Deliverable D3.1 – Existing technology and solutions portfolio Work package WP3 Due date 31/01/2014 Submission date 14/02/2014 Revision V2.00 Status of revision Final Responsible partner: Atos Contributors: ENG Detica VisionWare SAP Selex STM UPM Project Number FP7-ICT-2011-8 / 318355 Project Acronym CYSPA Project Title European Cyber Security Protection Alliance Start Date of Project 01/10/2012 Dissemination Level [move to the appropriate line] PU: Public PP: Restricted to other programme participants (including the Commission) RE: Restricted to a group specified by the consortium (including the Commission) CO: Confidential, only for members of the consortium (including the Commission)
99
Embed
Deliverable D3.1 Existing technology and solutions · PDF fileBCP Business Continuity Plan ... Certification and Workforce ... CYSPA deliverable 3.1– Existing technology and Solutions
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Deliverable D3.1 – Existing technology and solutions portfolio
Work package WP3 Due date 31/01/2014 Submission date 14/02/2014 Revision V2.00 Status of revision Final
Responsible partner: Atos Contributors:
ENG Detica VisionWare SAP Selex STM UPM
Project Number FP7-ICT-2011-8 / 318355 Project Acronym CYSPA Project Title European Cyber Security Protection Alliance Start Date of Project 01/10/2012
Dissemination Level [move to the appropriate line]
PU: Public
PP: Restricted to other programme participants (including the Commission)
RE: Restricted to a group specified by the consortium (including the Commission)
CO: Confidential, only for members of the consortium (including the Commission)
Version history
Rev. Date Author Notes
1.01 1/11/2013 Atos ToC
1.02 14/11/2013 Atos Updated for Partner contributions
1.03 1/12/2013 Atos Updated following partner contributions
1.04 12/12/2013 Atos Re-aligned table of contents
1.05 18/12/2013 Atos Populated for further partner contributions
4.1. Approach ..................................................................................................................................12 4.2. Access Control Solutions ..........................................................................................................14
4.2.1. Main solutions, with brief description..............................................................................14 4.3. Compliance Monitoring and Enforcement Solutions ..............................................................17
4.3.1. Main solutions, with brief description..............................................................................17 4.4. Configuration Management and Assurance Solutions ............................................................18
4.4.1. Main solutions, with brief description..............................................................................19 4.5. Cryptography Technologies .....................................................................................................19
4.5.1. Main solutions, with brief description..............................................................................20 4.6. Data Loss Prevention Solutions ...............................................................................................20
4.6.1. Main solutions, with brief description..............................................................................21 4.7. Identity Management Solutions ..............................................................................................22
4.7.1. Main solutions, with brief description..............................................................................22 4.8. Information Rights Management Solutions .............................................................................23
4.8.1. Main solutions, with brief description..............................................................................24 4.9. Mobile Security Technologies ..................................................................................................24
4.9.1. Main solutions, with brief description..............................................................................25 4.10. Network Security Solutions ..................................................................................................27
4.10.1. Main solutions, with brief description ..........................................................................28 4.11. Security Assessment Solutions .............................................................................................29
4.11.1. Main solutions, with brief description ..........................................................................29 4.12. System Integrity Solutions....................................................................................................30
4.12.1. Main solutions, with brief description ..........................................................................30 4.13. Anti-malware Solutions (anti-spam, anti-virus, anti-phishing, secure browsing) ................31
4.13.1. Main solutions, with brief description ..........................................................................31 4.14. Audit and Monitoring Solutions ...........................................................................................33
4.14.1. Main solutions, with brief description ..........................................................................33 4.15. IP Traffic Surveillance & Monitoring Solutions ....................................................................35
4.15.1. Main solutions, with brief description ..........................................................................35 4.16. Personal and Equipment Tracking Solutions ........................................................................36
4.16.1. Main solutions, with brief description ..........................................................................36 4.17. Security Incident Management Solutions ............................................................................37
4.17.1. Main solutions, with brief description ..........................................................................37 4.18. SIEM Products ......................................................................................................................37
4.18.1. Main solutions, with brief description ..........................................................................38 4.19. Denial of Service Protection Solutions .................................................................................39
4.19.1. Main solutions, with brief description ..........................................................................39 4.20. Forensic Investigation Solutions ..........................................................................................40
4.20.1. Main solutions, with brief description ..........................................................................41 5. Available Research Results ..............................................................................................................41
5.2. Individual Research Organisations ...........................................................................................54 6. Cyber Security Related Training and Education. .............................................................................57
6.1. Cybersecurity strategies ..........................................................................................................58 6.2. Education & Training Programmes ..........................................................................................59
6.2.1. (UK) CESG – Awareness & Training ...................................................................................59 6.2.2. (UK) Cyber Security Challenge ..........................................................................................59 6.2.3. (US) SANS – Cyber Defense Foundations .........................................................................59 6.2.4. (US) INL - National SCADA Test Bed Program ...................................................................60 6.2.5. (US) NICCS – National Initiative for Cybersecurity Careers and Studies ..........................60 6.2.6. (US) NICE – National Initiative for Cybersecurity Education ............................................60
6.3. Exercises ...................................................................................................................................60 6.3.1. (EU) Cyber Europe ............................................................................................................61 6.3.2. (EU-US) Cyber Atlantic ......................................................................................................62 6.3.3. (US) Cybersecurity Training & Exercises ...........................................................................62 Cyber Storm: Securing Cyber Space ................................................................................................63
6.4.21. GSNA – GIAC Systems and Network Auditor ................................................................69 6.4.22. CISA - Certified Information Systems Auditor ...............................................................69 6.4.23. CISM . Certified Information Security Manager ............................................................69 6.4.24. CGEIT - Certified in the Governance of Enterprise IT. ...................................................70 6.4.25. CISRC - Certified in Risk and Information Systems Control ...........................................70 6.4.26. (ISC)2 - International Information Systems Security Certification Consortium ............70 6.4.27. CISSP - Certified Information Systems Security Professional ........................................70 6.4.28. CAP – Certification Authorisation Professional.............................................................70 6.4.29. ISSAP – Information Systems Security Architecture Professional ................................70 6.4.30. ISSEP – Information Systems Security Engineering Professional ..................................71 6.4.31. ISSMP – Information Systems Security Management Professional ..............................71 6.4.32. SSCP – System Security Certified Practitioner ..............................................................71 6.4.33. OSCP - OSCE ..................................................................................................................72
7. Conclusions and Next Steps ............................................................................................................72 8. References.......................................................................................................................................73 9. Annex I: list of European projects considered for analysis .............................................................74 10. Annex II mapping of European projects to cyber Security topics ...............................................98
1. Introduction
CYSPA deliverable 3.1– Existing technology and Solutions portfolio is the first of six deliverables due
as part of work package 3 activity. The purpose of this document is to present a portfolio of existing
technology and solutions which address various areas of cyber security and trust. The document will
act as a basis of input for two main activities:
CYSPA Gap Analysis (Deliverable D3.5)
This aims to identify the gaps in technology and solutions which contribute to decreasing
cyber disruption and building trust and will act as feedback for alliance strategy when
defining specific strategic actions.
CYSPA Technology and solutions observatory (Deliverable D3.6)
The aim of this is to create a platform which allows access to a comprehensive catalogue of
knowledge about security technology and solutions in line with our CYSPA benefits. Namely
to “Provide mechanisms for different types of market stakeholders to engage, collaborate
and share information”
The figure below depicts the relationship of this deliverable in perspective with other work package
deliverables.
Figure 1- Relationship of WP3 deliverables
This document does not evaluate solutions in terms of how they operationally address a particular
area of security or whether there are gaps in what the solutions do address. This activity will be
carried out in CYSPA D3.5 Gap Analysis and will be informed by the work undertaken for CYSPA
D2.4.2 “Consolidated CYSPA impact report on cyber disruptions”
Much of the focus of this document is on available market solutions. During our stakeholder
engagement activity, CYSPA target audiences (namely Users of security solutions and Providers)
communicated directly to us that they saw great value in being able to access a catalogue of
independently collated cyber security solutions detailing what areas of cyber security was addressed
by each and the current state of the security solutions landscape. Hence we have maintained this as
the focus of the document.
The document is structured as follows:
Section 2: Methodology: Details our approach to the document
Section 3: Cyber security solutions – A market overview:
o details the current landscape of cyber security solutions in the market and factors
driving change. This section has been included following feedback from stakeholders
who stated inclusion of such information would be valuable to them
Section 4: Cataloguing of existing technology and market solutions
Section 5: Available Research Results
Section 6: Education and Training
Section 7: Conclusions and next steps
2. Methodology
The document has been constructed drawing on several sources of information and bodies of
knowledge. Firstly we leveraged an understanding of the security market from within the CYSPA
consortium to assimilate a portfolio of available solutions and their areas of applicability. Secondly,
to ensure a broader perspective on available solutions, existing market studies were referred to from
research institutes such as Gartner, to supplement our knowledge and decision making process as to
which market solution providers to include in this deliverable. Lastly, to facilitate the study of existing
research in Europe, we teamed up with another EU initiative (Seccord Project www.seccord.eu)
recognising the shared interests both projects had in analysing the EU research landscape.
