Kick-off-meeting at the University of Applied Sciences and Arts Hannover
The threat of cybercrime in Germany grows continuously. German medium-sized businesses are increasingly in focus of attackers. Especially small and medium-sized enterprises (SME) have not yet given adequate consideration to the increasing threat situation. Thereby, the trend towards the commercial use of smartphones, tablets und netbooks plays an important role. According to a survey by BITKOM over 40 percent of ICT-businesses allow their employees the use of private smartphones, netbooks, or tablet computers. In contrast, almost half of the businesses do not consider mobile end devises in their IT safety concepts at all. That is why the new BMBF research project SIMU was kicked off in October and for the following two years will seek after new SIEM based recognition systems for SME. Cooperating project partners are DECOIT GmbH (consortium manager), Fraunhofer SIT, University of Applied Sciences and Arts Hannover, NCP and macmon secure.
Security systems, such as firewalls, virus scanners, spam filters, VPN gateways are indeed used by SME but work typically isolated of each other. However, many attacks can only be identified by combining data of different systems. Even if an attack has been identified, the counteractions are often carried out too late and the attacker has already disrupted the operation of important systems or has attained sensitive information. Continuative and proactive monitoring of IT systems (clients, servers, components of networks, firewall etc.) as well as of processes and events in the network does usually not take place.
Large businesses and enterprises use so called "Security Information and Event Management" (SIEM) components for this surveillance. There, SIEM systems are meanwhile seen as an important component of company networks and IT infrastructure. SIEM systems allow to consolidate and to evaluate messages and alerts of individual components of an IT system. At the same time messages of specialized security systems (firewall-logs, VPN gateways etc.) can be taken into account. However, practice showed that these SIEM systems are extremely complex and only operable with large personnel effort. Many times SIEM systems are installed but neglected in continuing operation.
Main goal of the SIMU-project is the development of a system, similar to SIEM, which significantly improves IT security in a corporate network without making great effort. In addition to its simple integration into IT infrastructures of SME and its easy traceability of relevant events and processes in the network, it is to be realized without great effort of configuration, operation and maintenance. On the functional level SIMU works like SIEM systems which means it monitors processes and events within the corporate network and automatically initiates proactive real-time measures to improve security.
The kick-off-meeting took place on October 2nd at the University of Applied Sciences and Arts Hannover. Here the foundation for the first work package was laid with collaboration of the project carrier VDI-VDE-IT. Once again all results of the ESUKOM project (www.esukom.de) were presented, for the SIMU project will be based on it. The first step of the second work package will be the definition of user scenarios in order to depict practical examples and problems at SME in the form of scenarios. These scenarios will be collected and used in order to derive a generic scenario and core requirements of the SIMU projects. The second work package will be the base for SIMU architecture creation. During the discussion between partners all assignments were defined and distributed so that everyone can begin working out first steps directly.
As the SIMU project partners already are a well-coordinated team having worked together as ESUKOM partners, an efficient coordination is to be expected. Regular telephone conferences as well as continuous face-to-face-meetings will take place. Furthermore, the project can profit from the experience made during the EU-project MASSIV by Fraunhofer SIT that dealt with SIEM systems for three years.