The main results emanating from this project will be the design and implementation of several components:
- Techniques and tools for analysing, evaluating and guiding the optimal deployment of diverse security mechanisms in the managed infrastructure, including multi-level risk-based metrics. (see leaflet)
- An OSINT-based security threat predictor. (see leaflet)
- A rich set of enhanced interactive visualisations for improving the quality of the decision support of security analysts operating a SIEM.
- A framework for deploying diverse and redundant sensors.
- A novel application-based anomaly detector for complementing other sensors and detect fraud in application servers. (see leaflet)
- Components that allow for long-term event archival in diverse clouds. (see leaflet)
By choosing the extension approach instead of developing a new SIEM (or expecting vendors to change their systems to accommodate our enhancements), we expect to foster innovation much faster, and maximize the impact and business potential of the project results.