3. Cyber Security Solutions– A Market Overview
In this section we explore some high level perceptions across industry regarding technology trends
which in turn influence the security market and available solutions. We believe these trends are not
necessarily sector specific, but are horizontal across many sectors influencing the landscape. When
we refer to “industry”, we are referring to organisations which under the CYSPA terminology are
Category III: Respond & Mitigate Denial of service protection
Forensic investigation
Offensive cyber warfare
The next sections of this chapter catalogue market solutions under the aforementioned security
technology groups. The cataloguing process captures market solutions offered by CYSPA partner
organisations. In addition to this, we had to find a way to ensure we capture a broad sense of the
market offerings from organisations that were not necessarily connected to the CYSPA consortium,
while at the same time limiting ourselves to only include solutions with a minimum degree of
credibility in the market. To help us with selecting these solutions, we undertook a study of Gartner
magic quadrants relating to our categorisation. Gartner Magic Quadrants are a culmination of
research in a specific market, giving a wide-angle view of the relative positions of the market's
offerings. They offer Gartner’s view on four categories of technology providers:
Leaders: Those who execute well against their current vision and are well positioned for
tomorrow.
Visionaries: Those who understand where the market is going or have a vision for changing
market rules, but do not yet, according to Gartner execute well.
Niche Players: Those focus successfully on a small segment, or are unfocused and do not out-
innovate or outperform others.
Challengers: Those execute well today or may dominate a large segment, but do not
demonstrate an understanding of market direction.
A study of 18 different Gartner magic quadrants facilitated our decision making as to which solutions
to include in our catalogue. We selected solutions mainly from those organisations categorized as
“leaders”. We do recognise however focusing on the leaders' quadrant isn't the only course of
possible action for organisations. There can be good reasons to consider market challengers or niche
players. It does depend on individual business goals of organisations, but Leaders in a broader sense
would fit the requirements for the CYSPA target sectors.
The cataloguing is presented in the following tabular format:
Provider Name Of solution and Description Specific Threat Application Specific
Application Sector
Name of the Solution Provider
Name of the solution and brief overview Specific Type of threat, if any, that the solution addresses. Correlated to threats highlighted in Impact Reports
Highlights if a solution is specifically suitable for one or more sector (Finance, Transport, energy, Telecoms, eGov) or whether it addresses one or more of the threat associated to the sector as highlighted in the Impact Reports
The next sections of this document represent the first CYSPA cataloguing of market solutions which
address cyber security.
4.2. Access Control Solutions
Any organisation must control the access to the Information systems of the organisation. The
management of the access includes authorisation, authentication, access approval, audit, identity
management, user privileges, security levels, etc. The entities that can perform actions in the
organisation systems are not only human users but also software services.
The essential services that the Access control technologies must provide are:
Authorisation
Identification and authentication
Access approval
Accountability.
The list of threats that the access control technologies must deal with is huge, and the impact in case
of success of these attacks in the organisation can be tremendous for the business and for the
corporate’s image.
4.2.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
BAE Systems Detica EnterpriseProtect: EnterpriseProtect is a commercial-grade gateway product securing interaction between a network and the internet. It allows businesses to segregate, or sandbox, applications that require open access to the Internet from those that do not. It breaks attackers’ infiltration and exfiltration paths to high-value commercial environments, defeating threats such as phishing, drive-by downloads, zero-day and unpatched vulnerabilities and data exfiltration via encrypted command and control channels, website upload and webmail. Additional benefits include simplification of the IT estate, increased user awareness and accountability, enhanced business agility, and improved insights into user behaviour
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Commercial organisations, Cross Sector
Oracle Oracle Access Management Suite Plus is a solution for securing applications, data, web services and cloud-based services. The features includes are:
Authentication
Single Sign-on mobile
Social sign-on
Entitlement management
Fine-grained authorisation
Fraud detection
Risk-aware authentication
Security tokens services
Identity federation. Oracle Access Management provides an integrated modular architecture that enables customers to deploy a complete access solution.
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector Application
Oracle Oracle API Gateway: Acts as a control point for managing how internal users and applications are exposed to outside cloud offerings. Extends authentication authorisation. In cloud environments Oracle API Gateway allows:
Proxy and manage interactions with Cloud Services
Restrict, throttle and manage web services and REST APIs
SSO for web services and internet APIs
API key authentication
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
SOA services, cloud and mobile Application
Cisco Cisco Secure Access Control System serves as a policy administration point and policy decision point for policy-based network device access control, main features are:
Access policies rules based and attribute driven.
Authentication protocols PAP, MS-CAP, EAP-MD5, TLS, etc.
Integration with external identity and policy databases, Windows Active Directory, LDAP server and RSA token servers.
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector Application
Cisco Cisco Identity Services Engine is as security policy management and control platform it automates and simplifies access control and security compliance for wired, and VPN connectivity. Cisco Identity Services Engine is primarily used to :
provide secure access
provide guest access
support BYOD initiatives
enforce usage policies
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector Application
IBM Security Access Manager for Enterprise
IBM Security Access Manager for Enterprise Single Sign-On is a simple and flexible access management solution that combines single sign-on with session management and user tracking/audit capabilities. The product simplifies password management, supports a variety of strong authentication devices, and helps secure kiosks and shared workstations, enforcing compliance at the endpoints - Strengthens access control with
convenient single sign-on (SSO) to enterprise and mobile applications and with strong authentication support.
- Improves productivity by eliminating multiple passwords, simplifying the user experience and supporting mobility
- Increases auditability and compliance by tracking and auditing fine-grained user access to information
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector
SAP SAP Access Control allows organisations to confidently manage and reduce unauthorised access, fraud, and the cost of compliance across enterprise. Features include - Automatically detect and remediate
access risk violations across SAP and non-SAP systems
- Embed compliance checks and mandatory risk mitigation into business processes
- Empower users with self-service, workflow-driven access requests, and approvals
- Automate reviews of user access, role authorisations, risk violations, and control assignments
- Better manage super-user access controls with a centralized, closed-loop process
- Create a comprehensive audit trail of user and role management activities
Unauthorised access Automated widespread attacks Industrial espionage Executable code attacks Session-hijacking Targeting of specific users Analysis of vulnerabilities Identity theft Advanced Persistent threat
Cross Sector
4.3. Compliance Monitoring and Enforcement Solutions
The security strategy of any organisation can be expressed in terms of rules, policies, or procedures
among others. After the implementation of the security strategy in the common operational
procedures, it is required to monitor that the rules, policies or procedures are followed in any
operation or transaction. Also it is required to detect if the security strategy has been properly
implemented and enforced.
The technologies involved in the compliance monitoring and Enforcement should provide:
Relevant information of the business activity
Information about implementation of the security strategy
Reports of security breaks.
Reports of policies compliance.
Reports of threats detected.
A clear picture of the system and of the organisation’s assets
4.3.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
ForeScout
CounterACT for Network Access Control: is an automated security control platform that lets an organisation see, monitor and control everything connected to the corporate network. Today most attacks come from inside a network, bypassing the security provided by traditional firewalls and IPS system. Modern threats include: Visitors, Wireless and mobile users, rogue devices, malware and botnets, compliance. ForeScout CounterACT automatically enforces whatever network access policies are defined. Features included:
integrated appliance
802.1X or not
Built-in RADIUS
Automated exception handling
Automated 802.1x troubleshooting and remediation
Tactical map
Guest registration
BYOD friendly
Real-time mobile device control
threat detection
Rogue device detection
Role-based access control
Flexible control options
Policy management
Out-of-band deployment, scalability
Optional agent
IT infrastructure integration, Reporting
Endpoint compliance, Data Exchange.
Network intrusion Distributed attack tools Network sniffers Packet spoofing Internet social engineering attacks
Cross Sector Application
IBM
IBM compliance insight manager offering provides an easy-to-use security compliance dashboard that summarizes billions of log files. This allows analysts to quickly gain an overview of security compliance posture, understand user activities and security events in comparison to acceptable-use frameworks, and monitor privileged users and related security events.
Network intrusion Distributed attack tools Network sniffers Packet spoofing Internet social engineering attacks
Cross Sector Application
Microsoft
Security Compliance Manager: SCM enables organisations to centrally plan, view, update, and export thousands of Group Policy settings for Microsoft client and server operating systems and applications. It makes it easier for organisations to plan, implement, and monitor security compliance baselines in their Active Directory infrastructure. With SCM, IT Professionals can obtain baseline policies based on security best practices, customize them to the particular needs of their organisation and export them to a number of formats for use in different scenarios. For example, SCM can be used to help create different baselines for mobile devices, laptops, desktops, high security desktops, traditional datacenters and private cloud environments.
Network intrusion Distributed attack tools Network sniffers Packet spoofing Internet social engineering attacks
Cross Sector Application
IBM
IBM Endpoint Manager for Security and Compliance helps support endpoint security throughout an organisation. This software can help protect endpoints and assure regulators that security compliance standards are being met. Helps support continuous security and compliance using an intelligent agent that assesses and remediates issues. Manages hundreds of thousands of endpoints, both physical and virtual, regardless of location, connection, type or status. Simplifies operations with a single console for management, configuration, discovery and security functions. Delivers a broad range of security functions and gives the ability to add other targeted functions as needed, without adding infrastructure or implementation costs. Makes the most of BigFix technology. This single-infrastructure approach distributes decision-making to the endpoints.
Network intrusion Distributed attack tools Network sniffers Packet spoofing Internet social engineering attacks
Cross Sector Application
4.4. Configuration Management and Assurance Solutions
An information system is composed of many components. Those components are interconnected
required to meet a variety of business, mission and information security needs. Any organisation
must assume that the information system is in a constant state of change in response to new
hardware or software capabilities, patches, new business requirements or new security threats. If the
configuration must be modified in order to implementing information systems changes it is required
to ensure that the required adjustments to the system configuration do not adversely affect the
security of the information system or the organisation from operation of the information system.
The dependence on the information systems has increased due to the ubiquity of information
technology. Organisations are facing an increase in the number and severity of threats that can have
adverse impacts on operations assets and individuals. The information Security Program address the
efforts aimed to manage organisational risk related to information systems.
