ABSTRACT
CERT-EU's mission is to enhance the security of the information and communications technology infrastructure of the EU institutions, bodies and agencies (its 'constituents'). It supports incident prevention, detection, mitigation and response by acting as the cyber-security information exchange and incident response coordination hub for its constituents. It is based in Brussels. Collecting and managing cyber threat information and using it in the detection infrastructure is key in risk mitigation strategies. Information exchange with external and internal partners is crucially important to realize the potential added value. CERT-EU actively and intensively engages in cooperation and partnerships with its peers and partners in the IT community and as such it is recognised as a leading player in information exchange, both on the theoretical level as in its real world implementation. CERT-EU has also made important advances in the way it exchanges information with its constituents to make the information actionable, relevant, useful and specific and to avoid as much noise and false positives as possible.
A good understanding of the specific threats at any given moment increases the chances of mitigation. An organization may be more concerned by cyber-threats targeting its sector, its supply chain or its geographical area and it may handle in priority cyber-threats potentially causing the most damage, being the most persistent or having a specific motivation. Monitoring these aspects and acting accordingly allows organizations to mitigate the threats that are the most pertinent at a given time. As cyber threat information sharing matures, it is necessary to consider how it should be optimized and what it should deliver on the consuming end. This implies that information exchange should meet minimal quality criteria in terms of contextualization, timeliness and actionability.
Faced with an extremely dynamic cyber-threat landscape, the challenge is also to automate information sharing and make it immediately actionable. But in addition, the process should also include escalation and alerting functions to trigger immediate attention to the most severe of threats.
The talk will highlight the insights derived from CERT-EU practical experience in the past few years, presenting concrete success factors for cyber threat information exchange. It will also highlight some remaining challenges and unresolved problems.
- Contextualised and actionable information sharing within the cyber-security community -- Frédéric Garnier -- CERT-EUGoogle Scholar
Index Terms
- Real World Information Exchange: Challenges and Insights
Recommendations
Securing Legacy Software against Real-World Code-Reuse Exploits: Utopia, Alchemy, or Possible Future?
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications SecurityExploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over two decades and no end seems to be in sight. Since performance and backwards compatibility trump security concerns, popular programs such as web ...
AdvSQLi: Generating Adversarial SQL Injections Against Real-World WAF-as-a-Service
As the first defensive layer that attacks would hit, the web application firewall (WAF) plays an indispensable role in defending against malicious web attacks like SQL injection (SQLi). With the development of cloud computing, WAF-as-a-service, as one ...
Evolving sharing strategies in cybersecurity information exchange framework
GECCO '17: Proceedings of the Genetic and Evolutionary Computation Conference CompanionCybersecurity information sharing among participating organizations proactivly helps defend against attackers. However, such sharing also exposes potentially sensitive organizational information. We attack the problem of finding sharing incentives and ...
Comments