The CyberSANE platform realizes the proper implementation of six main and core structural elements / components:
- The Live Security Monitoring and Analysis (LiveNet), which is the component capable of preventing and detecting threats, providing to security professionals insights and a track record of the activities within their Information Technology environment
- The Deep and Dark Web Mining and Intelligence (DarkNet), which allows the exploitation and analysis of security risks and threats related information from the deep and dark Web
- The Data Fusion, Risk Evaluation and Event Management (HybridNet), which provide the intelligence needed to perform effective and efficient analysis of security events. This can be achieved based on one hand on information; produced and extracted from itself, and on the other on information and data derived and acquired by the LiveNet and DarkNet components
- The Intelligence and Information Sharing and Dissemination (ShareNet), which provides the necessary threat intelligence and information sharing capabilities of the critical infrastructure with other external parties that the Critical Infrastructure would like to involve, allowing them to determine the trustworthiness of each information sources
- The Privacy & Data Protection (PrivacyNet) Orchestrator, which is responsible of managing and orchestrating the application of the required privacy mechanisms, maximizing achievable levels of confidentiality and data protection
- The CyberSANE central Component, which stands in the middle of all CyberSANE services and system blocks, implementing a set of services for the web applications and the integration services required with all the tools that reside within the CyberSANE ecosystem.
This centralized element is a componentized module, enabling the interoperation of the core CyberSANE platform with every specific tool available. It actually consists of 5 concrete and custom sub-adapters, LiveNet, DarkNet, HybridNet, ShareNet, and PrivacyNet.
Each one of the aforementioned sub-modules serves as a broker middleware, which ensures that:
- Each available tool from the CyberSANE Ecosystem is successfully integrated within the CyberSANE core component
- All received messages are properly transformed and forwarded to other internal CyberSANE core modules for further processing. This is achieved by invoking multiple internal modules and aggregating the results.
- Routing functionalities (“from” and “to” the CyberSANE core component) are properly executed.
Therefore, it meets the basic CyberSANE integration needs, and tries to “standardize” a more concrete integration model and architecture for each CyberSANE component, since the list of resources (tools and systems) may be bigger in the near future. In addition, this broker model enables the provision of monitoring and auditing functions and trails to support both offline analysis and real-time troubleshooting.