Collaborative FleetStarted in December 2020
The goal of the Collaborative Fleet project is to use deception technology to generate, share, and consume threat intelligence (TI) related to cyber-attacks carried out against Dutch Financial organizations.
The envisioned solution helps resolving key issues of the current cybersecurity domain leveraging on proactive and offensive security to be one step ahead of the attackers, while generating actionable TI that not available on the market at the same time. The new TI is then shared across all PCSI core partners.
Deception is a complex topic. During the Explore phase the project team looked at several different aspects of deception and tried to answer several questions. Which attackers are the most interesting ones based on missing TI information? How would those attackers commence an initial intrusion? How can one convince those attackers them that an environment is realistic enough, such that they will reveal their TTPs and modus operandi?
As part of the Explore phase we also conducted a thorough market scan of active defense solutions available on the market and selected two vendors of such solutions who are willing to collaborate in the research work of the Collaborative Fleet project.
During the Proof-of-Concept phase the project will gain hands-on practical experience with deception technology through the products made available by the vendors. The team will learn and understand the best ways to setup a deception environment and how to make it realistic enough for an attacker to reveal their TTPs. Finally, the team will study the quality of TI data relevant to Dutch Financial Organizations originating from the deception environment, and which cannot be obtained from existing TI feeds.
This project is part of the trend
Transition to predictive technologies
In the past, security defences were built around preventive measures. This was complemented with monitoring & reponse, to be able to detect attacks that circumvented preventive measures. But the gap between attackers' odds and defenders' strategy is still growing. That is why we also have to make use of predictive technologies to be able to better prepare for the next attacks. This becomes increasingly important in the face of more sophisticated attacks.