PROTECTIVE is designed to improve an organisations ongoing awareness of the risk posed to its business by cyber security attacks. PROTECTIVE makes two key contributions to achieve this enhanced situational awareness. Firstly it increases the computer security incident response team’s (CSIRT) threat awareness through improved security monitoring and increased sharing of threat intelligence between organisations within a community. Secondly it ranks critical alerts based on the potential damage the attack can inflict on the threatened assets and hence to the organisations business. High impact alerts that target important hosts will have a higher priority than other alerts. Through the combination of these two measures organisations are better prepared to handle incoming attacks, malware outbreaks and other security problems and to guide the development of the prevention and remediation processes. The PROTECTIVE system is designed to provide solutions for public domain CSIRTs and SME’s who both have needs outside the mainstream of cyber security solution provision. Public CSIRTs needs arise in part because commercial tools do not address their unique requirements. This has created a shortfall, clearly articulated by ENISA, of Tools with the required analytical and visualisation capabilities to enable public CSIRTs provide optimised services to their constituency. SME’s also are vulnerable to cybercrime as they have limited resources to protect themselves and often a limited understanding of what needs to be done. Two pilots will be conducted to evaluate and validate the PROTECTIVE outcomes with CSIRTs from 3 National Research and Educational Networks (NRENs) and with SMEs via a managed security service provider (MSSP). The PROTECTIVE consortium is constituted of 3 NRENs, 3 academic and four commercial partners from 8 countries so as to maximise the technical and commercial impact of the outputs and the dissemination and uptake of the results.

R. Vanickis, P. Jacob, and B. Lee, “Access Control Policy Enforcement for Zero-Trust- Networking,” in 29th Irish Signals and Systems Conference 2018, 2018.

F. R. L. Silva and P. Jacob, “Mission-Centric Risk Assessment to Improve Cyber Situational Awareness,” in Proceedings of the 13th International Conference on Availability, Reliability and Security – ARES 2018, 2018.

J. Happa, N. Moffat, M. Goldsmith, and S. Creese, “Run-Time Monitoring of Data-Handling Violations,” in SECPRE – ESORICS International Workshop on Security and Privacy Requirements Engineering, 2018, pp. 1–20.

L. Böck, E. Vasilomanolakis, M. Mühlhäuser, and S. Karuppayah, “Next Generation P2P Botnets : Monitoring under Adverse Conditions,” in International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2018.

N. Alexopoulos, E. Vasilomanolakis, N. R. Ivanko, T. Frieß, and M. Mühlhäuser, “TRIDEnT: Trustworthy collaboRative Intrusion DETection,” USENIX Secur. Symp. 2017 Poster Sess. 2017.

N. Alexopoulos, E. Vasilomanolakis, N. R. Ivanko, and M. Muhlhauser, “Towards Blockchain-Based Collaborative Intrusion Detection Systems,” 2017.

J. Happa, J. Nurse, M. Goldsmith, and S. Creese, “An Ethics Framework for Research into Heterogeneous Systems,” Researchgate.Net, pp. 1–8.

B. Lee, R. Vanickis, F. Rogelio, and P. Jacob, “Situational Awareness based Risk-adaptable Access Control in Enterprise Networks,” in Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security, 2017, vol. 283, pp. 400–405.

E. Vasilomanolakis, S. M. Habib, P. Milaszewicz, R. S. Malik, and M. Mühlhäuser, “Towards trust-aware collaborative intrusion detection: Challenges and solutions,” IFIP Adv. Inf. Commun. Technol., vol. 505, pp. 94–109, 2017.

E. Vasilomanolakis, N. Sharief, and M. Max, “Defending Against Probe-Response Attacks.”

E. Vasilomanolakis, M. Stahn, C. G. Cordero, and M. Muhlhauser, “On probe-response attacks in Collaborative Intrusion Detection Systems,” 2016 IEEE Conf. Commun. Netw. Secur. CNS 2016, pp. 279–286, 2017.