HybridNet provides the intelligence needed to perform effective and efficient analysis of security events, based on the analysis on the information produced internally within the component, and on information and data derived and acquired by other CyberSANE components, and especially the LiveNet and DarkNet components.
HybridNet analyse a large amount of data delivered from all the other components of the system to further evaluate and correlate attack-related patterns associated with specific malicious or anomalous activities. This component also investigates security incidents to identify, evaluate and propose mitigation steps for all vulnerabilities threats and risks associated within Critical Information Infrastructures (CIIs).
The L-ADS (Live Anomaly Detection System) is a real-time network traffic monitoring and anomaly detection tool with novel Machine Learning capabilities which can perform deep-packet inspection using its information for correlation of attacks in communications based cyberthreats from Atos.
The tool provides CyberSANE capabilities to collect and analyse information for each asset of an environment, thus being able to detect identify compromised assets.
OLISTIC is a web-based software solution designed to enable organizations to achieve all the benefits possible from an enterprise risk management process by Ubitech. It has a friendly and intuitive user interface and supports multiple risk management domains. Its rich risk scenario library enables it to be easily configured by business process owners. This offers significant time savings and reduced total cost of ownership over bespoke and toolkit-based solutions.
OLISTIC enables the management of risks across all operational domains of the company while providing advanced features for:
- Risk assessment execution and comparative analysis
- Advanced asset management
- Automated IT asset discovery and vulnerability identification
- Risk scenario library and mitigating controls
CARMEN, Centre of Log Analysis and Mining of Events, is a tool developed by the National Cryptologic Centre and the company S2Grupo to identify compromises by advanced persistent threats (APTs), and is the first tool based on Spanish technology and know-how.
CARMEN tool collects, processes and analyses information to generate intelligence mainly from the network traffic. It is made up of agents that compile traffic flows (collection elements), a database engine where information is inserted and a web application that allows representing and checking the collected information so that analysts can work on it and make decisions based on the results provided by the tool.
The data sources which CARMEN is able to work with are:
- Proxy logs
- Passive HTTP
- Passive DNS
- Passive SMTP
- Monitoring and storage of IPC data
CARMEN allows applying predefined rules to every data source to detect undue use and, particularly, to detect significant anomalies (statistics, text chains, temporary series and based on knowledge) that may indicate that the organization has been compromised, and to define and integrate know-how in the tool, ranging from IOC to conditions of the anomaly.
In addition to the persistence stage, CARMEN provides capabilities to detect the threat at the intrusion stage, mainly anomaly conditions to detect common mechanisms of entry, such as watering hole or exploit kits, and deployment and integration of sandboxing capabilities to detect spear phishing.