Project SABU

At present, the protection of computer networks, provided services and users against cyber attacks is mostly assured by independent entities. These entities detect security incidents affecting the infrastructure operated and adopt countermeasures based on the results. Network operators, service providers and security teams share only a limited amount of information about the detected security events, incidents and attacks. Thus, such data are not fully exploited to protect the infrastructure as a whole.

The key objective of the project is to develop and launch a pilot system for efficient sharing of information about security events and their analysis between the security teams in the Czech Republic. It should enable predicting the development of the attacks in the future, thus mitigating the impact of any such attack on the national cyberspace. The system should enable timely exchange of information about the detected security events between the entities involved, including the Czech National and Government security teams. The system will analyse and provide valuable information about the current threats. Through the system, the collated information will be shared with the entities involved to enable them to build their defence against the imminent threat. The outcomes will also be used to monitor the trends which the threats are following in the national cyberspace, which may subsequently contribute to enhancing the Czech cyber-security system. Since sensitive data are transmitted between various entities, legal aspects of information sharing and use with respect of privacy protection also need to be addressed.

The project will also address possible correlations between certain types of security events originating in the national cyberspace. Further, correlations on the primary data obtained from the CESNET2 network (packets, flows, logs) will be analysed in order to verify the events, to enrich data mined and to calibrate the system. A possible method for the exploitation of the information gathered in averting the imminent attacks will be developed and tested.

Project goals:

When solving the SABU project, we build and use Warden and Mentat systems developed as a part of the CESNET Large Infrastructure and currently operated by the CESNET-CERTS security team to ensure security and data exchange in the CESNET’s e-Infrastructure.

SABU's roadmap

2019

Q2 2019 Production launch of SABU in the Czech Republic and abroad
Q1 2019 Parameter testing and optimisation, packet release

2018

Q1-4 2018 Implementation of the mitigation connectors for partner systems
Q1-4 2018 Implementation of the search for advanced details
Q1-4 2018 Implementation of advanced intelligent analysis including reputation

2017

Q4 2017 Launch of SABU with the partners
Q1-4 2017 Implementation of connectors to other commonly implemented systems
Q1-4 2017 Implementation of the search for details
Q1-4 2017 Implementation of intelligent analysis

2016

Q4 2016 Preparing connectors for project partners
Q3 2016 Assessment of the testing operation
Q2 2016 Involvement of project partners by means of mail reports
Q1 2016 First meeting with SABU partners

2015

Q2 2015 The SABU project was approved!!! (8 June)
Q1 2015 Launch of the Warden 3 system, release of Warden 3.0 packets
Q1 2015 Filing the application for the SABU project into Security Research Programme of the Czech Ministry of Interior

2014

Q4 2014 Finalising the SABU project’s application under the Security Research Programme of the Czech Ministry of Interior
Q4 2014 Release of the Warden 2.2 packets
Q3 2014 Creating a flexible data format IDEA

2013

Q4 2013 Release of the Warden 2.1 packets
Q3 2013 Release of the Warden 2.0 packets

2012

Q1 2012 Release of the Warden 1.2.0 packets
Q1 2012 Release of the Warden 1.1.0 packets
Q1 2012 Release of the Warden 0.1.0 beta

2011

Q3 2011 Warden project start