At a glance, PROTECTIVE is designed to improve organizations’ ongoing awareness of the risk posed to its business by cyber security attacks. The project makes two key contributions to achieve enhanced situational awareness. First, it increases the computer security incident response team’s (CSIRT) threat awareness through improved security monitoring and increased sharing of threat intelligence between organizations within a community. Second, it ranks critical alerts based on the potential damage the attack can inflict on the threatened assets and hence to the organizations’ business. Alerts indicating a potential impact targeted important hosts will have a higher priority than other alerts. Through the combination of these two measures organizations are better prepared to handle incoming attacks, malware outbreaks and other security problems and to guide the development of the prevention and remediation processes. The PROTECTIVE system is designed to provide solutions for public domain CSIRTs and SMEs who both have needs outside the mainstream of cyber security solution provision. Public CSIRTs’ needs arise in part because commercial tools do not address their unique requirements. This has created a shortfall, clearly articulated by ENISA, of tools with the required analytical and visualization capabilities to enable public CSIRTs provide optimized services to their constituency. In addition, SMEs are vulnerable to cyber-attacks as they have limited resources to protect themselves and often a limited understanding of what needs to be done. Two pilots will be conducted to evaluate and validate the PROTECTIVE outcomes with CSIRTs from three NRENs and with SMEs via a Managed Security Service Provider (MSSP).
Technische Universität Darmstadt focuses on improving the management and sharing of threat intelligence within the community of NREN CERTS. This task is mainly executed in the Work Package (WP) 5. In particular, TU Darmstadt contributes their expertise of computational trust management for the purpose of assessing and visualizing the quality of threat intelligence.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 700071. The PROTECTIVE consortium is constituted of three National Research and Education Networks (NRENs), three academic and four commercial partners from eight countries so as to maximize the technical and commercial impact of the outputs and the dissemination and uptake of the results.