why ? Cybercrime hurts ! – costs over $400 billion annually Escalation has created a daunting technology arms race Computer Security Incidence Response Team (CSIRTs) struggle to keep up :- Too much information Lack of manpower This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

5 PROTECTIVE – Why ? CSIRTS need to develop a better awareness of their adversary’s behaviour, capability, and intent to move from reactive to a proactive security posture Advanced Persistent Threat Lifecycle This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

6 PROTECTIVE – Approach ENISA (Detect, Share Protect)
Making existing tools interoperable and promoting the use of standards for data exchange Enhancing the functionality of existing tools as regards: Interoperability Correlation engines for incident analysis Improved threat intelligence Advanced analytics and visualisation for massive numbers of incidents Automatic prioritisation ENISA (Detect, Share Protect) This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

7 PROTECTIVE – Approach Improve proactive response through better
Cyber Situational Awareness (CSA) “Within a volume of time and space, the perception of an enterprise’s security posture and its threat environment; the comprehension/meaning of both taken together (risk) and the projection of their status into the near future” (US Committee on National Security Systems ) This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

8 PROTECTIVE – Approach This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

9 PROTECTIVE - System PROTECTIVE is composed of two functional subsystems Risk Monitoring realisation of risk awareness and context awareness concepts as well as elements of the threat awareness concept Threat Intelligence Sharing realisation of elements of threat awareness through information sharing This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

10 Risk Monitoring – stages
Collection is where security alerts are acquired, normalised and stored Correlation is the process whereby similar alerts are grouped to form a higher level ‘meta alert’ Context awareness – this stage consolidates asset inventory information Prioritisation - meta alerts are annotated with information about the organisation and prioritized Decision making –analyst decides on how to handle the prioritised alerts. This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

11 Risk Monitoring – stages
Decision Making Context Correlation Normalisation Prioritisation IDS/SIEM etc Security Alerts Meta-alerts This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

12 Threat Intelligence (TI) -Taxonomy
Some content here More coLow-level information – information from monitoring systems within an organisation e.g. network traffic etc. In most cases such data is not useful without additional context. Detection Indicators – is a pattern that can be matched against low- level data to distinguish threats. These include e.g. IP addresses, URL’s, MD5 hashes etc. Advisories – includes several types of information that cannot be directly (i.e. automatically) translated into a process for preventing threats but still provides information that can be used by analysts to trigger defensive actions. Strategic – highly summarised report that aim to provide an overview of particular situations ntent This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

13 TI Sharing - Mechanism Knowledge Exchange
a service containing a list of data publishing organisations and their associated data or service offerings The KE may process incoming data to perform quality assurance, data enrichment etc. Organisations can visit a KE and subscribe to data by contacting the publishing organisation directly. KE approach leads to a decentralised organic ecosystem of data and service offerings This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

14 Big Picture Protective Communityy
This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

15 This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

16 Work Plan This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

17 PROTECTIVE - Pilots The PROTECTIVE system is designed to provide solutions for public domain CSIRTs and SME’s who both have needs outside the mainstream of cyber security solution provision. Public CSIRTs needs arise in part because commercial tools do not address their unique requirements. This has created a shortfall, clearly articulated by ENISA, of tools with the required analytical and visualisation capabilities to enable public CSIRTs provide optimised services to their constituency. SME’s also are vulnerable to cybercrime as they have limited resources to protect themselves and often a limited understanding of what needs to be done This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

18 GEANT NREN Backbone RoEduNet - Romania PSNC- Poland Cesnet - Czech
This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

19 PROTECTIVE Pilots – SME’s
The pilot will be conducted in conjunction with the Laundry EML provides security services both directly to SME’s and to other managed security service providers (MSSP). The pilot will focus on the application of PROTECTIVE to EML’s MSSP customers. The reasons for this include i) our belief that MSSPs are particularly well positioned to provide cyber security solutions to SME and ii) we can reach more SMEs in this way and iii) it will be more efficient to evaluate the pilot This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

20 Questions ? This project has received funding from the European Union’s Horizon 2020 research and innovation program under grant agreement No This output reflects the views only of the author(s), and the European Union cannot be held responsible for any use which may be made of the information contained therein.

