3rd SIMU project meeting took place at project partner macmon secure
The third project status meeting took place in Berlin at the beginning of March in order to close the conceptional phase mutually and agree on the following development steps. Additionally, all project partners talked about the projects’ presentation to the public (e.g. exhibitions, PlugFest, TCG, project website) and about cooperations. The first interim report was written by all project partners in February and was handed in to the project carrier in time. Currently, the project concentrates on the final definition of user scenarios, the definition of SIEM added values and the development of generic scenarios to visualize functional processes. After the project meeting everyone will start working actively on the third work package (AP3) which includes SIEM system conception and development.
The work progress within the SIMU project proceeds on schedule. The second work package (AP2) “conception” will be completed in March in order to start preparing development assignments of the third work package (AP3). First international publication was accomplished in February at the RSA conference in San Francisco at which the interaction of several IF-MAP components based on open source software was presented. At the next RSA conference it is planned to present the SIMU prototype. Furthermore, the PlugFest of the Trusted Computing Group, which is held every six months, will take place at the beginning of April at Fraunhofer SIT in Darmstadt. There, the partners macmon secure, DECOIT and University Hannover will test their IF-MAP developments in connection to other implementations. During PlugFest all partners also take the chance to talk about their developments for SIMU.
During the project meeting several application scenarios were talked through and honed. From these a generic scenario shall derive which describes the processing of meta data and the new SIEM architecture. Several different SIEM modules (such as event correlation, Network Behaviour Anomaly Detection (NBAD), identity mapping) were presented and it was discussed how these can be implemented. Additionally, third party systems need to be considered including leaving the option of connecting them. The need to recognize identities of victim and offender is very important to note because only recognizing their IP and MAC addresses is insufficient. Because of the large amount of SIEM requirements not all of them can be realized within the scope of the SIMU project. All partners will only concentrate on fundamental areas.
Finally, the software development process was presented by DECOIT GmbH and all partners showed their first results of the third work package (AP3). Within this scope University Hannover presented its environment for simulation and demonstration “irondemo”, which will be used as online demonstration environment later on. That way consistent development as well as demonstration of project results is enabled in an easy way.