PROTECTIVE: A European-Wide National Research Education Network Cyber Threat Intelligence Sharing Platform - Lessons Learnt To Date
- 14:00 24th November 2017 ( Michaelmas Term 2017 )Tony Hoare Room, Robert Hooke Building
PROTECTIVE is a cyber threat intelligence sharing platform being developed by a consortium of ten partners from eight European countries, including: three European National Research Educational Networks (NRENs – CESNET, PSNC and RoEduNet), three academic (Oxford, Athlone and Darmstadt) and four commercial partners (ITTI, GMV, Email Laundry and Synyo). The platform is a suite of threat intelligence sharing tools that aim at providing security teams with a greater context, threat and situational awareness, and thus improve an organisation's ongoing awareness of risks posed to it by attacks. Specifically, the platform is designed to provide solutions for public domain CSIRTs outside the mainstream of cyber security solution provision. Public CSIRTs needs arise in part because commercial tools do not address their unique requirements. This has created a shortfall, clearly articulated by ENISA, of tools with the required analytical and visualization capabilities to enable public CSIRTs to provide optimised services to their constituencies. In the PROTECTIVE project we investigate the state of the art in cyber threat intelligence generation and sharing, and are developing a solution to: enhance security alert correlation and prioritisation, link the relevance and criticality of an organisations assets to its business/mission, investigate how computational trust can be used in threat intelligence sharing, and finally establish a public CSIRT threat intelligence sharing community to leverage these solutions. In order to do so, we are studying the current technological and human factor challenges, and attempt to identify what has limited threat intelligence sharing tools from flourishing in the past. In this talk, I will outline project activities to date, and present our lessons learnt from the first year of research and development. I will also outline the key new capabilities of the platform, related to: threat intelligence aggregation, enrichment, sharing automation, community creation, trust computation (confidence in quality of the data, as opposed to trust in the transportation layer), and General Data Protection Regulation (GDPR) compliance.
Speaker bio
My research interests include (alphabetically listed) Computer Graphics, Cyber Security, Human Factors, Human Visual Perception, Rendering, Virtual Archaeology and Visualization. Most of my work concerns investigating novel visualization techniques for domain experts. I obtained my BSc (Hons) in Computing Science at the University of East Anglia in 2006, specialising in computer graphics. I then worked a year as an Intrusion Detection System (IDS) analyst. I began a PhD in Engineering at the University of Warwick in October 2007 where I developed a number of novel computer graphics techniques to document and reconstruct real-world heritage sites based on empirical evidence available today. I successfully defended my PhD in January 2012, and have since December 2011 worked at Computer Science at Oxford on security-related projects. In more recent years I have spent my research efforts on security analytics through visualization, covering topics such as threat modelling, situational awareness, risk propagation, decision support, privacy as well as cyber threat intelligence sharing.Share this:
