Collaborative FleetStarted in December 2020
The goal of the Collaborative Fleet project is to use deception technology to generate, share, and consume threat intelligence (TI) related to cyber-attacks carried out against Dutch Financial organizations.
The envisioned solution helps resolving key issues of the current cybersecurity domain leveraging on proactive and offensive security to be one step ahead of the attackers, while generating actionable TI that is not available in the market. This new TI is then shared across all PCSI core partners.
Deception is a complex topic. During the Explore phase the project team looked at several different aspects of deception and tried to answer several questions: Which attackers are the most interesting ones based on missing TI information? How would those attackers commence an initial intrusion? How can one convince those attackers that an environment is realistic enough, such that they will reveal their TTPs and modus operandi?
During the explore phase and the first part of the Proof-of-Concept phase the project conducted a thorough market scan aimed at finding a commercial supplier for the creation of a joint research deception platform.
In the second part of the Proof-of-Concept phase we gained hands-on practical experience with deception technology through the research platform deployed by the vendor. In a number of iterative red-team exercises the project team will learnt and understood best ways to fine-tune the deception environment and how to make the environment realistic enough for an attacker to reveal their TTPs.
In the pilot phase, real world data which cannot be obtained from existing TI feeds, were collected and further analyzed.
In the exploit phase our innovative technical idea will be worked out into a real-world product, together with a complete business model canvas and a full-fledged business case.
This project is part of the trend