The offer of the technologies must provide support for all the activities required for the
Configuration management:
Role definition
Elaboration of Configuration Management Plan
Configuration Item identification
Configuration Change Control
Configuration Monitoring
Risk management
4.4.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
Citrix CloudPlatform enables an organisation to orchestrate every workload from a single platform, so that short and long term needs of users and business objectives can be focused upon. CloudPlatform infrastructure management technologies provide a secure multitenant cloud environment to be built on shared datacenter hardware. Provide central administration of the cloud across different regions or availability zones.
Network sniffers Packet spoofing Session-hijacking Industrial espionage Analysis of vulnerabilities
Cross Sector Application
HP HP Configuration Management System (CMS) is a set of tools for:
Collecting
Storing
Managing
Updating
Presenting data IT services configuration items (software and infrastructure) and about their relationships. HP Configuration Management System includes HP Universal Discovery (UD) and a federated configuration management database (UCMDB) that integrates with trusted sources.
Network sniffers Packet spoofing Session-hijacking Industrial espionage Analysis of vulnerabilities
Cross Sector Application
4.5. Cryptography Technologies
Cryptography Technologies enable encryption of sensitive data to:
To protect the confidentiality and integrity of remote access sessions
To protect the integrity of audit information and audit tools
To implement Digital signatures
To protect information in storage
To protect classified information
4.5.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
McAfee McAfee Anti-Theft allows encryption and password-protect sensitive files on a PC.
Sophos SafeGuard Enterprise, central data encryption and protection, makes regulatory compliance easier with policy enforcement and reporting. Delivers better data security through proven encryption algorithms and performance. Provides key management that lets authorised users shared data securely and easily.
Dell Dell Data Protection Encryption protects data and addresses compliance. DDP provides comprehensive data protection for:
Devices
External media
Public cloud storage. Implement encryption options ranging from simplified Microsoft BitLocker management to full disk encryption. Hardware Crypto Accelerator supports the highest level of FIPS 140-2 protection commercially available for system disks. Centralized management for remotely manage encryption and authentication policies with a single console.
Strategies for Data Loss Prevention are aimed at detecting potential data breach or data disclosure
by monitoring, detecting and blocking sensitive data while data is in-use, in-motion and at rest.
Network DLP techniques are based in the analysis of network traffic to detect sensitive
data that is being sent in violation of information security policies.
Endpoint DLP or in-use monitors activity in the endpoint workstations in the
organisation.
Data at Rest is referred to archived information stored in an endpoint, on a network
storage device, on a file server or on a backup system.
4.6.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
Novell Novell File Reporter The objective of data loss prevention is to avoid the loss or inappropriate access of sensitive data from network storage devices. Novell File Reporter provides comprehensive reporting on key aspects of any data loss prevention strategy including:
Data at rest
Data in use
Data identification. Reports can specify the data's location and when users last accessed or modified it. Additionally, Novell File Reporter can report on who can access this data. Using these reports, one can determine, based on the sensitivity and importance of the data, whether any additional precautionary measures need to be taken, such as moving the data, archiving it or changing access rights.
Industrial espionage Analysis of vulnerabilities Anti-forensic techniques Targeting on specific users Advanced Persistent Threat
Cross sector application
Check Point software Technologies
Check Point DLP Software Blade combines technology and processes allowing Data Loss Prevention (DLP), helping businesses to pre-emptively protect sensitive information from unintentional loss, educating users on proper data handling policies and empowering them to remediate incidents in real-time. The features of this product are:
Check Point UserCheck
Protect Against Data Breaches Both Externally and Internally
Inspect SSL Encrypted Traffic
Check Point MultiSpect
Network-wide Protection Coverage
Watermarking
Fingerprint Sensitive Files
Whitelist Files and Repositories
Central Policy Management
Event Management
Rapid and Flexible Deployment
Integrated into Check Point Software Blade Architecture
Industrial espionage Analysis of vulnerabilities Anti-forensic techniques Targeting on specific users Advanced Persistent Threat
Cross Sector Application
Cisco CISCO Data Loss Prevention (DLP) is a data leakage protection solution that helps organisations assess risk and prevent data loss over the highest points of risk. It safeguards proprietary information against security threats due to enhanced employee mobility, new communication channels, and diverse services. Cisco DLP includes:
Industrial espionage Analysis of vulnerabilities Anti-forensic techniques Targeting on specific users Advanced Persistent Threat
Cross Sector Application
In-motion data leakage protection against loss over the web and through email, with policies that include content, context, and destination knowledge Services to understand data loss risk and develop data leakage protection strategies that incorporate people, processes, and technology Protecting at-rest data by encrypting backup tapes and other storage devices Providing data leakage protection from other avenues of risk, such as unauthorised physical or network access, malware, and end-user actions
IBM IBM Enterprise data loss prevention solution features include: - Helps enforce data protection policies to
enable more security-rich business processes
- Helps better manage compliance with corporate policies to protect business value and avoid fines
- Implements an integrated endpoint and network data loss prevention technology to help optimize data protection investment
Industrial espionage Analysis of vulnerabilities Anti-forensic techniques Targeting on specific users Advanced Persistent Threat
Cross Sector Application
4.7. Identity Management Solutions
The responsibility of any identity management system is:
Creation of electronic identities
Use of electronic identities
Termination of electronic identities.
The electronic identity can be determined by a password, by a token or by any kind of
biometric of any individual person, Face, iris, fingerprints, voice, etc.
4.7.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
Microsoft Microsoft Forefront Identity Manager Deliver self-service identity management for users, allows simplifying identity lifecycle management through automated workflows and business rules, and provides easy integration with heterogeneous platforms. Features:
Policy management
Credential management
User management
Group management
Access management Compliance
Automated probes and scans. Industrial espionage. Analysis of vulnerabilities. Advanced scanning Advanced Persistent Threat techniques. Targeting of specific users. Identity Theft Social media
Cross Sector Application
Oracle Oracle Identity Management is a complete and integrated, next-generation identity
Automated probes and scans.
Cross Sector Application
management platform that provides breakthrough scalability; enables organisations to achieve rapid compliance with regulatory mandates; secures sensitive applications and data regardless of whether they are hosted on-premise or in a cloud; and reduces operational costs. This platform provides:
Directory Services
Simplified Identity Governance
Managing High Risk Accounts
Mobile and Social Access
Access Management
Single Sign On services.
Industrial espionage. Analysis of vulnerabilities. Advanced scanning techniques. Targeting of specific users. Identity Theft Advanced Persistent Threat Social media
CA Technologies The CA identity management and governance includes CA GovernanceMinder and CA IdentityMinder. This solution provides automating identity-related controls across physical, virtual and cloud environments.
Automated probes and scans. Industrial espionage. Analysis of vulnerabilities. Advanced scanning techniques. Targeting of specific users. Advanced Persistent Threat Identity Threat Social media
Cross Sector Application
SAP SAP NetWeaver Identity Management allows: - Lower IT support costs and reduce risk
with centralized user identification management
- Improve productivity with self-services such as automatic password resets and rules-driven workflows
- Boost flexibility with standards-based functionality that integrates fully with company processes
- Improve insight and compliance with centralized, integrated logging and reporting
Automated probes and scans. Industrial espionage. Analysis of vulnerabilities. Advanced scanning techniques. Targeting of specific users. Advanced Persistent Threat Identity Threat Social media
Cross Sector Application
4.8. Information Rights Management Solutions
These technologies are considered as a type of the digital rights management aimed to protect
sensitive information from unauthorised access. Whereas digital rights management technologies
are associated with the protection of media content like music and video. Information Rights
management allows that information and its control have separated lifecycles.
The IRM technologies possess the following features:
Secure and track all copies of information.
Information encryption
Control of editing features copy & paste, preventing screenshots, printing.
Rights model/policy
Allow for revocable offline working
Full auditing of access to document and changes to the rights/policy by business users.
4.8.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector/Area
Documentum-emc Documentum Information rights management (IRM) for unauthorised access prevention to secured content enabling organisations to maintain control of information rights beyond firewall:
Mobility and secure access
Persistent protection
Dynamic policy control Continuous audit trail
Industrial espionage APT Social engineering
Cross Sector Application
McAfee McAfee Data Protection Suite for Rights management automatically discovers sensitive data and applies policy-based usage and data access restrictions to safeguard critical information wherever it resides.
Industrial espionage APT Social engineering
Cross Sector Application
Adobe Adobe LiveCycle Rights Management ES2 enable more secure collaboration by helping to maintain control over processes such as product development collaboration, supplier collaboration, work instructions, and field service management:
Reduce the risk of theft and misuse of sensitive information
Protect, manage, and monitor the use of sensitive documents outside the firewall.
Rights manage sensitive information from a wide range of applications and file formats
Industrial espionage APT Social engineering
Cross Sector Application
4.9. Mobile Security Technologies
Mobile devices are ubiquitous today, not only in the personal use but also companies are taking
advantage of these devices in daily operations. Therefore mobile devices need to support multiple
security objectives like confidentiality, integrity and availability. Herein there is a list of threats that
mobile devices must tackle with:
Lack of Physical Security Controls
Use of untrusted Mobile Devices-BYOD
Use of untrusted networks
Use of Applications Created by Unknown Parties
Interaction with other systems
Use of Untrusted Content
Use of Location Services
4.9.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific Application Sector
CISCO Cisco AnyConnect: Provides:
• Context-aware, comprehensive, and
preemptive security policy enforcement
• Intelligent, seamless, and always-on
connectivity experience
• Secure mobility across today’s proliferating
managed and unmanaged mobile devices
Mobile Malware Cross Sector Application
McAfee McAfee Secure Container for Android: software
creates an encrypted and manageable data
store on each smartphone and tablet.
Enterprise data stays locked inside the
container, safe from malware and risky
interaction with the personal apps, games, and
messaging the users loves on their devices.
