|Affiliation:||University of Oxford|
|Date:||Friday 24th November (Michaelmas Term 2017)|
|Location:||Tony Hoare Room, Robert Hooke Building|
PROTECTIVE is a cyber threat intelligence sharing platform being developed by a consortium of ten partners from eight European countries, including: three European National Research Educational Networks (NRENs – CESNET, PSNC and RoEduNet), three academic (Oxford, Athlone and Darmstadt) and four commercial partners (ITTI, GMV, Email Laundry and Synyo). The platform is a suite of threat intelligence sharing tools that aim at providing security teams with a greater context, threat and situational awareness, and thus improve an organisation's ongoing awareness of risks posed to it by attacks. Specifically, the platform is designed to provide solutions for public domain CSIRTs outside the mainstream of cyber security solution provision. Public CSIRTs needs arise in part because commercial tools do not address their unique requirements. This has created a shortfall, clearly articulated by ENISA, of tools with the required analytical and visualization capabilities to enable public CSIRTs to provide optimised services to their constituencies. In the PROTECTIVE project we investigate the state of the art in cyber threat intelligence generation and sharing, and are developing a solution to: enhance security alert correlation and prioritisation, link the relevance and criticality of an organisations assets to its business/mission, investigate how computational trust can be used in threat intelligence sharing, and finally establish a public CSIRT threat intelligence sharing community to leverage these solutions. In order to do so, we are studying the current technological and human factor challenges, and attempt to identify what has limited threat intelligence sharing tools from flourishing in the past. In this talk, I will outline project activities to date, and present our lessons learnt from the first year of research and development. I will also outline the key new capabilities of the platform, related to: threat intelligence aggregation, enrichment, sharing automation, community creation, trust computation (confidence in quality of the data, as opposed to trust in the transportation layer), and General Data Protection Regulation (GDPR) compliance.Find out more...