CyberSANE enhances the security and resilience of Critical Information Infrastructures (CIIs) by providing a dynamic collaborative, warning and response system supporting and guiding security officers and operators to recognise, identify, dynamically analyse, forecast, treat and respond to advanced persistent threats (APTs) and handle their daily cyber incidents using structured and unstructured data such as logs, network traffic, or data coming from social networks.
CyberSANE introduces a holistic and privacy-aware approach in handling security incidents, addressing the complexity of these nets consisting of cyber assets hosted in cross-border, heterogeneous CIIs characterised by:
- Complex, highly distributed, and large-scale cyber systems, including IoT and cyber-physical with respect to the number of entities involved
- Heterogeneity of the underlying networks interconnecting the physical-cyber systems
- Different levels of exposure to attacks
CyberSANE components rely on existing systems and tools including security monitoring sensors, web mining and intelligence solution, security information and event management approaches developed by project’s partners that provide easy reconfigurable, flexible, adapted and modular environments which can be used as the basis to implement and integrate the main interrelated-elements of CyberSANE system.