If the device is stolen or misplaced, the
container can be remotely locked and wiped
without affecting the rest of the data on the
device
Container ensures that Microsoft Word
Documents and Adobe PDFs that are sent as
corporate email or calendar attachments are
opened in an encrypted viewer, and prevents
the ability to copy, paste, or save the document
content elsewhere.
Cyber Espionage
DLP
Cross Sector Application
McAfee McAfee Virus Scan Mobile
Detect threats in real time
Block malware in email, text messages, and
attachments without any noticeable delay.
McAfee VirusScan Mobile scans for a range of
malicious threats in less than 200 milliseconds,
providing automatic and comprehensive
protection for smartphones.
Safeguard corporate assets
Keep confidential corporate and customer
information safe. Trust VirusScan Mobile to
protect mobile devices from viruses, worms,
dialers, Trojans, and other malicious code that
can cause the loss of vital data.
Mobile Malware Cross Sector Application
McAfee McAfee Enterprise Mobility Management: Integrated solution, couple Virus Scan and Secure Container products with Policy management. Aims to offer:
Cross Sector Application
Data and application security
Full device management
Device and OS support for widely-used platforms
BYOD Support
Policy-based security
Enterprise-class scalability
Unified management
Security for mobile and traditional endpoints from the
MobileIron Sentry: MobileIron Sentry is an intelligent gateway that provides secure tunnelling and access control to protect data-in-motion. Supports email, app, document, and web traffic, and establishes session trust through the use of certificates to prevent man-in-the-middle attacks. With Sentry, only secured and authorised services can access enterprise resources, and that access can be automatically disabled if the mobile user or device falls out of compliance.
Man in the mobile attack Cyber Espionage
Cross Sector
MobileIron Docs@Work: Creates a secure content hub for the end user to access and manage corporate documents. This hub allows the user to securely view and store documents in specific apps on their device which are defined by IT. The secure content hub can also selectively wipe documents when a user or device falls out of compliance and blocks clipboard actions (cut/copy/paste) for enterprise content. Docs@Work 1) Controls whether third-party apps can access stored documents and 2) Utilizes policies, users, roles, groups, and permissions. The App is also able to scan and assess
Mobile Malware Cross Sector
MobileIron Web@Work: Secure Access to Enterprise Web Content and Mobile Web Apps Web@Work enables secure web browsing by protecting both data-in-motion and data-at-rest on the device. Secure data-in-motion – Enterprise web traffic is tunneled through MobileIron Sentry for secure transport and access control. To comply with privacy laws required in some geographies, IT can enable split-tunnel configurations. This allows external websites to bypass Sentry and IT visibility. Browser-exclusive tunnel – Unlike a VPN, the tunnel is exclusive to Web@Work, meaning IT can restrict access to only those internal web resources users require based on their group membership in the enterprise directory or other user and device characteristics. If the user or device falls out of compliance, the tunnel will be automatically blocked until the compliance
Secure Browsing Cross Sector
4.10. Network Security Solutions
There are many threats that a corporate network must tackle with in order to grant the security for
the business users within the network. To mention some of the attacks:
ARP poisoning
Buffer overflow
Cyber attack
Denial-of-service
Idle scanner
Man in the middle.
The number of technologies in the field of network security is huge, from physical to logical security:
issue is remediated. VPN is not required.
BAE Systems
Detica
MobileProtect: MobileProtect, powered by StreamShield, is a global cloud-based solution. It uses our StreamShield content security gateway to provide flexible URL filtering for employee provisioned mobile devices operating on iOS, Android and Windows 7 & 8. MobileProtect integrates with the service provider’s Mobile Device Management (MDM) platform providing a seamless process for provisioning new devices. Policies set up on the MDM are automatically synchronized with the MobileProtect management hub meaning no additional administration is required. DeviceProtect: Our DeviceProtect solution provides front-line operational staff with access to local and global operational and business intelligence systems on the move. Our devices can be accredited to handle data at high protective marking levels for government use. They are also suitable for commercial organisations seeking high levels of protection. Our device technologies include Mobile Data Terminals, PDAs, laptop PCs and will soon cover the latest tablets and smartphones. When combined with MobileProtect, our network gateway and monitoring capabilities and experience developing and managing mobile applications we offer highly secure and resilient communications to operational teams. This delivers improved intelligence flows and data quality, enables better decision making, increases operator productivity and efficiency and provides enhanced situational awareness.
Cross Sector Application Secure government, commercial organisations with front line/mobile operatives
SAP SAP Mobile Secure enables: - Protection of critical corporate data with
the scalable, secure architecture - Scalable and flexible deployment methods
Cloud or On-Premise - Support for both personally owned and
Bring Your Own Device (BYOD) scenarios
Mobile Malware
IBM IBM MobileFirst Security access Manager and Security AppScan
Mobile Malware, mobile app security
Cross Cutting, Financial servcies
Firewall
Antivirus/malware software
Monitors
Strong authentication, strong encryption
DMZ
Whitelist for wireless connections.
4.10.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific Application Sector
Juniper networks Juniper Networks network security system includes:
SA Series SSL VPN appliances
IDP Series Intrusion Detections and Prevention Appliances
SRX Series Services Gateways. Juniper Networks provides a scalable IP network security system that is built to provide the performance required to support next-generation services such as VoIP and IPTV. The IP network security system leverages industry-leading technology to protect the service provider network from both known and unknown network security threats.
Cisco Application Centric Infrastructure Security Solutions, protects data centers and cloud deployments. It provides security policy-based. The security can be deployed for transaction – completely independent of the underlying topology. ACI management tools provide a single point of control for both network and security management.
Interactive link data diode: We offer both 100mbps and 1gbps data diodes evaluated to Common Criteria EAL 7+.Our accompanying software suite provides interfaces for a range of IP protocols, SMTP and file transfer as well as a high availability solution and management. Data diodes provide a hardware enforced one-way only connection between two networks. Our Interactive Link family are suited to a wide range of applications in both government and commercial markets. The combination of high assurance and advanced functionality result in them being trusted by many governments and businesses to protect their most sensitive data.
Secure Export Gateway: SEG is a high assurance electronic gateway component that is currently used by the UK and international governments. It ensures that only authorised systems are allowed to send data across the network boundary it protects and allows one way communication. It is suited to all situations
where an information release business process must be enforced, for example the provision of updates to industrial control systems or the release of information to networks of lower classification.. It is designed for use up to UK Government Impact Level 6.
Threat
4.11. Security Assessment Solutions
The process of security Assessment is the principal mechanism to verify that the security goals and
objectives have been properly implemented and correctly operated. The output of the assessment is
to provide useful information about:
The effectiveness of security controls in the information systems.
KPIs of the quality of the risk management process.
Analysis of vulnerabilities of the information systems in a global environment and
changing threats.
4.11.1. Main solutions, with brief description
Provider Name Of solution and Description
Specific Threat Application Specific Application Sector
Cisco Cisco Security Auditor 1.0 enables to audit their network infrastructure against corporate security policies and industry best practices. Key product features include:
An extensive built-in library of security policies based on guidelines from the National Security Agency (NSA), SAFE Blueprints from Cisco, and the Center for Internet Security (CIS)
Ability to import device list from various sources (for example, RME, DCR, local directory, CSV, XML, other Network Management platforms) on an on-demand or scheduled basis
Ability to group devices into static/dynamic device groups based on device attributes
Ability to assign a weight to a security policy to reflect its importance; both raw and weighted results reflected in audit reports
Ability to define which specific policies to check or not check for a defined group of devices; for those policies checked, the ability to customize the policy parameters
Ability to conduct audits online on a live network or offline using locally stored or remotely accessible configuration files
Ability to conduct audits on demand or
Automated probes and Scans Advanced Persistent Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Cross Sector Application
automatically according to a defined schedule
A wide variety of standard reports from executive-summary graphical reports down to specific policy pass/fail results with recommended corrective actions
Bottom 10 device report to quickly identify the devices with the poorest security policy compliance
Bottom 10 policy report to quickly identify the security policies with the poorest compliance
Trending reports to visualize compliance of the network over time
HP HP Security Assessment Tool this tool provides a methodology to evaluate the effectiveness of the information security. It cover five critical areas:
Fundamental services management
Strategy management
Infrastructure management
Issue management
Compliance management
Automated probes and Scans Advanced Persistent Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Cross Sector Application
4.12. System Integrity Solutions
It is considered that the system integrity is completely assured when under all conditions an IT
system is based on:
Data integrity
The logical completeness of the hardware and software
The logical correctness and reliability of the operating system
The technologies required have to cover a wide range in order to audit the system integrity in a
complex business environment. To mention some: data bases, non-sql database, big-data, business
Specific Threat Application Specific Application Sector
Cimcor Inc CimTrak is a security, integrity and compliance application that is easy to deploy and scales to the largest of global networks.
Automated detection process
Flexible response options
Auditing capabilities
Compliance, information assurance.
Automated probes and Scans Advanced Persistent Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Cross Sector Application
Assuria Assuria Auditor provides automated vulnerability assessment and configuration assurance for servers and endpoints through a blend of Resident Agent
In the current global world of internet where software can be acquired everywhere, there is a big risk
that malware could be introduced in the organisations information systems, either intentionally or
unintentionally. This software potentially can be used to disrupt services, gather sensitive
information or any unauthorised use of the resources of the information systems.
4.13.1. Main solutions, with brief description
Provider Name Of solution and Description
Specific Threat Application Specific Application Sector
Sophos Sophos Endpoint Antivirus for computers and servers plus web filtering. Effective and efficient protection with minimal impact Block web-borne threats before they’re download Antivirus, HIPS, device control, application control and DLP.
Kaspersky lab Kaspersky Anti-Virus product to keep PC and data secure against malware.
