PROTECTIVE is designed to improve organizations’ ongoing awareness of the risk posed to its business by cyber security attacks. PROTECTIVE makes two key contributions to achieve this enhanced situational awareness. Firstly it increases the computer security incident response team’s (CSIRT) threat awareness through improved security monitoring and increased sharing of threat intelligence between organizations within a community. Secondly it ranks critical alerts based on the potential damage the attack can inflict on the threatened assets and hence to the organizations’ business. High impact alerts that target important hosts will have a higher priority than other alerts. Through the combination of these two measures organizations are better prepared to handle incoming attacks, malware outbreaks and other security problems and to guide the development of the prevention and remediation processes.
The PROTECTIVE system is designed to provide solutions for public domain CSIRTs and SME’s who both have needs outside the mainstream of cyber security solution provision. Public CSIRTs needs arise in part because commercial tools do not address their unique requirements. This has created a shortfall, clearly articulated by ENISA, of tools with the required analytical and visualization capabilities to enable public CSIRTs provide optimized services to their constituency. SME’s also are vulnerable to cybercrime as they have limited resources to protect themselves and often a limited understanding of what needs to be done. Two pilots will be conducted to evaluate and validate the PROTECTIVE outcomes with CSIRTs from 3 National Research and Educational Networks (NRENs) and with SMEs via a managed security service provider (MSSP).
The PROTECTIVE consortium is constituted of 3 NRENs, 3 academic and four commercial partners from 8 countries so as to maximize the technical and commercial impact of the outputs and the dissemination and uptake of the results.