PANDORA: Cyber Defence Platform for Real-time Threat Hunting, Incident Response and Information Sharing

PANDORA: Cyber Defence Platform for Real-time Threat Hunting, Incident Response and Information Sharing

Started At:
2020-11-01
Title:
PANDORA: Cyber Defence Platform for Real-time Threat Hunting, Incident Response and Information Sharing
Program:
European Defence Industrial Development Programme (EDIDP)
Duration:
24 months
Summary:

As state-of-the-art ICT technologies are increasingly used in military units and command structures, the impact of cyber threats and potential incidents on the Member States’ defence capabilities -both at tactical and strategic level- is constantly growing. It is thus no wonder that EU has identified Enabling Capabilities for Cyber Responsive Operations as one of its eleven development priorities.

In this context, the PANDORA project aims at contributing to EU cyber defence capacity building, by designing and implementing an open technical solution for real-time threat hunting and incident response, focusing on endpoint protection, as well as information sharing. The PANDORA system will be able to promptly detect and classify known and unknown threats, enforce policies on-the-fly to counter these threats, and also exchange threat intelligence information with third parties, at both national and international level.

The technical solution developed in PANDORA will be integrated and assessed in a pre-operational environment against two relevant use cases: warship security and military sensor network security.

PANDORA will be fully aligned with the scope and objectives of the PESCO project entitled “Cyber Threats and Incident Response Information Sharing Platform (CTISP)”.

In specific, the technical solutions developed in PANDORA will:

•Collect information (metrics, traffic, indicators of compromise etc.) from endpoints and network elements;

•Detect and classify security incidents, both known (based on signatures and IoCs) and unknown (based on inferred anomalies and suspicious behaviours), also leveraging Machine Learning techniques;

•Suggest mitigation actions and policies – and enforce them automatically upon confirmation;

•Import and export incident information and threat intelligence to/from national and international information sharing platforms;

•Expose interfaces, both graphical and programmatic, with role-based access control, to support Security Operations and allow in-depth investigations in case of an incident;


Consortium:

  • SPACE HELLAS S.A. (Greece) – Coordinator
  • THALES HELLAS S.A. (Greece)
  • UBITECH LTD (Cyprus)
  • NAVAL GROUP SA (France)
  • GMVIS SKYSOFT SA (Portugal)
  • AUSTRIAN INSTITUTE OF TECHNOLOGY (Austria)
  • INFILI TECHNOLOGIES (Greece)
  • ORION INNOVATIONS (Greece)
  • GATEWATCHER (France)
  • HMEI (Hungary)
  • CTTC (Spain)
  • INEST TEC (Portugal)
  • CYBERSERVICES (Hungary)
  • NVISO BELGIUM BV (Belgium)
  • CINAMIL (Portugal)

Proud of our Partners

BT
Cisco
Dell Technologies
Microsoft
Oracle
Broadcom
Hyperscale
Airbus
APS
AXIS
BOSCH
Cellebrite
Check Point
Christie
Citrix
Crowd Strike
Epson
Forcepoint
Fortinet
FOX IT
Frequentis
Gamic
Genetec
HIKVISION
Honeywell
HP
HPE
HUAWEI
IBM
iCrypto
Indra
Legrand
Lenovo
LG
Microstep
Ivanti
NEC
NetApp
Novell
palo alto
Panduit
Peerless
Poly
PRIMX
RAD
Radware
Red Hat
Rittal
SΛMSUNG
Solarwinds
Splunk
Symantec
Synamedia
Thales
T Systems
Tufin
Vanguard
Veeam
Veritas
Web-IQ
Zetes
Zoom