Download ppt "Proactive Risk Management through Improved Situational Awareness"

Similar presentations

GAMMA Overview. Key Data Grant Agreement n° 312382 Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget: 14.837.981.

GAMMA Overview. Key Data Grant Agreement n° Starting date: 1 st September 2013 Duration: 48 months (end date 31 st August 2017) Total Budget:
Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.

Copyright © 2012, SAS Institute Inc. All rights reserved. Cyber Security threats to Open Government Data Vishal Marria April 2014.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,
National Science Centre An Important Component of Research Funding in Poland RECFA visit to Poland, Krakow 2012 Andrzej Jajszczyk.

National Science Centre An Important Component of Research Funding in Poland RECFA visit to Poland, Krakow 2012 Andrzej Jajszczyk.
Co-funded by the European Union This project has been funded with support from the European Commission. This publication reflects the views only of the.

Co-funded by the European Union "This project has been funded with support from the European Commission. This publication reflects the views only of the.
Resources to Support Training Programs for CSIRTs.

Resources to Support Training Programs for CSIRTs.
INTERIM MEETING/ VIENNA 18.04.2013 PART 1 THE STATUS of the PROJECT IMPLEMENTATION.

INTERIM MEETING/ VIENNA PART 1 THE STATUS of the PROJECT IMPLEMENTATION.
EU Funding opportunities 2014-2020: Rights, Equality and Citizenship Programme Justice Programme Jose Ortega European Commission DG Justice.

EU Funding opportunities : Rights, Equality and Citizenship Programme Justice Programme Jose Ortega European Commission DG Justice.
Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.

Security Innovation & Startup. OPEN THREAT EXCHANGE (OTX): THE HISTORY AND FUTURE OF OPEN THREAT INTELLIGENCE COMMUNITY ALIENVAULT OTX.
Network security Product Group 2 McAfee Network Security Platform.

Network security Product Group 2 McAfee Network Security Platform.
© Enterprise Europe Network South West 2009 The Eurostars Programme Kenny Legg R&D Funding for the Environmental Sector – 29 June 2010 European Commission.

© Enterprise Europe Network South West 2009 The Eurostars Programme Kenny Legg R&D Funding for the Environmental Sector – 29 June 2010 European Commission.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
AtGentive Project Overview; kick-off meeting; 7-8 December 2005, Fontainebleau AtGentive Project Overview AtGentive; Kick-off Meeting; 7-8 December 2005,

AtGentive Project Overview; kick-off meeting; 7-8 December 2005, Fontainebleau AtGentive Project Overview AtGentive; Kick-off Meeting; 7-8 December 2005,
Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.
Assure Analytics data analytics and visualisation Robert Ghanea-Hercock, Alex Healing, Ben Azvine, Karl Smith.

Assure Analytics data analytics and visualisation Robert Ghanea-Hercock, Alex Healing, Ben Azvine, Karl Smith.
Www.fupol.euwww.fupol.eu www.facebook.com/fupolwww.facebook.com/fupol FUTURE POLICY MODELLING (FUPOL) Intelligent Tools for Policy Design.

FUTURE POLICY MODELLING (FUPOL) Intelligent Tools for Policy Design.
How to Make Cyber Threat Intelligence Actionable

How to Make Cyber Threat Intelligence Actionable
Olga Zyrina, IPPT-PAN, Poland. NCP for HORIZON 2020 & Euratom-Fission Coordinator of NCP & EURAXESS Networks in Poland Cooperation with the Enterprise.

Olga Zyrina, IPPT-PAN, Poland. NCP for HORIZON 2020 & Euratom-Fission Coordinator of NCP & EURAXESS Networks in Poland Cooperation with the Enterprise.
Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.

Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.

Similar presentations

Ads by Google