Advanced Antivirus
Real time protection
Instant Safety Check
Virus infections Cybercriminals Malware
Cross Sector Application
McAfee McAfee Total Protection provides protection :
Anti-virus
Anti-spyware
Anti-spam
Anti-phishing
Two-way Firewall
Malware Viruses Spyware Rootkits Trojans Adware
Cross Sector Application
and Remote Agentless scanning approaches:
Server hardening
Vulnerability Assessment
Compliance Assessment
Change detection
Inventory reporting
Threat Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Website Safety Ratings
Parental Controls
Online Backup
PUAs
BAE Systems Detica
Detica CyberReveal® is the multi-threat
monitoring, analytics, investigation and
response product. It enables security analysts
to identify and manage cyber threats quickly
and efficiently. It provides big data correlation,
security analytics, contextual information
linking and threat intelligence all
Features include:
CyberReveal Platform™ enables security analysts to rapidly query and analyse huge volumes of data. This scalable platform is built to meet the needs of the enterprise without the linear expense of ‘Big Data’ solutions.
CyberReveal Analytics™ represents of BAE Systems Detica’s experience of attack patterns of cyber-attack groups – whether a threat from the inside or outside, simple or sophisticated, general or targeted.
CyberReveal Investigator™ gives insight through a single unified view across the whole security estate. It enables security analysts to make appropriate decisions quickly, without the need for specialist technical skills while supporting collaboration across the security organisation.
EnterpriseProtect: EnterpriseProtect is a commercial-grade gateway product securing interaction between an organisations network and the internet. It allows businesses to segregate or “sandbox” applications that require open access to the Internet from those that do not. It breaks attackers’ infiltration and exfiltration paths to high-value commercial environments, defeating threats such as phishing, drive-by downloads, zero-day and unpatched vulnerabilities and data exfiltration via encrypted command and control channels, website upload and webmail. Additional benefits include simplification of the IT estate, increased user awareness and accountability, enhanced business agility, and improved insights into user behaviour.
Selex FireEye is a threat protection solution focused on combating advanced malware, zero-day and targeted APT attacks. The FireEye solution supplements security defences such as next generation and traditional firewalls, IPS, AV and Web gateways, which can’t stop advanced malware. These technologies leave significant security holes in the majority of corporate networks. FireEye’s Malware Protection Systems feature both inbound and outbound protection and a signature-less analysis engine that utilizes the most sophisticated
virtual execution engine in the world to stop advanced threats that attack over Web and e-mail.
4.14. Audit and Monitoring Solutions
Audit and monitoring are different activities but both with the same goal, security assessment of the
information system. The processes are not the same, continuous auditing performs activities on a
frequent repeated basis, to provide ongoing assurance and more timely insight into risk and control
issues. Continuous monitoring key business process transactions and controls are constantly
assessed. This permits ongoing insight into the effectiveness of control and immediate response to
cyber-attacks or threats.
In both cases it is required a process of measure specific metrics with different scope if required
regarding the activity, audit or monitoring, and reporting tools that provide the required information
to the security management.
4.14.1. Main solutions, with brief description
Provider Name Of solution and Description
Specific Threat Application Specific Application Sector
Oracle Oracle Audit Vault and Database Firewall monitors database traffic to detect and block threats, as well as improves compliance reporting by consolidating audit data from databases, operating systems, directories and other sources
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific users
Cross Sector Application
CXL ltd. AZScan is a tool for auditing the security of mid-range systems:
Review and report systems
Reporting for non-experts of problems, risks and recommended solutions
Creation of actionable business plans
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
Cross Sector Application
BAE Systems Detica
Detica CyberReveal® is the multi-threat
monitoring, analytics, investigation and
response product. It enables security analysts
to identify and manage cyber threats quickly
and efficiently. It provides big data
correlation, security analytics, contextual
information linking and threat intelligence all
Features include:
CyberReveal Platform™ enables security analysts to rapidly query and analyse huge volumes of data. This scalable platform is built to meet the needs of the enterprise without the linear expense of ‘Big Data’ solutions.
CyberReveal Analytics™ represents of
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
Cross Sector Application
BAE Systems Detica’s experience of attack patterns of cyber-attack groups – whether a threat from the inside or outside, simple or sophisticated, general or targeted.
CyberReveal Investigator™ gives insight through a single unified view across the whole security estate. It enables security analysts to make appropriate decisions quickly, without the need for specialist technical skills while supporting collaboration across the security organisation.
BAE Systems Detica Protective Monitoring monitors network
security systems in real time 24/7 and raises
fully qualified and prioritised security
incidents at the point action is required
Our clear, concise security advice is backed up
by decades of experience in information
security and our UK government certified
incident response service.
Leveraging an organisations existing security
technologies they can extract maximum value
from existing investment. And our near-zero
false positive rate ensures an organisations IT
team’s efforts are focussed on the most
important threats.
Protective Monitoring helps an organisation
to achieve cost-effective security hygiene to
reduce the business impact of high-frequency,
low-grade attacks.
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
Cross Sector Application
BAE Systems Detica
Advanced Threat Detection monitors a
network for sophisticated attacks hiding in
legitimate activity to breach perimeter
defences.
Our Detica CyberReveal platform analyses
the behaviour of devices on a network and
their connections with the Internet to pick
out attacks from within legitimate network
traffic. Skilled security analysts investigate
suspicious activity and raise security
incidents when action needs to be taken.
Our Threat Intelligence function monitors key
attack groups, ensuring that the latest
techniques can be detected.
Advanced Threat Detection helps to stop
sophisticated attacks with the potential for
serious impact to a business before the
damage is done.
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
Cross Sector Application
BAE Systems Detica Security Device Management takes away the
DLP Industrial espionage
problem of constantly maintaining security
systems, providing full lifecycle management
of the devices on a network. This includes
configuration, backups, software upgrades
and patching. 24/7 monitoring for availability
and performance is also included.
We pro-actively update devices in response to
security incidents or known threats, updating
proxy white or black lists or deploying IPS
signatures for example.
We take full advantage of our Threat
Intelligence function and intelligence gleaned
from attacks across our client base to ensure
that an organisations perimeter security is as
effective as it can be in blocking known
threats.
Analysis of vulnerability Distributed attack tools Targeting of specific user
4.15. IP Traffic Surveillance & Monitoring Solutions
The virus threat cannot be 100% avoided with anti-virus protection, especially from Trojan horses
and malicious spyware programs. There are many threats that only can be detected analysing the IP
traffic, other way they remain hidden. Specific devices must be devoted to this task to avoid network
overhead, and to provide useful information that could prevent and detect any menace to the
security and integrity of the organisation’s network and system.
4.15.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector
Wireshark Cascade Shark VE:
WLAN packet capture and transmission
Full 802.11 a/b/g/n support
View management, control and data frames
Multi-channel aggregation
Packets analysis Reporting
Network sniffers Packet spoofing Automated probes and scan Wide scale Trojan distribution and worms
Cross Sector Application
Paessler PRTG Network Monitor is a IP traffic monitor:
Packet sniffing
Netflow monitor
Bandwidth usage
Availability monitoring
Wireless network troubleshooting
Network sniffers Packet spoofing Automated probes and scan Wide scale Trojan distribution and worms
Cross Sector Application
BAE Systems Detica
Detica CyberReveal® is the multi-threat
monitoring, analytics, investigation and
response product. It enables security analysts
to identify and manage cyber threats quickly
DLP Industrial espionage Analysis of vulnerability Distributed attack tools Targeting of specific user
and efficiently. It provides big data correlation,
security analytics, contextual information
linking and threat intelligence all
Features include:
CyberReveal Platform™ enables security analysts to rapidly query and analyse huge volumes of data. This scalable platform is built to meet the needs of the enterprise without the linear expense of ‘Big Data’ solutions.
CyberReveal Analytics™ represents of BAE Systems Detica’s experience of attack patterns of cyber-attack groups – whether a threat from the inside or outside, simple or sophisticated, general or targeted.
CyberReveal Investigator™ gives insight through a single unified view across the whole security estate. It enables security analysts to make appropriate decisions quickly, without the need for specialist technical skills while supporting collaboration across the security organisation.
4.16. Personal and Equipment Tracking Solutions
The number of items, devices and personnel that compose the value chain of any product or service
is huge, and today the mobility of all of them is increasing day by day. Therefore it is critical for
organisations locating the components of the value chain to avoid attacks, thefts and to protect the
items, persons and the business. The technologies employed must be the less intrusive possible and
must allow the localization of the subjects of interest at any time. Although it can be considered
physical security, the protection of some key assets helps to prevent many cyber-attacks because
they can provide access to the information systems of the organisation, for example mobile devices.
4.16.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific
Application Sector
SILENT PARTNER RFID equipment tracking solutions, Accurate Asset inventory:
Fixed Asset financial reporting
Equipment maintenance scheduling
Efficient asset utilization, redeployment and retirement
Capture accurate equipment locations
Social engineering attacks Advanced persistent Threat
Cross Sector Application
Pocketfinder GPS Trakers for personnel, and equipment location. Allocation in maps.
Social engineering attacks Advanced persistent Threat
Cross Sector Application
4.17. Security Incident Management Solutions
The sophistication of the cyber-attacks is increasing as the same rhythm that security measures are
improving, therefore security breaches will occur in our system. These security incidents must be
detected through continuous monitoring of security events and the subsequent execution of the
proper response by the security management.
After the security incident is solved, it is required an incident investigation, required to improve the
responses and to learn more about the strengths and weaknesses of the organisation’s system.
