Activity data can bring great value when they are not left to linger in databases. The ATracker is a data analytics suite developed by SUITE5 that offers exactly this; it enables users to unveil patterns hidden in activity data through intuitive visualisations and analytics. During the past years however, cyber-attackers have also seen the potential of these data for their own benefit, and exploit the weaknesses of commonly used technologies in the area of data management (e.g., IoT, cloud infrastructures and Machine Learning).

PUZZLE x ATracker for advanced cybersecurity

The effort, resources and expertise required to design and put into action suitable, holistic cybersecurity strategies make cybersecurity still a challenge for the majority of SMEs. This was also the case for SUITE5, as most of the development effort and expertise focused on the core of the ATracker functionality, thus leaving it vulnerable to hackers.

In the context of PUZZLE, the holistic policy-based PUZZLE cybersecurity framework was onboarded on the ATracker infrastructure, to safeguard its perimeter.

From a technical point of view a variety of services that utilise the latest advancements in cybersecurity research and state-of-the-art have been employed, including:

• vulnerabilities and risk assessment at design-time and run-time, to always be aware of vulnerabilities in the ATracker and take the appropriate measures.
• cybersecurity analytics, to handle unwanted activity based on defined rules, and signify any suspicious activity using machine learning for malicious behaviour detection.
• trust assurance services that identify any alteration in the ATracker Hub services and send the appropriate signals so that any data exchange with the affected service ‘freezes’ until the service is restored back to a trustworthy state.

As people are also a crucial part of a cybersecurity strategy, focus was put on the aspects of enhancement of the personnel’s cybersecurity awareness and experiencing the overall process of PUZZLE service selection, onboarding and monitoring:

• semi-automated deployment of services allowed the minimisation of manual involvement through the interplay with the PUZZLE Marketplace and easy policy template configuration.
• recommendation services to easily identify the most appropriate policies for the ATracker at infrastructure or application level, based also on the results of the risk assessment process.
• enhancement of the personnel’s situational awareness regarding the status of the ATracker and any identified attacks and the applied mitigation actions, with the visualisation and alerting features provided through the PUZZLE Dashboard.
• collective intelligence sharing with other organisations participating in the PUZZLE ecosystem, for the identification of incidents and vulnerabilities that could be potentially relevant also to the ATracker.

In retrospective

The experimentation with the PUZZLE Framework ran in two iterations during the course of the PUZZLE project. The new features developed by PUZZLE were added gradually to the ATracker – PUZZLE setup, and were demonstrated following the use cases designed to highlight at the same time both the diverse cybersecurity needs of the ATracker and the offerings of PUZZLE.

The overall experience of the interplay between the ATracker and the PUZZLE Framework was very positive.

• The security guards of the ATracker were upscaled, leading to the establishment of trusted connections and data exchanges with high privacy and security guarantees and the timely identification and response to cybersecurity incidents.
• The overall design of the PUZZLE solution made it easily accessible and usable even by non-cybersecurity experts. Another thing that should be highlighted is that the packaging of PUZZLE services as policy templates made them compatible with the ATracker infrastructure, requiring minor adaptations.
• The situational, cybersecurity awareness and collective intelligence awareness of the Suite5 personnel increased through the intuitive PUZZLE Dashboard and alerting features that provided an overview for easy tracking of cybersecurity incidents and threats. Furthermore, the access to Collective Threat Intelligence shared by other organisations participating in the PUZZLE Ledger raised the attention of personnel regarding incidents possibly relevant to the ATracker.

By experiencing no interruptions in normal operation for cybersecurity services deployment and update, and through the almost instant enforcement of mitigation actions upon identification of potential incidents, the ATracker has moved one step further towards achieving reliable 24/7 operational effectiveness and integrity and guaranteeing the safekeeping of the users’ data.

If you want to read all the details of the integration of the ATracker with the PUZZLE Framework, the use cases and the results of the demonstration in numbers, stay tuned for the upcoming PUZZLE deliverable D6.3 – Final Demonstrators Implementation Report!

Author: Suite5
Featured Photo by TheDigitalArtist on Pixabay.

Attributions:
Man icons created by Good Ware – Flaticon
Big data icons created by Vector Squad – Flaticon
Cube icons created by srip – Flaticon
Construction and tools icons created by Muhammad_Usman – Flaticon
Report icons created by Slameticon – Flaticon
Edge icons created by Ilham Fitrotul Hayat – Flaticon
Blockchain icons created by Good Ware – Flaticon
Summary icons created by anilofex – Flaticon
Marketplace icons created by alkhalifi design – Flaticon
Tips icons created by xnimrodx – Flaticon