Posted on

UBITECH kicks off the CyberSANE Innovation Action on cybersecurity incident handling, warning and response

UBITECH is participating at the kick-off meeting, in Heraklion, Greece (September 10-11, 2019), of the CyberSANE Innovation Action, officially started on September 1st, 2019. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 833683) and spans on the period September 2019 – August 2022. The CyberSANE project intends to improve the detection and analysis of cyber-attacks and threats on Critical Information Infrastructures (CIIs), increases the knowledge on the current cyber threat landscape and supports human operators (such as Incident Response professionals) to dynamically increase preparedness, improve cooperation amongst CIIs operators, and adopt appropriate steps to manage security risks, report and handle security incidents. Moreover, CyberSANE is fully in-line with relevant regulations (such as the GDPR and NIS directive), which requires organizations to increase their preparedness, improve their cooperation with each other, and adopt appropriate steps to manage security risks, report and handle security incidents.

In particular, CyberSANE will develop a system that addresses both technical and congitive challenges related to identification, prevention and protection against attacks. At technical level, the CyberSANE system will collect, compile, process and fuse attack related data from multiple perspective, through its main four components: The Live Security Monitoring and Analysis (LiveNet) component, the Deep and Dark Web mining and Intelligence (DarkNet) component, the Data Fusion, Risk Evaluation and Event Management (HybridNet) component and the Intelligent and Information Sharing and Dissemination (ShareNet) component. From a cognitive perspective, the system will enable decision makers (e.g. incident response professionals) to better understand understand the technical aspects of an attack and draw conclusions on how to respond.

Within CyberSANE, UBITECH is one of the main technology providers to work towards the implementation of LiveNet that constitutes an advanced and scalable Live Security Monitoring and Analysis component capable of preventing and detecting threats and, in case of a declared attack, capable of mitigating the effects of an infection/intrusion. The main objective of this component is to implement the Identification, Extraction, Transformation, and Load process for collecting and preparing all the relevant information, serving as the interface between the underlying CIIs and the CyberSANE system. To this end, this component includes proper cyber security monitoring sensors including network-based Intrusion Detection Systems (IDS), innovative Anomaly detection modules and endpoint protection solutions for accessing and extracting information, on a real-time basis, in order to detect complex and large-scale attacks such as Advanced Persistent Threats (APTs).

Moreover, UBITECH is one of the core partners developing the Deep and Dark Web mining and intelligence (DarkNet) component that provides the appropriate Social Information Mining capabilities that will allow the exploitation and analysis of security, risks and threats related information embedded in user-generated content (UGC). This will be achieved via the analysis of both the textual and meta-data content available from such streams. Textual information will be processed to extract data from otherwise disparate and distributed sources that may offer unique insights on possible cyber threats

Finally, UBITECH participates in the development of the Data Fusion, Risk Evaluation and Event Management (HybridNet) component that provides the intelligence needed to perform effective and efficient analysis of a security event based on: (i) information derived and acquired by the LiveNet and DarkNet components; and (ii) information and data produced and extracted from this component. In particular, HybridNet component retrieves incidents-related data via the LiveNet component from the underlying CIIs and data from unstructured and structured sources (e.g. from Deep and Dark Web) consolidated in a unified longitudinal view which are linked, analyzed and correlated in order to achieve semantic meaning and provide a more comprehensive and detailed view of the incident.