The CyberSANE System intends to be an innovative, knowledge-based, collaborative security and response dynamic system, capable of implementing all phases of the Cyber incident handling life-cycle for increasing the agility of the security professionals and encourage continuous learning.
Using a horizontal business logic, the CyberSANE system is composed by five components which integrate various existing tools provided by consortium partners to offer specific functionalities and features both, to the component and to the whole system. Additional business services such as advanced reports, notifications, and others, will be built upon the existing services in a unified way.
The CyberSANE Core interoperates with the so-called “CyberSANE Ecosystem”, an architectural layer hosting all project partners’ tools that provide a significant set of services and features for each of the main CyberSANE components:
- LiveNet (Live Security Monitoring and Analysis) capable of preventing and detecting threats and, in case of a declared attack, capable of mitigating the effects of an infection/intrusion. It serves as the interface between the underlying Critical Infrastructure and the CyberSANE system.
- DarkNet (Deep and Dark Web Mining and Intelligence) allows the exploitation and analysis of security, risks and threats related information embedded in User Generated Content (UGC) via the analysis of both the textual and meta-data content available from various electronic streams.
- HybridNet (Data Fusion, Risk Evaluation and Event Management) provides the intelligence needed to perform effective and efficient analysis of a security event based on one hand on information derived and acquired by the LiveNet and DarkNet components; and on the other on information and data produced and extracted from itself. It consists of three main elements: Anomaly Detection Engine, Incident Analysis & Respond, and Decision-Making, Warning and Notification.
- ShareNet (Intelligence and Information Sharing and Dissemination) provides the necessary threat intelligence and information sharing capabilities within the CIIs and with other involved parties, allowing them to determine the trustworthiness of each information sources, and also identify them, as soon as the data is received.
- PrivacyNet (Privacy & Data Protection Orchestrator) manages and orchestrates the application of the innovative privacy mechanisms and maximizes achievable levels of confidentiality and data protection towards compliance with the highly-demanding provisions in the GDPR in the context of protecting sensitive incident-related information within and outside CIIs.