Proactive Risk Management through Situation Awareness (PROTECTIVE)

Acronym: PROTECTIVE

Poskytovatel: European Union
Program: H2020
Identification number: 700071

Implementation period: 9/2016–8/2019

Coordinatior:
Velathlone Institute Of Technology
Number of partners: 10
Role of CESNET: partner
Manager for CESNET:
Andrea Kropáčová

PROTECTIVE was designed to improve an organisations ongoing awareness of the risk posed to its business by cyber security attacks. PROTECTIVE made two key contributions to achieve this enhanced situational awareness.

Firstly, it increased the computer security incident response team’s (CSIRT) threat awareness through improved security monitoring and increased sharing of threat intelligence between organisations within a community. Secondly, it ranked critical alerts based on the potential damage the attack can inflict on the threatened assets and hence to the organisations business. High impact alerts that target important hosts should have a higher priority than other alerts.

Through the combination of these two measures, organisations are better prepared to handle incoming attacks, malware outbreaks and other security problems and to guide the development of the prevention and remediation processes.

The PROTECTIVE system is designed to provide solutions for public domain CSIRTs and SME’s who both have needs outside the mainstream of cyber security solution provision. Public CSIRTs needs arose in part because commercial tools did not address their unique requirements. This has created a shortfall, clearly articulated by ENISA, of tools with the required analytical and visualisation capabilities to enable public CSIRTs provide optimised services to their constituency.

SME’s also are vulnerable to cybercrime as they have limited resources to protect themselves and often a limited understanding of what needs to be done. Two pilots were conducted to evaluate and validate the PROTECTIVE outcomes with CSIRTs from 3 National Research and Educational Networks (NRENs) and with SMEs via a managed security service provider (MSSP).

The PROTECTIVE consortium was constituted of 3 NRENs, 3 academic and four commercial partners from 8 countries so as to maximise the technical and commercial impact of the outputs and the dissemination and uptake of the results.

Project web site

Last change: 26.3.2020