Collaborative FleetStarted in December 2020
The goal of the Collaborative Fleet project is to use deception technology to generate, share, and consume threat intelligence (TI) related to cyber-attacks carried out against Dutch Financial organizations.
The envisioned solution helps resolving key issues of the current cybersecurity domain leveraging on proactive and offensive security to be one step ahead of the attackers, while generating actionable TI that not available on the market at the same time. The new TI is then shared across all PCSI core partners.
Deception is a complex topic. During the Explore phase the project team looked at several different aspects of deception and tried to answer several questions: Which attackers are the most interesting ones based on missing TI information? How would those attackers commence an initial intrusion? How can one convince those attackers them that an environment is realistic enough, such that they will reveal their TTPs and modus operandi?
During the explore phase and the first part of the Proof-of-Concept phase the project conducted a thorough market scan aimed at finding a commercial supplier for the creation of a joint research deception platform.
In the second part of the Proof-of-Concept phase we gained hands-on practical experience with deception technology through the research platform deployed by the vendor. In a number of iterative red-team exercises the project team will learn and understand the best ways to fine-tune the deception environment and how to make the environment realistic enough for an attacker to reveal their TTPs.
The project entered in December 2021 its pilot phase, in which real world data relevant to Dutch Financial Organizations, and which cannot be obtained from existing TI feeds, will be collected.
At the end of March 2022 the project will undergo the scrutiny of the PCSI dragons one more to know whether it will enter the exploit phase. In the exploit phase our innovative technical idea will be worked out into a real-world product, together with a complete business model canvas and a full-fledged business case.
This project is part of the trend
Transition to predictive technologies
In the past, security defences were built around preventive measures. This was complemented with monitoring & response, to be able to detect attacks that circumvented preventive measures. But the gap between attackers' odds and defenders' strategy is still growing. That is why we also have to make use of predictive technologies (based on deep or reinforcement learning algorithms) to be able to better prepare for sophisticated attacks, and to support predictive or 'smart' decision making in cybersecurity or proactive risk management regarding cyberthreats.