At present, the protection of computer networks, provided services and users against cyber attacks is mostly assured by independent entities. These entities detect security incidents affecting the infrastructure operated and adopt countermeasures based on the results. Network operators, service providers and security teams share only a limited amount of information about the detected security events, incidents and attacks. Thus, such data are not fully exploited to protect the infrastructure as a whole.
The key objective of the project is to develop and launch a pilot system for efficient sharing of information about security events and their analysis between the security teams in the Czech Republic. It should enable predicting the development of the attacks in the future, thus mitigating the impact of any such attack on the national cyberspace. The system should enable timely exchange of information about the detected security events between the entities involved, including the Czech National and Government security teams. The system will analyse and provide valuable information about the current threats. Through the system, the collated information will be shared with the entities involved to enable them to build their defence against the imminent threat. The outcomes will also be used to monitor the trends which the threats are following in the national cyberspace, which may subsequently contribute to enhancing the Czech cyber-security system. Since sensitive data are transmitted between various entities, legal aspects of information sharing and use with respect of privacy protection also need to be addressed.
The project will also address possible correlations between certain types of security events originating in the national cyberspace. Further, correlations on the primary data obtained from the CESNET2 network (packets, flows, logs) will be analysed in order to verify the events, to enrich data mined and to calibrate the system. A possible method for the exploitation of the information gathered in averting the imminent attacks will be developed and tested.
When solving the SABU project, we build and use Warden and Mentat systems developed as a part of the CESNET Large Infrastructure and currently operated by the CESNET-CERTS security team to ensure security and data exchange in the CESNET’s e-Infrastructure.
|Production launch of SABU in the Czech Republic and abroad
|Parameter testing and optimisation, packet release
|Implementation of the mitigation connectors for partner systems
|Implementation of the search for advanced details
|Implementation of advanced intelligent analysis including reputation
|Launch of SABU with the partners
|Implementation of connectors to other commonly implemented systems
|Implementation of the search for details
|Implementation of intelligent analysis
|Preparing connectors for project partners
|Assessment of the testing operation
|Involvement of project partners by means of mail reports
|First meeting with SABU partners
|The SABU project was approved!!! (8 June)
|Launch of the Warden 3 system, release of Warden 3.0 packets
|Filing the application for the SABU project into Security Research Programme of the Czech Ministry of Interior
|Finalising the SABU project’s application under the Security Research Programme of the Czech Ministry of Interior
|Release of the Warden 2.2 packets
|Creating a flexible data format IDEA
|Release of the Warden 2.1 packets
|Release of the Warden 2.0 packets
|Release of the Warden 1.2.0 packets
|Release of the Warden 1.1.0 packets
|Release of the Warden 0.1.0 beta
|Warden project start