PUZZLE will track the relationships among the cyber assets of each SME&ME, considering the available network, compute and storage infrastructure and use them to efficiently calculate individual, cumulative and propagated risks, as well as recommend and apply mitigation actions. The PUZZLE will support vulnerabilities and threats assessment in a collaborative manner based on the homogenization of data provided by the SMEs&MEs.
Data will be collected by resource handling and monitoring agents applied over Cloud/Edge Computing, IoT and network infrastructure. Such data will be enriched with data provided in relevant open repositories. SMEs&MEs data sharing will take place through blockchain-based technologies for secure data management. Based on the calculated risks and the provided graph topology, the application of resilient defensive strategies will be recommended, considering the type of infrastructure used by the SME&ME.
Concept and Approach
Automated defensive strategies deployment mechanisms are also going to be made available, reducing a lot the complexity and the burden for the deployment of the provided services by cybersecurity managers in SMEs&MEs. Special emphasis will be given on the usability and the rise of competitiveness of the PUZZLE Marketplace, by designing solutions that can be easily onboarded by external cybersecurity providers and can be seamlessly adopted by the end-users taking into account their preferences. The provided services will be made accessible through the SMEs&MEs Dashboard that will be developed.
PUZZLE is going to provide monitoring and visualisation tools, as well as a dashboard where information regarding the set of assets, vulnerabilities, identified threats and risks is going to be made available to end-users; mainly the people responsible for cybersecurity issues management within SMEs&MEs.
A specific interface is going to be made available for the declaration of the set of assets per enterprise for the correct calculation of possible cyber-risks related to the infrastructure and information/data security and management. For the latter, GDPR clauses and legislation will be inherently built into the services of the PUZZLE marketplace, as those will be amongst the starting point of the overall requirements specification.
PUZZLE comes up with a continuous risk assessment solution, calculating individual, cumulative and propagated risks based on the declared set of assets, the associated vulnerabilities and threats per SME&ME and the real-time data streams provided by a set of monitoring agents. The risk assessment process regards security, privacy and personal data protection risks and is made available in a straightforward and user-friendly way to end users through the PUZZLE dashboard. Secure exchange of data among SMEs&MEs associations and with CERTs/CSIRTs is supported, based on the exploitation of blockchainbased mechanisms, leading to increased awareness as well as the realisation of advanced analyses based on a wealth of collected cybersecurity data.