4.17.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific
Application Sector
TIBCO
Tibco Loglogic security event manager enables better identification of even the most sophisticated threats to IT infrastructure and assets:
Actionable security intelligence within seconds
Sophisticated incident management and trouble ticketing integration
Instant real time protection
Malware DLP Advanced Persistent threat
Cross Sector Application
GoToAssist GoToAssist Service Desk is a tool that supports people for manage, track and resolve issues.
Manage incidents to resolve issues
Routing service desk records and assign appropriate priorities
Track infrastructure changes and releases
Malware DLP Advanced Persistent threat
Cross Sector Application
4.18. SIEM Products
The Security Information and Event Management (SIEM) is a software system devoted to provide
real-time analysis of security alerts generated by network devices or organisation’s applications.
The SIEM product can be composed by software, devices and services as well as reporting tools and
dashboard services. Herein a list of the required capabilities:
Data aggregation
Correlation
Alerting
Dashboards
Compliance
Retention
Forensic Analysis.
All these capabilities help security management in the tasks of manage service privileges, log auditing
and generate incident response.
4.18.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application
Specific Application Sector
HP HP ArcSight platform analyses and correlates every event that occurs across the organisation-login, logoff, file access, database query, etc.- in order to deliver accurate prioritization of security risks and compliance violations.
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
Splunk Splunk Enterprise is a platform for real-time operational intelligence. It analyses and visualizes the massive streams of machine data generated by IT systems and technology infrastructure- physical, virtual and in the cloud.
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
NetIQ NetIQ Sentinel it is a Security Information and Event Management solution that simplifies the deployment, management and day-to-day use of SIEM, readily adapts to dynamic enterprise environments and delivers “actionable intelligence” required to quickly understand their threat posture and prioritize response.
Collect, retain and report against log data.
Detect out-of-the box threats
Monitoring of user activities
Collection, storage, analysis and management of IT infrastructure event and security logs.
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
Tripwire Tripwire Log Center is a product that provides log intelligence with advanced correlation, visualization, and trend analysis of log data for early indicators of potentially unauthorised activity.
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
Logpoint Logpoint enables the correlation of events and reporting on critical business operation in real-time, allowing enterprises to gather insight and understand the context of billions of events generated daily by both core business applications as well as the infrastructure supporting and enabling the business. LogPoint provides a rich analysis platform and out-of-the-box dashboarding and reporting
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
for infrastructure and critical business applications, enabling effective management and measurements of the enterprise security.
Perform analysis of security events a APTs
Automate and optimize the time spent meeting compliance and regulatory guidelines.
Articulate and define the efficiency potential within the enterprise.
Obtain data needed for business-process reengineering.
Identify misconfiguration and errors within the infrastructure. Gain substantial time-reduction when conducting root-cause analysis.
AlienVault
AlienVault Open Source Security Information Management, OSSIM is an open source SIEM system, providing the essential security capabilities built into a unified platform by integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention. The software is distributed freely under the GNU General Public License. Unlike the individual components which may be installed onto an existing system, OSSIM is distributed as an installable ISO image designed to be deployed to a physical or virtual host as the core operating system of the host. OSSIM is built using Debian GNU/Linux distribution as its underlying operating system .
Malware DLP Advanced Persistent threat Identity Theft Hacktivism Distributed attack Automated probes and scans Analysis of vulnerabilities in compiled software
Cross Sector Application
4.19. Denial of Service Protection Solutions
Denial of Service or Distributed Denial of Service is a cyber-attack technique which aim is to make a
resource unavailable interrupting the service it provides. These kinds of attacks can be sent by one
attacker or more attackers, the attacker can be physical persons, systems or bots. The technologies
employed to prevent and to handle the DoS attack cover many hardware and software solutions:
Firewalls
Switches
Routers
IPS based detection
Application front en hardware
4.19.1. Main solutions, with brief description
Provider Name of solution and Description
Specific Threat Application Specific Application Sector
Radware Radware’s family of security solutions provide integrated application and network security.
Denial of Service attack Cross Sector Application
The Attack Mitigation Systems (AMS) protects application infrastructure in real time against network and application downtime, application vulnerability exploitation, malware spread, Denial of Service attack and Distributed Denial of Service attacks
CISCO Cisco IOS integrated services, Cisco embeds network security into the hardware, routers, switches, etc. providing additional protection against Denial of Service attacks among other threats.
Denial of Service attack Cross Sector Application
BAE Systems Detica
Digital Forensics: If a network is
breached or other malicious activity is detected, a detailed forensic investigation may be required. Our team of forensic experts follow industry best practice to ensure that the integrity of original evidence is maintained from initial response to court proceedings if required. We follow a well-documented, repeatable process across all digital platforms including computers, mobile phones, storage and other ICT systems. We carry out successful operations into highly sensitive issues on behalf of government agencies and commercial organisations at our ISO 17025 accredited lab.
Denial of Service attack Cross Sector Application
BAE Systems Detica
Malware analysis and reverse engineering: When an organisation
identifies an unknown threat in its environment, our specialist team uses dynamic threat analysis and reverse engineering to interpret the threat. We then present the results in an appropriate manner for both technical and business audiences.
Denial of Service attack Cross Sector Application
4.20. Forensic Investigation Solutions
After a security incident has occurred and solved, it is required to analyse the chain of events to
gather the information required to provide legal evidence for further actions against the hacker or
cyber-terrorist that have perpetrated the illegal action on the organisation’s information system.
The forensic investigation is associated with a wide variety of techniques for data recovery with the
goal of creating a legal audit trail.
The investigations are performed on static data and some of the required techniques are:
Cross-drive analysis
Live analysis
Physical analysis of deleted files.
Analysis of volatile data
4.20.1. Main solutions, with brief description
Provider Name Of solution and Description Specific Threat Application Specific
Application Sector
Guidance EnCase Forensic solution enables:
Rapid acquisition of data from the widest variety of devices
Unearth potential evidence with disk-level forensic analysis
Produce comprehensive reports on findings
Maintain the integrity of evidence in a format the courts have come to trust.
AccessData Forensic Toolkit is an integrated computer forensics solution:
Create images, process a wide range of data types from forensic images to email archives analyse the registry, conduct an investigation, decrypt files, crack passwords, and build a report.
Recover of passwords
KFF has library
Advanced, automated analysis without the scripting.
Project MAnagement of Security information and events in Service InFrastructures Website http://www.massif-project.eu Classification Trustworthy Service Infrastructures
Objectives MASSIF works on advancements in security information and event management systems (SIEM) that
deal with real-time analysis of events and security alerts. Standard SIEM systems typically are
deployed at a platform layer and they do not take into account data from higher layers, such as the
business process view. Being usually deployed on a single node responsible for processing all event
correlation rules, they are not scalable. Moreover, existing systems are not able to react to detected
attacks.
Innovation achievements
The MASSIF SIEM framework supports scalable multi-level event processing and predictive security
monitoring. The key innovative artefacts are:
- Advanced attack detection methods.
- Cross-layer security event correlation and decision support for analysis of possible impacts an
attack may have on the system.
- Predictive security monitoring that detects potential future critical states in the monitored
process.
- Attack response mechanisms that propose countermeasures based on security ontologies.
- The MASSIF SIEM architecture that integrates the components above in a secure and reliable
way.
Impact
MASSIF provides two open source implementations of SIEM solutions called OSSIM and Prelude,
which can be further used by the community. The MASSIF approach can make total cost of ownership
of a SIEM system affordable for SMEs due to the open specifications and open source components
available.
The project contributes to the ETSI Information Security Indicators group that aims at measuring
security levels of organisations with deployed SIEM systems.
Deployment of SIEM systems in critical infrastructures has a huge potential, especially in the light of
the Directive on Critical Infrastructures Protection.
5.1.11. POSECCO
Acronym PoSecCo
Project Policy and Security Configuration Management Website http://www.posecco.eu Classification Technology&Tools
Objectives Internet service providers now have to manually resolve the inter-dependencies between high-level
requirements and policies and low-level configurations. In this setting errors are inevitable due to
high complexity of the systems and constant changes in requirements, policies regulations, and
used will provide means to handle large volumes of security events,
while elastic scalable event processing offers an adaptive environment to
suit computing resources.
MASTER.- Managing assurance, security and trust for services
MASTER aims at providing methodologies and infrastructures that
facilitate the monitoring, enforcement, and audit of quantifiable
indicators on the security of a business process, and that provide
manageable assurance of the security levels, trust levels and regulatory
1 http://www.massif-project.eu/
European Cyber Security Protection Alliance
Page 81 / 99
compliance of highly dynamic service- oriented architecture in
centralized, distributed (multi-domain), and outsourcing contexts.
To this extents MASTER will identify new innovation components in
terms of key assurance indicators, key security indicators, protection and
regulatory models and security model transformations coupled with the
methodological and verification tools for the analysis and assessment of
business processes. It will further define an overall infrastructure for the
monitoring, enforcement, reaction, diagnosis and assessment of these
indicators centralized, distributed (multi-domain), and outsourcing
contexts. It will show a proof-of-concept implementation in the
challenging realms of Banking/Insurance and in the e-Health IT systems.
MASTER will thus deliver a strategic component of the security and trust
pillar of the European Technology Platform NESSI which makes it a NESSI
strategic project.
PARSIFAL.- Protection and trust in financial infrastructures
PARSIFAL proposal is targeting the ambitious objective concerning how
to better protect FCI and information infrastructure that link FCI with
other Critical Infrastrucutre in Europe.
PARSIFAL has the following objectives:
1) Bringing together CFI and TSD research stakeholders;
2) Contributing to the understanding of CFI challenges;
3) Developing longer term visions, research roadmaps, CFI scenarios and
best practice guides;
4) Co-ordinating the relevant research work, knowledge and experiences.
The need to create forums at EU level is specifically mentioned in order
to facilitate exchanges of views on general and sector specific CIP issues.
