MENU

Development of security information management as a service to manage security in cloud infrastructures

C-sims brings event, threat, and risk data together to provide strong security intelligence, rapid incident response, seamless log management, and compliance reporting—delivering the context required for adaptive security risk management.

In the past few years, a stunning range of government agencies and prominent corporations have succumbed to stealthy, tailored cyberattacks designed to exploit vulnerabilities, disrupt operations and steal valuable information. Clearly current security systems are not up to the task of thwarting these advanced threats, since many of their victims had what they considered state of the art detection and prevention systems. These systems failed to stop or sense the presence of an attack on victims’ networks until the damage was done. Given today’s threat environment and the increasing openness and connectivity of digital infrastructures, security teams now realize that they must assume their IT environments are subject to periodic compromise. Gone are the days when preventive measures to secure the perimeter or trying to detect malware problems using signature-match technologies were enough. New practices based on an understanding of the phases of an attack, continuous threat monitoring, and rapid attack detection and remediation are required. To develop the visibility, agility and speed to deal with advanced threats, traditional security strategies for monitoring, often based around cloud-security information management systems(C-SIMS) need to evolve into a central nervous system for large-scale security analytics. In particular, four fundamental capabilities are required: • Pervasive visibility : Achieving the ability to know everything happening within IT environments requires fusing many data sources, including network packet capture and full session reconstruction, log files from network and host devices and external information such as vulnerability data. Threat indicators or other security intelligence. Centralized log collection is no longer enough. • Deeper analytics : Examining risks in context and comparing behavior patterns over time across disparate data sets improves the signal-to-noise ratio in detecting advanced threats, thus speeding time to resolution. - Massive scalability : Platforms collecting security data must expand in scale and scope to handle the deluge of information that’s increasingly needed for complete situational awareness. - Unified view and KPIs. : Consolidating security-related information in one place is crucial to investigating incidents in context and speeding decision making about prospective threats. The unified view should also enable compliance to be an outcome of a good security strategy, not a competitor to it. Security operations centers(SOCs) need advanced analytical tools that can quickly collect and sift through security data to present the most pressing issues in context. New security analytics platforms are emerging to handle all the functions of traditional security systems and far, far more - including speeding detection of advanced threats so organizations have a chance to stop covert attacks. • Goals - Develop a Security Operations Center comprising security and vulnerability management - Build a MSSP offer on top of the SOC to manage security (SecaaS) • Rationale - Existing offers of vulnerability assessment and SIEM do not cope with new cloud and container technologies - Enterprises are willing to outsource security to experts due to lack of skills and resources (SecaaS) - Develop an offer that offers security visibility and reporting to enterprises worldwide (C-level and not experts) - Partnership between a Korean and French company with upcoming US partner allows to reach a worldwide scope(365/7/24) - Meeting compliance requirements is fundamental in the market, helping companies to cope with the regulations burdens
Acronym: 
C-SIMS
Project ID: 
10 740
Start date: 
01-07-2016
Project Duration: 
36months
Project costs: 
2 670 000.00€
Technological Area: 
IT and Telematics technology
Market Area: 

Raising the productivity and competitiveness of European businesses through technology. Boosting national economies on the international market, and strengthening the basis for sustainable prosperity and employment.