Security Manager

Resilience against cyber-attacks is of paramount importance for all RECITALS components described above. To this end, the third module of RECITALS focuses exclusively on cyber-security. Based on a thorough analysis of logs and of the cyber-attacks targeting privacy-preserving identity management and data sharing systems, the Security Manager provides the following complementary components:

  1. The Cyber-threat Detector is equipped with state-of-the-art techniques for identifying potential cyber threats and attacks within the RECITALS platform of the following types:
    • (i) anomaly detection, which first establishes a baseline of normal activity within the RECITALS platform and then identifies deviations from this expected behavior.
    • (ii) signature-based detection, which leverages a database of known signatures to identify patterns associated with common cyber threats.
    • (iii) behavioral-based detection, which continuously monitors the behaviour of applications, components as well as the network traffic to identify potential cyber threats.
    • (iv) endpoint detection and response, which deploys software agents on endpoints to monitor activity for signs of cyber threats, isolate infected endpoints and collect forensic data for further analysis.
    • (v) security information and event management (SIEM), which involves collecting, analyzing, and correlating security events and incidents from various sources within the RECITALS platform. By consolidating and analyzing this information, SIEM solutions can identify patterns and anomalies that may indicate a cyber threat or breach. Note that these techniques can be used individually or in combination to provide comprehensive cyber threat detection and protection.

    Note also that most of them can be combined with machine and deep learning to learn to detect cyber threats from large volumes of data and identify potential cyber threats in real-time.

  2. The Cyber-threat Orchestration, Automation and Response component comprises state-of-the-art techniques for addressing the attacks identified by Cyber-threat Detector. These techniques rely on valuable threat intelligence from diverse sources, such as SIGMA rules, information from MITRE, and other open data Cyber Threat Intelligence (CTI) platforms. With the integration of the detection rules and the use of threat intelligence from diverse sources, this module enhances the ability to understand and respond to emerging threats and tactics. The results provide crucial insights into emerging threats and tactics.