UBITECH participates in the virtual kick-off meeting, hosted by the DBC EUROPE (September 16-17, 2020), of the PALANTIR Innovation Action, officially started on September 1st, 2020. The project is funded by European Commission under Horizon 2020 Programme (Grant Agreement No. 883335) and spans on the period September 2020 – August 2023. PALANTIR aims at bridging the gap between large enterprises and SMEs/MEs, by providing multi-layered, infrastructure-wide threat monitoring, cyber-resiliency and knowledge sharing in a heterogeneous ecosystem, while at the same time being able to market these services to third parties in the form of Security-as-a-service (SECaaS). PALANTIR will implement a coherent privacy assurance, data protection, incident detection and recovery framework, focusing on the case of highly dynamic service-oriented systems and networks, taking advantage of their inherent programmability features and abstractions. PALANTIR will also focus on cyber-resiliency leveraging the features of service-oriented systems key building features by a) applying and exploiting Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) technologies; b) considering emerging paradigms such as the application of scalable artificial Intelligence, standardization and threat-sharing techniques to risk analysis, network operation, monitoring and management and c) ensuring the SME’s compliance with the relevant data privacy and protection regulations in the data breach age, implementing the «Privacy by Default» and the «Privacy by Design» principles on how personal data is collected, used, transferred and stored between 3rd party businesses and entities.
As a matter of fact, PALANTIR creates a technical framework enabling the provision of next-generation, cost-effective Security-as-a-Service (SecaaS) services to SMEs and MEs, by leveraging and improving novel technologies such as: (a) Network Function Virtualisation, Security Orchestration and Remote Attestation, to create low cost Security-as-a-Service (SecaaS): three delivery modes are foreseen for PALANTIR. Cloud SecaaS follow in the model of hosted Managed Security Services, Lightweight SecaaS are deployed in a standalone device at the premises of the client following the model of Customer Premises Equipment (CPE), and Edge SecaaS are hosted at the network edge following the paradigm of Multi-Access Edge Computing. The variety of delivery modes provides variety of choice to the SecaaS clients; (b) Distributed collection, Machine Learning and Policy-based remediation to create improved threat intelligence with live threat sharing: Anonymised threat data and high-level remediation policies can propagate through SecaaS clients. High-level policies can be translated locally to actionable security rules for each client, providing near-instantaneous protection from a newly discovered threat. (c) Multi-attribute risk assessment, cost/benefit forecasts and a novel Service Catalogue to link risk assessment with the service market and ensure that clients are matched with appropriate solutions within their budget and tailor-made to their needs. The Service Catalogue democratizes access to multiple service developers.
Within PALANTIR, the involvement of UBITECH has a two-fold focus: (a) to design and implement the searchable, trusted PALANTIR Secure Services Catalogue that is going to host the set of security services and VNFs to be designed, implemented and used within the project. The stored software is going to be associated with provided metadata -mainly in the form of descriptors, Docker templates and other yaml manifests- that can be valuable towards the optimal usage and deployment of the available services/functions; and (b) to design and implement the PALANTIR Security Dashboard, including all related threat sharing and reporting capabilities, with real-time information, depicting the current status of the infrastructure as well as any identified problems and alerts. The Dashboard will also expose an IoC database, allowing storage and communication of technical and non-technical information about malware samples, incidents, attackers and intelligence using standardized formats (e.g. STIX, TAXII, CybOX, ETSI CYBER, thus facilitating knowledge sharing with CERTs/CSIRTs.