PARSIFAL is aiming to bring together all financial critical infrastructure
stakeholders in the public and private sphere which would provide the
MS, Commission and the industry with an important platform through
which to communicate on whichever new CIP issue arise. Furthermore,
PARSIFAL Forum would asses a possibility of the creation of EU FCI
related industry/business associations. The success of PARSIFAL will be
largely based on its ability to build a large consensus in the financial,
security industrial and scientific community. This will require the ability
to contact and involve a large number of SME's that are working in this
field, as well as Academia and Research Organisation all over Europe and
bring them together with all the relevant national or regional CIP and
Financial sector actors.
PASSIVE.- Policy-Assessed system-level Security of Sensitive Information
processing in Virtualized Environments
The PASSIVE project proposes an improved model of security for
virtualized systems to ensure that:
European Cyber Security Protection Alliance
Page 82 / 99
- Adequate separation of concerns (e.g. policing, judiciary) can be
achieved even in large scale deployments.
- Threats from co-hosted operating systems are detected and dealt
with.
- Public trust in application providers is maintained even in a
hosting environment where the underlying infrastructure is highly
dynamic.
To achieve these aims, the consortium proposes:
- A policy-based Security architecture, to allow security provisions to
be easily specified, and efficiently addressed.
- Fully virtualized resource access, with fine-grained control over
device access, running on an ultra-lightweight Virtual Machine
Manager.
- A lightweight, dynamic system for authentication of hosts and
applications in a virtualized environment. In so doing, PASSIVE will
lower the barriers to adoption of virtualized hosting by government
users, so that they may achieve the considerable gains in energy
efficiency, reduced capital expenditure and flexibility offered by
virtualization.
POSECCO.- Policy and Security Configuration Management.
PoSecCo establish a traceable and sustainable link between high-level
requirements and low-level configuration settings. Operations will be
supported by self-managed features and decision support systems.
Substantial improvements are expected in the areas of policy modeling
and conflict detection across architectural layers, decision support for
policy refinement processes, policy and configuration change
management including validation, remediation and audit support, and
security management processes in FI application scenarios. PoSecCo
addresses the economic viability of the chosen approach by assessing
cost and organisational benefits of an improved policy and configuration
management.
PoSecCo continues other EC projects, especially DESEREC, POSITIF, and
MASTER, and adopts existing industry-standards for change management
and audit to ensure its impact.
PRIMELIFE.- Privacy and identity management in Europe for life.
PrimeLife will resolve the core privacy and trust issues; its long-term
vision is to counter the trend to life-long personal data trails data without
compromising on functionality. The project will build upon and expand
the sound foundation of the FP6 project PRIME that has shown how
privacy technologies can enable citizens to execute their legal rights to
control personal information in on-line transactions. Resolving these
issues requires substantial progress in many underlying technologies.
PrimeLife will substantially advance the state of the art in the areas of
human computer interfaces, configurable policy languages, web service
federations, infrastructures and privacy-enhancing cryptography.
European Cyber Security Protection Alliance
Page 83 / 99
PrimeLife will ensure that the community at large adopts privacy
technologies. To this effect PrimeLife will work with the relevant Open
Source communities and standardisation bodies, and partner projects. It
will further organise workshops with interested parties such as partner
projects to transfer technologies and concepts. This will also validate the
project's results on a large scale. European industry will be strengthened
by providing building blocks for trustworthy treatment of customers'
data.
RADICAL.- Road mapping technology for enhancing security to protect
medical and genetic data.
RADICAL coordination action aims at approaching coherently, studying in
depth and revealing scientifically, the beyond the state-of the art
research and policy roadmap for security and privacy enhancement in
Virtual Physiological Human, taking into consideration technology
advancements, business and societal needs, ethics and challenges that
should be addressed and answered.
RADICAL objectives are:
- Benchmarking existing security and privacy technologies. There will be a
special focus on Privacy Enhancing Technologies, which assist in
designing information and communication systems and services in a way
that minimizes the collection and use of personal data and facilitate
compliance with data protection rules.
- Identify the required technology developments and implementation
challenges in order to define the gap between the present (as is
situation) and the future desired status.
- Identify the societal needs and challenges that should be addressed in
order to protect health patient records and regulate their usage. Analyse
the implications of health data usage, with special focus to the genetic
data usage.
- Capitalize on existing knowledge acquired by EC funded projects under
6th Framework, using their Provide a Policy Paper Roadmap for the
Future Agenda in Medical and Genetic Data.
- Develop a Good Practice Guide, presenting the best practices that should
be adopted by different stakeholders.
- Creating a network of stakeholders
SAFECITY.- Future Internet Applied to Public Safety in Smart Cities
Safecity deals with smart Public safety and security in cities. The main
objective is to enhance the role of Future Internet in ensuring people feel
safe in their surroundings at time that their surroundings are protected.
Safecity is the result of the elaboration of a vertical Use Case Scenario
based on Public Safety in European cities. The main goal of this project is
to collect specific requirements driven by relevant users on the Future of
Internet versus to the generic ones that will be collected through other
objectives.
European Cyber Security Protection Alliance
Page 84 / 99
SECURECHANGE.- Security engineering for lifelong evolvable systems.
The project will develop processes and tools that support design
techniques for evolution, testing, verification, re-configuration and local
analysis of evolving software. Our focus is on mobile devices and homes,
which offer both great research challenges and long-term business
opportunities.
Concrete achievements will include:
- Architectural blueprint and integrated security process for lifelong
adaptable systems
- Methodology for evolutionary requirements with tools for incremental
requirements models evaluation and transformation
- Security modelling notation for adaptive security with formally founded
automated security analysis tools.
- IT security risk assessment with tool-support for lifelong adaptable
systems
- Techniques and tools to verify adaptive security while loading on-device
- Model-based testing approach for evolution
The results are continuously validated jointly with key industry players.
SHIELDS.- Detecting known security vulnerabilities from within design and
development tools
The main objective of SHIELDS is to increase software security by bridging
the gap between security experts and software practitioners and by
providing the software developers with the means to effectively prevent
occurrences of known vulnerabilities when building software.
Development of novel formalisms for representing security information, such
as known vulnerabilities, in a form directly usable by development tools, and
accessible to software developers. This information will be stored in an
internet-based Security Vulnerabilities Repository Service (SVRS) that
facilitates fast dissemination of vulnerability information from security
experts to software developers. We will also present a new breed of security
methods and tools (some open source, some commercial) that are constantly
kept up-to-date by using the information stored in the SVRS.
In addition to the SVRS, and new security tools, we will create a SHIELDS
Compliant certification for tools and a SHIELDS Verified logo program for
software developers that will offer an affordable and yet technically effective
evaluation and certification method in the fight against common security
vulnerabilities. Commercial exploitation will be through these programs, the
tools, and through subscriptions to the repository (parts will be free).
SPIKE.- Secure process-oriented integrative service infrastructure for
networked enterprises.
European Cyber Security Protection Alliance
Page 85 / 99
SPIKE will develop a software platform for the easy and fast setup of business
alliances. The project targets two main organisational objectives: first,
outsourcing parts of the value chain to business partners; second, enabling
collaboration between members of participating organisations. SPIKE will
enable collaboration and cooperation between the networked enterprises.
The user partners will demonstrate the potential of SPIKE at the case of pilot
deployments and use cases, i.e. a collaborative business alliance and two
services ready for use in the networked enterprise. Because of its focus, the
project will have an impact on organisations of all sizes that want to
collaborate with each other.
This way, SPIKE will have a special impact on SMEs. It will enable them to
offer their services to potential new customers in a cost-saving and timely
manner.
VIRTUOSO.- Versatile information toolkit for end-users oriented open
sources exploitation.
The VIRTUOSO Project aims to provide an integrated open source
information exploitation (OSINF) toolbox to European authorities working in
border security. This toolbox will extend the “security distance” of Europe’s
borders by allowing EU agencies and member states to anticipate, identify
and respond to strategic risks and threats in a timely manner. In short, the
project aims to :
- Improve the situational awareness of those organisations and individuals
charged with securing Europe’s borders.
- Help anticipate risks such as terrorism, illegal migration and the trafficking of
goods and people using OSINF-
- Create the kernel of a pan-European technological platform for the
collection, analysis and dissemination of open source information, thus
ensuring greater interoperability among European actors involved in
border security.
- Provide the tools for crisis management response if anticipation fails or in
the event of a rupture scenario.
This seamless OSINF platform will aggregate, in real time, content from the
internet, leading subscription providers, and broadcast media. This content
will be filtered and analysed using text mining and other decision support
technologies to improve situational awareness and provide early warning to
end-users.
The project’s deliverables include a demonstrator of the VIRTUOSO toolkit
(one that integrates various information services and intelligence
applications) and full documentation on the platform itself.
The core platform will be freely available as open source software at the end
of the project.
European Cyber Security Protection Alliance
Page 86 / 99
ANIKETOS1 .Secure Development of Trustworthy Composite Services.
The Main objective is to provide service developers and providers with a secure service development, improving tools, methods, and languages for handling security issues. This includes the evolution of agreements and requirements for users of services, who want to obtain certification for composed services. Aniketos offers a way of expressing different aspects of trustworthiness and provide design-time and runtime modules for evaluating and monitoring the trust level between service providers/components
ARENA.- Architecture for the Recognition of threats to mobile assets using
networks of multiple affordable sensors.
The objective of ARENA is to develop methods for automatic detection
and recognition of threats, based on multisensory data analysis:
- Robustly and autonomously detect threats to critical mobile assets in
large unpredictable environments.
- To reduce the number and impact of false alarms and work towards
optimized decision making.
- To demonstrate automatic threat detection for the land case.
- To assess automated threat detection for the land case and the
maritime case.
