Organisations large and small, public, private or commercial have become increasingly dependent on networks and computer systems to support their business operations and services. Unfortunately, as this dependency has grown, so too have the motives and capabilities of cyber adversaries to attack these networks and computer systems. Regardless of their motives, cyber attackers are often able to penetrate networks and computer systems to extract valuable information (theft), tamper with the accuracy of the information (manipulation) and overload or otherwise prevent access to needed services and systems (denial of service). Any of such tactics used by the cyber adversaries can have significant negative impacts on an organisation's business, reputation and liabilities. In the era of open networks and platforms, pioneered by paradigms such as the internet, web services, cloud computing and mobile computing, attacks find more venues to exploit the complexity and scale of use to cause increasingly substantial damages.
According to the Centre for Strategic and International Studies, Continuous Vulnerability Assessment and Remediation as well as having an operational Incident Response Capability are identified as two of the Twenty Critical Security Controls for Effective Cyber Defense. However, despite the need for these capabilities, commercial solutions do not meet the challenging demands of modern networks and systems including:
- Accurate identification and capture of the mission or business process dependencies on supporting networks and systems in a repeatable manner;
- Automated calculation of the priority systems to defend based on mission or business process priorities and a complete mapping of the supporting networks and systems;
- Automated collection and correlation of system configuration, status and events from multiple sources;
- Automated collection and correlation of cyber security system data (e.g., vulnerability scanner data, intrusion detection system data) from multiple sources;
- Automated assessment of mission or business process risks in response to the dynamic nature of the networks, systems and threats; and
- Automated development of prioritized risk response activities (courses of action) including prioritization of proactive mitigation actions in response to known vulnerabilities and reactive mitigation actions in response to identified cyber incidents.
The PANOPTESEC consortium will deliver a beyond-state-of-the-art prototype of a cyber defence decision support system, demonstrating a risk based approach to automated cyber defence that accounts for the dynamic nature of information and communications technologies (ICT) and the constantly evolving capabilities of cyber attackers.
"Panoptes" is an ancient Greek term meaning "all eyes" or "all seeing". This term has incorporated into the project name to represent the PANOPTESEC consortium because the overall goal of the PANOPTESEC project is to deliver a continuous cyber security monitoring and response capability.
Organizations have become increasingly dependent on networks and computer systems to support their business operations and services. Unfortunately, as this dependency has grown, the motives and capabilities of cyber adversaries to attack these systems are also increasing. Attackers are often able to penetrate computer systems to extract sensitive information, tamper with accuracy of the information and prevent access to essential services. Given the organizational dependency on the systems and services, any one of these tactics can have significant negative impacts on an organization's business capabilities, reputation and liabilities. In the era of open networks and platforms, attackers continue to find more venues to exploit these systems to cause substantial damage.
Despite the well-known need for continuous monitoring of ICT systems to detect vulnerabilities and attacks, as well as the need for rapid incident response, commercial solutions do not meet the demands of modern networks and systems. The PANOPTESEC prototype will address these challenges by proactively and reactively evaluating system weaknesses, identifying potential attack paths, providing a list of prioritized response actions, and delivering a means to execute these responses; all supported by automated analysis engines. The resulting PANOPTESEC prototype will provide a continuous monitoring and response capability to prevent, detect, manage and react to cyber incidents in real-time. The near market-ready system will support breach notifications and improve situation awareness while supporting the decision-making process required by security personnel. PANOPTESEC will deliver this capability through an integrated and modular, standards-based integration of technologies that will collectively deliver the required capabilities.
This project is funded by the Seventh Framework Programme (FP7) of the European Commission (GA 610416).