- To evaluate detection performance and contribute to standards.
- To respect and respond to social, legal and ethical issues arising from
the design, implementation and deployment.
The expected result is a system consisting of low cost sensors which are
easy to deploy. The system will be adaptable to various platforms and
increase the situation awareness.
ASPIRE.- Advanced Software Protection: Integration, Research and
Exploitation
ASPIRE will research and provide a radical change in the current RFID
deployment paradigm through innovative, programmable, royalty-free
and privacy friendly middleware. This new middleware paradigm will be
particular beneficial to European SME, which are nowadays experiencing
significant cost-barriers to RFID deployment. ASPIRE will significantly
lower SME entry costs for RFID technology, through developing and
providing a lightweight, royalty-free, innovative, programmable, privacy
friendly, middleware platform that will facilitate low-cost development
and deployment of innovative RFID solutions. This platform will act as a
main vehicle for realizing the proposed swift in the current RFID
deployment paradigm.
BEAT.- Biometrics Evaluation and Testing
The goal of BEAT is to propose a framework of standard operational
evaluations for biometric technologies.
The BEAT project will provide standardized criteria (and metrics) to evaluate
biometric systems for both academic and commercial entities. This
standardization is currently lacking and would likely lead to : an improved 1 http://www.aniketos.eu/project
European Cyber Security Protection Alliance
Page 87 / 99
communication between academic and commercial entities in the field of
biometrics by providing a common basis for comparison, and an
improvement in the state-of-the-art for biometric systems by providing a fair
and centralized method to evaluate systems.
The standardization would include methods to evaluate :
- The performance (accuracy) of a biometric system.
- The vulnerability of a biometric system to direct attacks (spoofing) or
indirect attacks (hill-climbing attacks).
- The performance of privacy preservation techniques.
There will be three outcomes of this project. The first is that the reliability of
biometric systems will be measurable and thus should lead to a meaningful
increase in performance. The second is that technology transfer from
research to companies will be much easier as there will be an interoperable
framework. Finally, decision-makers and authorities will be informed about
the progress that is made in biometrics as the results will have an impact on
standards. Given these outcomes we expect that BEAT will significantly
contribute to the development of a European Identification Certification
System.
BIC.- Building International Cooperation for Trustworthy ICT: Security,
Privacy and Trust in Global Networks & Services.
The BIC project responds to FP7 Call 5 Objective ICT-2009.1.4
Trustworthy ICT, specifically d) Networking, Coordination and Support of
networking, road-mapping, coordination and awareness raising of
research and its results in trustworthy ICT with priority towards (vii)
International co-operation in fields where global action will create added
value.
With this Coordination Action, successful models developed by the
project partners will be used to engender co-operation of EU researchers
and program management in Trustworthy ICT with their peers in
countries who have already signed Science and Technology (ST)
agreements, namely Brazil, India and South Africa.
The objectives of the work performed by the proposed BIC project will
be:
1. Chart landscape and Initial EU alignment;
2. Prioritisation of the EU influenced vision and research directions
amongst the new countries (Brazil, India and South Africa), including
alignment of work programmes;
3. Global alignment, consensus and outreach of the visions and
challenges of all countries;
4. Definition of Tangible International Activities including success metrics
and setting up global projects.
BUTLER.- uBiquitous, secUre inTernet-of-things with Location and contExt-
awaReness
European Cyber Security Protection Alliance
Page 88 / 99
BUTLER will be the first European project to emphasise pervasiveness,
context-awareness and security for IoT. Through a consortium of leading
Industrial, Corporate R&D and Academic partners with extensive and
complementary know-how, BUTLER will integrate current and develop new
technologies to form a bundle of applications, platform features and services
that will bring IoT to life. For this purpose, BUTLER will focus on:
- Improving/creating enabling technologies to implement a well-
defined vision of secure, pervasive and context-aware IoT, where
links are inherently secure (from PHY to APP layers) applications cut
across different scenarios (Home, Office, Transportation, Health,
etc.), and the network reactions to users are adjusted to their needs
(learned and monitored in real time).
- Integrating/developing a new flexible smartDevice-centric network
architecture where platforms (devices) function according to three
smartMobile (users personal device) and smartServers (providers of
contents and services), interconnected over IPv6.
- Building a series of field trials, which progressively integrate and
enhance state-of-the-art technologies to showcase BUTLERs secure,
pervasive and context-aware vision of IoT. In addition to these R&D
innovations, BUTLER and its External Members Group will also
aggregate and lead the European effort in the standardisation and
exploitation of IoT technologies.
C-DAX.- Cyber-secure Data and Control Cloud for Power Grids
C-DAX exploits the properties of novel, information-centric networking (ICN)
architectures that are by design more secure, resilient, scalable, and flexible
than conventional information systems. C-DAX will be tailored to the specific
needs of smart grids for efficient support of massive integration of
renewables and a heterogeneous set of co-existing smart grid applications.
Realistic and pertinent use cases from different domains (low-voltage,
medium-voltage, and trading) will be used to guide the design and provide
validation criteria. Further, C-DAX will provide added value to current
protocols and data models used within the power systems domain for
monitoring and control purposes. C-DAX concepts will be proposed for
standardization and industry interest groups.
CAPITAL.- Cyber security research Agenda for PrIvacy and Technology
chALlenges
CAPITAL has been built around two pillars: coordinate European R&D efforts
in the cyber security domain and jointly address research and innovation
within an Integrated Research & Innovation Agenda. The project will
therefore cover two sub-bullets of the call objective.
CAPITAL is proposed by a strong consortium gathering nine representatives
from leading Industries and Research Organisations, well positioned -in
terms of networking, expertise and market outreach - in the cyber security
domain. CAPITAL complements the CYSPA project started on October 2012,
European Cyber Security Protection Alliance
Page 89 / 99
also coordinated by EOS which aims at defining an overall strategy and
creating a community of solution providers, Researchers and end-users to
enhance the industrial community to protect itself from cyber-disruptions
and support the European elaboration of regulations to enhance the overall
protection level.
CIRRUS.- Certification, InteRnationalisation and standaRdization in cloUd
Security.
Certification, InteRnationalisation and standaRdization in cloUd Security
(CIRRUS) aims to bring together representatives of industry organisations,
law enforcement agencies, cloud services providers, standard and
certification services organisations, cloud consumers, auditors, data
protection authorities, policy makers, software component industry etc. with
diverse interests in security and privacy issues in cloud computing.
CIRRUS project aims to provide "high-level, high-impact" support and
coordination for European ICT security research projects. Project activities
target joint standardization, certification schemes, link research projects with
EU policy and strategy, internationalization, as well as industry best practices
and public private cooperation initiatives.
CUMULUS.- Certification infrastrUcture for MUlti-Layer cloUd Services
CUMULUS will address the limitations of Cloud technologies by developing
an integrated framework of models, processes and tools supporting the
certification of security properties of infrastructure (IaaS), platform (PaaS)
and software application layer (SaaS) services in cloud. CUMULUS framework
will bring service users, service providers and cloud suppliers to work
together with certification authorities in order to ensure security certificate
validity in the ever-changing cloud environment.
CUMULUS will rely on multiple types of evidence regarding security,
including service testing and monitoring data and trusted computing proofs,
and based on models for hybrid, incremental and multi-layer security
certification. Whenever possible, evidence gathering will build upon existing
standards and practices (e.g., interaction protocols, representation schemes
etc.) regarding the provision of information for the assessment of security in
clouds.
To ensure large-scale industrial applicability, the CUMULUS framework will
be evaluated in reference to cloud application scenarios in some key
industrial domains, namely Smart Cities and eHealth services and
applications.
CUMULUS is aligned with the recommendations of a recent industrial
consultation to the European Commission which identified cloud certification
as an enabling technology for building trust for end users through the
deployment of standards and certification schemes relevant to cloud
solutions, and included it in the ten key recommendations and actions for a
cloud strategy in Europe.
European Cyber Security Protection Alliance
Page 90 / 99
COCKPITCI.- Cybersecurity on SCADA: risk prediction, analysis and reaction
tools for Critical Infrastructures.
The CockpitCI project aims on one hand to continue the work done in MICIE by refining and updating the on-line Risk Predictor deployed in the SCADA centre, on the other hand to provide some kind of intelligence to field equipment, allowing them to perform local decisions in order to self-identify and self-react to abnormal situations induced by cyber attacks.
The main expected result is the demonstration that the convergence among physical security, cyber security and business continuity is possible with positive fallouts for all the involved players. Benefits will arise from the security point of view thanks to the availability of a larger amount of field data, while, from the business point of view, a better real-time risk evaluation will allow a tailored definition of service level agreement and the avoidance of large domino effects.
DISASTER.- Data Interoperability Solution At Stakeholders Emergency
Reaction.
Design of a reference architecture to solve interoperability problems in data
exchange in SOA-based Emergency Management Systems (EMS), addressing
interdisciplinary environments at a European level.
- Designing and developing an integrative and modular interoperable data
model. This objective may be split into two sub-objectives :
• The core framework data model, common to every stakeholder
involved in emergency management.
• Complementary transversal (spatial and temporal) & vertical (domain-
specific) modules.
- Designing and developing mediation techniques, a set of bridges, enabling a
transparent integration of the data model within already-existing SOA-based
EMSs.
- Developing and executing a validation pilot phase in an actual environment,
based on a representative scenario, in order to get feedback from end-users,
and evaluating the project’s outcomes and their benefits to the European
multicultural domain related to emergency management.
The project’s target outcome is an integrative and modular ontology for
establishing a common knowledge structure between all the first responders
involved in an emergency, but being compliant with legacy international data
formats exchanged in the European Union as long as they are seamlessly
integrated within current SOA-based Emergency Management Systems.